SUSE-SU-2024:1509-1

Description

Security update for SUSE Manager Client Tools This update fixes the following issues: POS_Image-Graphical7 was updated to version 0.1.1710765237.46af599: - Version 0.1.1710765237.46af599 * Moved image services to dracut-saltboot package * Use salt bundle - Version 0.1.1645440615.7f1328c * Removed deprecated kiwi functions POS_Image-JeOS7 was updated to version 0.1.1710765237.46af599: - Version 0.1.1710765237.46af599 * Moved image services to dracut-saltboot package * Use salt bundle - Version 0.1.1645440615.7f1328c * Removed deprecated kiwi functions ansible received the following fixes: - Security issues fixed: * CVE-2023-5764: Address issues where internal templating can cause unsafe variables to lose their unsafe designation (bsc#1216854) + Breaking changes: assert - Nested templating may result in an inability for the conditional to be evaluated. See the porting guide for more information. * CVE-2024-0690: Address issue where ANSIBLE_NO_LOG was ignored (bsc#1219002) * CVE-2020-14365: Ensure that packages are GPG validated (bsc#1175993) * CVE-2020-10744: Fixed insecure temporary directory creation (bsc#1171823) * CVE-2018-10874: Fixed inventory variables loading from current working directory when running ad-hoc command that can lead to code execution (bsc#1099805) - Bugs fixed: * Don't Require python-coverage, it is needed only for testing (bsc#1177948) dracut-saltboot was updated to version 0.1.1710765237.46af599: - Version 0.1.1710765237.46af599 * Load only first available leaseinfo (bsc#1221092) - Version 0.1.1681904360.84ef141 grafana was updated to version 9.5.18: - Grafana now requires Go 1.20 - Security issues fixed: * CVE-2024-1313: Require same organisation when deleting snapshots (bsc#1222155) * CVE-2023-6152: Add email verification when updating user email (bsc#1219912) - Other non-security related changes: * Version 9.5.17: + [FEATURE] Alerting: Backport use Alertmanager API v2 * Version 9.5.16: + [BUGFIX] Annotations: Split cleanup into separate queries and deletes to avoid deadlocks on MySQL * Version 9.5.15: + [FEATURE] Alerting: Attempt to retry retryable errors * Version 9.5.14: + [BUGFIX] Alerting: Fix state manager to not keep datasource_uid and ref_id labels in state after Error + [BUGFIX] Transformations: Config overrides being lost when config from query transform is applied + [BUGFIX] LDAP: Fix enable users on successfull login * Version 9.5.13: + [BUGFIX] BrowseDashboards: Only remember the most recent expanded folder + [BUGFIX] Licensing: Pass func to update env variables when starting plugin * Version 9.5.12: + [FEATURE] Azure: Add support for Workload Identity authentication * Version 9.5.9: + [FEATURE] SSE: Fix DSNode to not panic when response has empty response + [FEATURE] Prometheus: Handle the response with different field key order + [BUGFIX] LDAP: Fix user disabling mgr-daemon was updated to version 4.3.9-0: - Version 4.3.9-0 * Update translation strings spacecmd was updated to version 4.3.27-0: - Version 4.3.27-0 * Update translation strings spacewalk-client-tools was updated to version 4.3.19-0: - Version 4.3.19-0 * Update translation strings spacewalk-koan was updated to version version 4.3.6-0: - Version 4.3.6-0 * Change Docker image location for test uyuni-common-libs was updated to version 4.3.10-0: - Version 4.3.10-0 * Add support for package signature type V4 RSA/SHA384 * Add support for package signature type V4 RSA/SHA512 (bsc#1221465) uyuni-proxy-systemd-services was updated to version 4.3.12-0: - Version 4.3.12-0 * Update to SUSE Manager 4.3.12

