SUSE-SU-2022:3747-1

Source
https://www.suse.com/support/update/announcement/2022/suse-su-20223747-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:3747-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2022:3747-1
Related
Published
2022-10-26T08:40:53Z
Modified
2022-10-26T08:40:53Z
Summary
Security update for SUSE Manager Client Tools
Details

This update fixes the following issues:

golang-github-lusitaniae-apache_exporter:

  • Update to upstream release 0.11.0 (jsc#SLE-24791)
    • Add TLS support
    • Switch to logger, please check --log.level and --log.format flags
  • Update to version 0.10.1
    • Bugfix: Reset ProxyBalancer metrics on each scrape to remove stale data
  • Update to version 0.10.0
    • Add Apache Proxy and other metrics
  • Update to version 0.8.0
    • Change commandline flags
    • Add metrics: Apache version, request duration total
  • Adapted to build on Enterprise Linux 8
  • Require building with Go 1.15
  • Add %license macro for LICENSE file

golang-github-prometheus-alertmanager:

  • Do not include sources (bsc#1200725)

golang-github-prometheus-node_exporter:

  • CVE-2022-21698: Denial of service using InstrumentHandlerCounter. (bsc#1196338, jsc#SLE-24243, jsc#SUMA-114)

grafana:

  • Update to version 8.3.10
    • Security:
      • CVE-2022-31097: Cross Site Scripting vulnerability in the Unified Alerting (bsc#1201535)
      • CVE-2022-31107: OAuth account takeover vulnerability (bsc#1201539)
  • Update to version 8.3.9
    • Bug fixes:
      • Geomap: Display legend
      • Prometheus: Fix timestamp truncation
  • Update to version 8.3.7
    • Bug fix:
      • Provisioning: Ensure that the default value for orgID is set when provisioning datasources to be deleted.
  • Update to version 8.3.6
    • Features and enhancements:
      • Cloud Monitoring: Reduce request size when listing labels.
      • Explore: Show scalar data result in a table instead of graph.
      • Snapshots: Updates the default external snapshot server URL.
      • Table: Makes footer not overlap table content.
      • Tempo: Add request histogram to service graph datalink.
      • Tempo: Add time range to tempo search query behind a feature flag.
      • Tempo: Auto-clear results when changing query type.
      • Tempo: Display start time in search results as relative time.
      • CloudMonitoring: Fix resource labels in query editor.
      • Cursor sync: Apply the settings without saving the dashboard.
      • LibraryPanels: Fix for Error while cleaning library panels.
      • Logs Panel: Fix timestamp parsing for string dates without timezone.
      • Prometheus: Fix some of the alerting queries that use reduce/math operation.
      • TablePanel: Fix ad-hoc variables not working on default datasources.
      • Text Panel: Fix alignment of elements.
      • Variables: Fix for constant variables in self referencing links.
  • Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422, jsc#SLE-24565)

kiwi-desc-saltboot:

  • Update to version 0.1.1661440542.6cbe0da
    • Use standard susemanager.conf
    • Use salt bundle
    • Add support fo VirtIO disks

mgr-daemon:

  • Version 4.3.6-1
    • Update translation strings

spacecmd:

  • Version 4.3.15-1
    • Process date values in spacecmd api calls (bsc#1198903)

spacewalk-client-tools:

  • Version 4.3.12-1
    • Update translation strings

uyuni-common-libs:

  • Version 4.3.6-1
    • Do not allow creating path if nonexistent user or group in fileutils.
References

Affected packages

SUSE:OpenStack Cloud 9 / golang-github-prometheus-node_exporter

Package

Name
golang-github-prometheus-node_exporter
Purl
pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20OpenStack%20Cloud%209

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.0-1.21.1

Ecosystem specific

{
    "binaries": [
        {
            "golang-github-prometheus-node_exporter": "1.3.0-1.21.1"
        }
    ]
}

SUSE:OpenStack Cloud Crowbar 9 / golang-github-prometheus-node_exporter

Package

Name
golang-github-prometheus-node_exporter
Purl
pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.0-1.21.1

Ecosystem specific

{
    "binaries": [
        {
            "golang-github-prometheus-node_exporter": "1.3.0-1.21.1"
        }
    ]
}

SUSE:Manager Client Tools 12 / golang-github-lusitaniae-apache_exporter

Package

Name
golang-github-lusitaniae-apache_exporter
Purl
pkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Client%20Tools%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.11.0-1.13.1

Ecosystem specific

{
    "binaries": [
        {
            "python2-spacewalk-client-tools": "4.3.12-52.77.1",
            "golang-github-lusitaniae-apache_exporter": "0.11.0-1.13.1",
            "spacewalk-check": "4.3.12-52.77.1",
            "golang-github-prometheus-alertmanager": "0.23.0-1.15.2",
            "python2-uyuni-common-libs": "4.3.6-1.27.1",
            "python2-spacewalk-client-setup": "4.3.12-52.77.1",
            "golang-github-prometheus-node_exporter": "1.3.0-1.21.1",
            "kiwi-desc-saltboot": "0.1.1661440542.6cbe0da-1.29.1",
            "spacewalk-client-setup": "4.3.12-52.77.1",
            "mgr-daemon": "4.3.6-1.38.1",
            "spacewalk-client-tools": "4.3.12-52.77.1",
            "python2-spacewalk-check": "4.3.12-52.77.1",
            "spacecmd": "4.3.15-38.109.1",
            "grafana": "8.3.10-1.33.2"
        }
    ]
}

SUSE:Manager Client Tools 12 / golang-github-prometheus-alertmanager

Package

Name
golang-github-prometheus-alertmanager
Purl
pkg:rpm/suse/golang-github-prometheus-alertmanager&distro=SUSE%20Manager%20Client%20Tools%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.0-1.15.2

Ecosystem specific

{
    "binaries": [
        {
            "python2-spacewalk-client-tools": "4.3.12-52.77.1",
            "golang-github-lusitaniae-apache_exporter": "0.11.0-1.13.1",
            "spacewalk-check": "4.3.12-52.77.1",
            "golang-github-prometheus-alertmanager": "0.23.0-1.15.2",
            "python2-uyuni-common-libs": "4.3.6-1.27.1",
            "python2-spacewalk-client-setup": "4.3.12-52.77.1",
            "golang-github-prometheus-node_exporter": "1.3.0-1.21.1",
            "kiwi-desc-saltboot": "0.1.1661440542.6cbe0da-1.29.1",
            "spacewalk-client-setup": "4.3.12-52.77.1",
            "mgr-daemon": "4.3.6-1.38.1",
            "spacewalk-client-tools": "4.3.12-52.77.1",
            "python2-spacewalk-check": "4.3.12-52.77.1",
            "spacecmd": "4.3.15-38.109.1",
            "grafana": "8.3.10-1.33.2"
        }
    ]
}

SUSE:Manager Client Tools 12 / golang-github-prometheus-node_exporter

Package

Name
golang-github-prometheus-node_exporter
Purl
pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Manager%20Client%20Tools%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.0-1.21.1

Ecosystem specific

{
    "binaries": [
        {
            "python2-spacewalk-client-tools": "4.3.12-52.77.1",
            "golang-github-lusitaniae-apache_exporter": "0.11.0-1.13.1",
            "spacewalk-check": "4.3.12-52.77.1",
            "golang-github-prometheus-alertmanager": "0.23.0-1.15.2",
            "python2-uyuni-common-libs": "4.3.6-1.27.1",
            "python2-spacewalk-client-setup": "4.3.12-52.77.1",
            "golang-github-prometheus-node_exporter": "1.3.0-1.21.1",
            "kiwi-desc-saltboot": "0.1.1661440542.6cbe0da-1.29.1",
            "spacewalk-client-setup": "4.3.12-52.77.1",
            "mgr-daemon": "4.3.6-1.38.1",
            "spacewalk-client-tools": "4.3.12-52.77.1",
            "python2-spacewalk-check": "4.3.12-52.77.1",
            "spacecmd": "4.3.15-38.109.1",
            "grafana": "8.3.10-1.33.2"
        }
    ]
}

SUSE:Manager Client Tools 12 / grafana

Package

Name
grafana
Purl
pkg:rpm/suse/grafana&distro=SUSE%20Manager%20Client%20Tools%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.3.10-1.33.2