Affected Systems

• opensuse•ansible&distro=openSUSE Leap 15.5

  < 2.9.27-150000.1.17.2

• opensuse•dracut-saltboot&distro=openSUSE Leap 15.5

  < 0.1.1710765237.46af599-150000.1.53.2

• opensuse•golang-github-prometheus-promu&distro=openSUSE Leap 15.5

  < 0.14.0-150000.3.18.2

• opensuse•POS_Image-Graphical7&distro=openSUSE Leap 15.5

  < 0.1.1710765237.46af599-150000.1.21.2

• opensuse•POS_Image-JeOS7&distro=openSUSE Leap 15.5

  < 0.1.1710765237.46af599-150000.1.21.2

• opensuse•spacecmd&distro=openSUSE Leap 15.5

  < 4.3.27-150000.3.116.2

• suse•ansible&distro=SUSE Manager Client Tools 15

  < 2.9.27-150000.1.17.2

• suse•ansible&distro=SUSE Manager Proxy Module 4.3

  < 2.9.27-150000.1.17.2

• suse•dracut-saltboot&distro=SUSE Manager Client Tools 15

  < 0.1.1710765237.46af599-150000.1.53.2

• suse•dracut-saltboot&distro=SUSE Manager Client Tools for SLE Micro 5

  < 0.1.1710765237.46af599-150000.1.53.2

• suse•golang-github-prometheus-promu&distro=SUSE Linux Enterprise Module for Package Hub 15 SP5

  < 0.14.0-150000.3.18.2

• suse•grafana&distro=SUSE Manager Client Tools 15

  < 9.5.18-150000.1.63.2

• suse•mgr-daemon&distro=SUSE Manager Client Tools 15

  < 4.3.9-150000.1.47.2

• suse•POS_Image-Graphical7&distro=SUSE Manager Client Tools 15

  < 0.1.1710765237.46af599-150000.1.21.2

• suse•POS_Image-JeOS7&distro=SUSE Manager Client Tools 15

  < 0.1.1710765237.46af599-150000.1.21.2

• suse•spacecmd&distro=SUSE Manager Client Tools 15

  < 4.3.27-150000.3.116.2

• suse•spacewalk-client-tools&distro=SUSE Manager Client Tools 15

  < 4.3.19-150000.3.89.2

• suse•spacewalk-koan&distro=SUSE Manager Client Tools 15

  < 4.3.6-150000.3.33.2

• suse•uyuni-common-libs&distro=SUSE Manager Client Tools 15

  < 4.3.10-150000.1.39.2

• suse•uyuni-proxy-systemd-services&distro=SUSE Manager Client Tools 15

  < 4.3.12-150000.1.21.2

• suse•uyuni-proxy-systemd-services&distro=SUSE Manager Client Tools for SLE Micro 5

  < 4.3.12-150000.1.21.2

• suse•uyuni-proxy-systemd-services&distro=SUSE Manager Proxy Module 4.3

  < 4.3.12-150000.1.21.2

References (35)

• https://www.suse.com/support/update/announcement/2024/suse-su-20241509-1/
• https://bugzilla.suse.com/1008037
• https://bugzilla.suse.com/1008038
• https://bugzilla.suse.com/1010940
• https://bugzilla.suse.com/1019021
• https://bugzilla.suse.com/1038785
• https://bugzilla.suse.com/1059235
• https://bugzilla.suse.com/1099805
• https://bugzilla.suse.com/1166389
• https://bugzilla.suse.com/1171823
• https://bugzilla.suse.com/1174145
• https://bugzilla.suse.com/1174302
• https://bugzilla.suse.com/1175993
• https://bugzilla.suse.com/1177948
• https://bugzilla.suse.com/1216854
• https://bugzilla.suse.com/1219002
• https://bugzilla.suse.com/1219912
• https://bugzilla.suse.com/1221092
• https://bugzilla.suse.com/1221465
• https://bugzilla.suse.com/1222155
• https://www.suse.com/security/cve/CVE-2016-8614
• https://www.suse.com/security/cve/CVE-2016-8628
• https://www.suse.com/security/cve/CVE-2016-8647
• https://www.suse.com/security/cve/CVE-2016-9587
• https://www.suse.com/security/cve/CVE-2017-7550
• https://www.suse.com/security/cve/CVE-2018-10874
• https://www.suse.com/security/cve/CVE-2020-10744
• https://www.suse.com/security/cve/CVE-2020-14330
• https://www.suse.com/security/cve/CVE-2020-14332
• https://www.suse.com/security/cve/CVE-2020-14365
• https://www.suse.com/security/cve/CVE-2020-1753
• https://www.suse.com/security/cve/CVE-2023-5764
• https://www.suse.com/security/cve/CVE-2023-6152
• https://www.suse.com/security/cve/CVE-2024-0690
• https://www.suse.com/security/cve/CVE-2024-1313