Ecosystem specific

{
    "binaries": [
        {
            "python2-spacewalk-client-tools": "4.3.12-52.77.1",
            "golang-github-lusitaniae-apache_exporter": "0.11.0-1.13.1",
            "spacewalk-check": "4.3.12-52.77.1",
            "golang-github-prometheus-alertmanager": "0.23.0-1.15.2",
            "python2-uyuni-common-libs": "4.3.6-1.27.1",
            "python2-spacewalk-client-setup": "4.3.12-52.77.1",
            "golang-github-prometheus-node_exporter": "1.3.0-1.21.1",
            "kiwi-desc-saltboot": "0.1.1661440542.6cbe0da-1.29.1",
            "spacewalk-client-setup": "4.3.12-52.77.1",
            "mgr-daemon": "4.3.6-1.38.1",
            "spacewalk-client-tools": "4.3.12-52.77.1",
            "python2-spacewalk-check": "4.3.12-52.77.1",
            "spacecmd": "4.3.15-38.109.1",
            "grafana": "8.3.10-1.33.2"
        }
    ]
}

SUSE:Manager Client Tools 12 / kiwi-desc-saltboot

Package

Name
kiwi-desc-saltboot
Purl
pkg:rpm/suse/kiwi-desc-saltboot&distro=SUSE%20Manager%20Client%20Tools%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.1.1661440542.6cbe0da-1.29.1

Ecosystem specific

{
    "binaries": [
        {
            "python2-spacewalk-client-tools": "4.3.12-52.77.1",
            "golang-github-lusitaniae-apache_exporter": "0.11.0-1.13.1",
            "spacewalk-check": "4.3.12-52.77.1",
            "golang-github-prometheus-alertmanager": "0.23.0-1.15.2",
            "python2-uyuni-common-libs": "4.3.6-1.27.1",
            "python2-spacewalk-client-setup": "4.3.12-52.77.1",
            "golang-github-prometheus-node_exporter": "1.3.0-1.21.1",
            "kiwi-desc-saltboot": "0.1.1661440542.6cbe0da-1.29.1",
            "spacewalk-client-setup": "4.3.12-52.77.1",
            "mgr-daemon": "4.3.6-1.38.1",
            "spacewalk-client-tools": "4.3.12-52.77.1",
            "python2-spacewalk-check": "4.3.12-52.77.1",
            "spacecmd": "4.3.15-38.109.1",
            "grafana": "8.3.10-1.33.2"
        }
    ]
}

SUSE:Manager Client Tools 12 / mgr-daemon

Package

Name
mgr-daemon
Purl
pkg:rpm/suse/mgr-daemon&distro=SUSE%20Manager%20Client%20Tools%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.6-1.38.1

Ecosystem specific

{
    "binaries": [
        {
            "python2-spacewalk-client-tools": "4.3.12-52.77.1",
            "golang-github-lusitaniae-apache_exporter": "0.11.0-1.13.1",
            "spacewalk-check": "4.3.12-52.77.1",
            "golang-github-prometheus-alertmanager": "0.23.0-1.15.2",
            "python2-uyuni-common-libs": "4.3.6-1.27.1",
            "python2-spacewalk-client-setup": "4.3.12-52.77.1",
            "golang-github-prometheus-node_exporter": "1.3.0-1.21.1",
            "kiwi-desc-saltboot": "0.1.1661440542.6cbe0da-1.29.1",
            "spacewalk-client-setup": "4.3.12-52.77.1",
            "mgr-daemon": "4.3.6-1.38.1",
            "spacewalk-client-tools": "4.3.12-52.77.1",
            "python2-spacewalk-check": "4.3.12-52.77.1",
            "spacecmd": "4.3.15-38.109.1",
            "grafana": "8.3.10-1.33.2"
        }
    ]
}

SUSE:Manager Client Tools 12 / spacecmd

Package

Name
spacecmd
Purl
pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.15-38.109.1

Ecosystem specific

{
    "binaries": [
        {
            "python2-spacewalk-client-tools": "4.3.12-52.77.1",
            "golang-github-lusitaniae-apache_exporter": "0.11.0-1.13.1",
            "spacewalk-check": "4.3.12-52.77.1",
            "golang-github-prometheus-alertmanager": "0.23.0-1.15.2",
            "python2-uyuni-common-libs": "4.3.6-1.27.1",
            "python2-spacewalk-client-setup": "4.3.12-52.77.1",
            "golang-github-prometheus-node_exporter": "1.3.0-1.21.1",
            "kiwi-desc-saltboot": "0.1.1661440542.6cbe0da-1.29.1",
            "spacewalk-client-setup": "4.3.12-52.77.1",
            "mgr-daemon": "4.3.6-1.38.1",
            "spacewalk-client-tools": "4.3.12-52.77.1",
            "python2-spacewalk-check": "4.3.12-52.77.1",
            "spacecmd": "4.3.15-38.109.1",
            "grafana": "8.3.10-1.33.2"
        }
    ]
}

SUSE:Manager Client Tools 12 / spacewalk-client-tools

Package

Name
spacewalk-client-tools
Purl
pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Client%20Tools%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.12-52.77.1

Ecosystem specific

{
    "binaries": [
        {
            "python2-spacewalk-client-tools": "4.3.12-52.77.1",
            "golang-github-lusitaniae-apache_exporter": "0.11.0-1.13.1",
            "spacewalk-check": "4.3.12-52.77.1",
            "golang-github-prometheus-alertmanager": "0.23.0-1.15.2",
            "python2-uyuni-common-libs": "4.3.6-1.27.1",
            "python2-spacewalk-client-setup": "4.3.12-52.77.1",
            "golang-github-prometheus-node_exporter": "1.3.0-1.21.1",
            "kiwi-desc-saltboot": "0.1.1661440542.6cbe0da-1.29.1",
            "spacewalk-client-setup": "4.3.12-52.77.1",
            "mgr-daemon": "4.3.6-1.38.1",
            "spacewalk-client-tools": "4.3.12-52.77.1",
            "python2-spacewalk-check": "4.3.12-52.77.1",
            "spacecmd": "4.3.15-38.109.1",
            "grafana": "8.3.10-1.33.2"
        }
    ]
}

SUSE:Manager Client Tools 12 / uyuni-common-libs

Package

Name
uyuni-common-libs
Purl
pkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Client%20Tools%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.6-1.27.1

Ecosystem specific

{
    "binaries": [
        {
            "python2-spacewalk-client-tools": "4.3.12-52.77.1",
            "golang-github-lusitaniae-apache_exporter": "0.11.0-1.13.1",
            "spacewalk-check": "4.3.12-52.77.1",
            "golang-github-prometheus-alertmanager": "0.23.0-1.15.2",
            "python2-uyuni-common-libs": "4.3.6-1.27.1",
            "python2-spacewalk-client-setup": "4.3.12-52.77.1",
            "golang-github-prometheus-node_exporter": "1.3.0-1.21.1",
            "kiwi-desc-saltboot": "0.1.1661440542.6cbe0da-1.29.1",
            "spacewalk-client-setup": "4.3.12-52.77.1",
            "mgr-daemon": "4.3.6-1.38.1",
            "spacewalk-client-tools": "4.3.12-52.77.1",
            "python2-spacewalk-check": "4.3.12-52.77.1",
            "spacecmd": "4.3.15-38.109.1",
            "grafana": "8.3.10-1.33.2"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP4 / golang-github-prometheus-node_exporter

Package

Name
golang-github-prometheus-node_exporter
Purl
pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.0-1.21.1

Ecosystem specific

{
    "binaries": [
        {
            "golang-github-prometheus-node_exporter": "1.3.0-1.21.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP3-BCL / golang-github-prometheus-node_exporter

Package

Name
golang-github-prometheus-node_exporter
Purl
pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.0-1.21.1

Ecosystem specific

{
    "binaries": [
        {
            "golang-github-prometheus-node_exporter": "1.3.0-1.21.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP4-LTSS / golang-github-prometheus-node_exporter

Package

Name
golang-github-prometheus-node_exporter
Purl
pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.0-1.21.1

Ecosystem specific

{
    "binaries": [
        {
            "golang-github-prometheus-node_exporter": "1.3.0-1.21.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / golang-github-prometheus-node_exporter

Package

Name
golang-github-prometheus-node_exporter
Purl
pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.0-1.21.1

Ecosystem specific

{
    "binaries": [
        {
            "golang-github-prometheus-node_exporter": "1.3.0-1.21.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / golang-github-prometheus-node_exporter

Package

Name
golang-github-prometheus-node_exporter
Purl
pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.0-1.21.1

Ecosystem specific

{
    "binaries": [
        {
            "golang-github-prometheus-node_exporter": "1.3.0-1.21.1"
        }
    ]
}