SUSE-SU-2022:3751-1

Source
https://www.suse.com/support/update/announcement/2022/suse-su-20223751-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:3751-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2022:3751-1
Related
Published
2022-10-26T08:48:09Z
Modified
2022-10-26T08:48:09Z
Summary
Security update for SUSE Manager Client Tools
Details

This update fixes the following issues:

dracut-saltboot:

  • Update to version 0.1.1661440542.6cbe0da
    • Use standard susemanager.conf
    • Move image services to dracut-saltboot package
    • Use salt bundle

golang-github-lusitaniae-apache_exporter:

  • Update to upstream release 0.11.0 (jsc#SLE-24791)
    • Add TLS support
    • Switch to logger, please check --log.level and --log.format flags
  • Update to version 0.10.1
    • Bugfix: Reset ProxyBalancer metrics on each scrape to remove stale data
  • Update to version 0.10.0
    • Add Apache Proxy and other metrics
  • Update to version 0.8.0
    • Change commandline flags
    • Add metrics: Apache version, request duration total
  • Adapted to build on Enterprise Linux 8
  • Require building with Go 1.15
  • Add %license macro for LICENSE file

grafana:

  • Update to version 8.3.10
    • Security:
      • CVE-2022-31097: Cross Site Scripting vulnerability in the Unified Alerting (bsc#1201535)
      • CVE-2022-31107: Fixes OAuth account takeover vulnerability (bsc#1201539)
  • Update to version 8.3.9
    • Bug fixes:
      • Geomap: Display legend
      • Prometheus: Fix timestamp truncation
  • Update to version 8.3.7
    • Bug fix:
      • Provisioning: Ensure that the default value for orgID is set when provisioning datasources to be deleted.
  • Update to version 8.3.6
    • Features and enhancements:
      • Cloud Monitoring: Reduce request size when listing labels.
      • Explore: Show scalar data result in a table instead of graph.
      • Snapshots: Updates the default external snapshot server URL.
      • Table: Makes footer not overlap table content.
      • Tempo: Add request histogram to service graph datalink.
      • Tempo: Add time range to tempo search query behind a feature flag.
      • Tempo: Auto-clear results when changing query type.
      • Tempo: Display start time in search results as relative time.
      • CloudMonitoring: Fix resource labels in query editor.
      • Cursor sync: Apply the settings without saving the dashboard.
      • LibraryPanels: Fix for Error while cleaning library panels.
      • Logs Panel: Fix timestamp parsing for string dates without timezone.
      • Prometheus: Fix some of the alerting queries that use reduce/math operation.
      • TablePanel: Fix ad-hoc variables not working on default datasources.
      • Text Panel: Fix alignment of elements.
      • Variables: Fix for constant variables in self referencing links.
  • Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422, jsc#SLE-24565)

mgr-daemon:

  • Version 4.3.6-1
    • Update translation strings

spacecmd:

  • Version 4.3.15-1
    • Process date values in spacecmd api calls (bsc#1198903)

spacewalk-client-tools:

  • Version 4.3.12-1
    • Update translation strings

uyuni-common-libs:

  • Version 4.3.6-1
    • Do not allow creating path if nonexistent user or group in fileutils.
References

Affected packages

SUSE:Manager Tools 15 / dracut-saltboot

Package

Name
dracut-saltboot
Purl
purl:rpm/suse/dracut-saltboot&distro=SUSE%20Manager%20Tools%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.1.1661440542.6cbe0da-150000.1.38.1

Ecosystem specific

{
    "binaries": [
        {
            "python3-spacewalk-check": "4.3.12-150000.3.68.2",
            "dracut-saltboot": "0.1.1661440542.6cbe0da-150000.1.38.1",
            "spacewalk-client-setup": "4.3.12-150000.3.68.2",
            "mgr-daemon": "4.3.6-150000.1.38.1",
            "golang-github-lusitaniae-apache_exporter": "0.11.0-150000.1.12.1",
            "spacewalk-check": "4.3.12-150000.3.68.2",
            "python3-spacewalk-client-setup": "4.3.12-150000.3.68.2",
            "python3-uyuni-common-libs": "4.3.6-150000.1.27.2",
            "python3-spacewalk-client-tools": "4.3.12-150000.3.68.2",
            "spacewalk-client-tools": "4.3.12-150000.3.68.2",
            "spacecmd": "4.3.15-150000.3.86.1",
            "grafana": "8.3.10-150000.1.33.1"
        }
    ]
}

SUSE:Manager Tools 15 / golang-github-lusitaniae-apache_exporter

Package

Name
golang-github-lusitaniae-apache_exporter
Purl
purl:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Tools%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.11.0-150000.1.12.1

Ecosystem specific

{
    "binaries": [
        {
            "python3-spacewalk-check": "4.3.12-150000.3.68.2",
            "dracut-saltboot": "0.1.1661440542.6cbe0da-150000.1.38.1",
            "spacewalk-client-setup": "4.3.12-150000.3.68.2",
            "mgr-daemon": "4.3.6-150000.1.38.1",
            "golang-github-lusitaniae-apache_exporter": "0.11.0-150000.1.12.1",
            "spacewalk-check": "4.3.12-150000.3.68.2",
            "python3-spacewalk-client-setup": "4.3.12-150000.3.68.2",
            "python3-uyuni-common-libs": "4.3.6-150000.1.27.2",
            "python3-spacewalk-client-tools": "4.3.12-150000.3.68.2",
            "spacewalk-client-tools": "4.3.12-150000.3.68.2",
            "spacecmd": "4.3.15-150000.3.86.1",
            "grafana": "8.3.10-150000.1.33.1"
        }
    ]
}

SUSE:Manager Tools 15 / grafana

Package

Name
grafana
Purl
purl:rpm/suse/grafana&distro=SUSE%20Manager%20Tools%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.3.10-150000.1.33.1

Ecosystem specific

{
    "binaries": [
        {
            "python3-spacewalk-check": "4.3.12-150000.3.68.2",
            "dracut-saltboot": "0.1.1661440542.6cbe0da-150000.1.38.1",
            "spacewalk-client-setup": "4.3.12-150000.3.68.2",
            "mgr-daemon": "4.3.6-150000.1.38.1",
            "golang-github-lusitaniae-apache_exporter": "0.11.0-150000.1.12.1",
            "spacewalk-check": "4.3.12-150000.3.68.2",
            "python3-spacewalk-client-setup": "4.3.12-150000.3.68.2",
            "python3-uyuni-common-libs": "4.3.6-150000.1.27.2",
            "python3-spacewalk-client-tools": "4.3.12-150000.3.68.2",
            "spacewalk-client-tools": "4.3.12-150000.3.68.2",
            "spacecmd": "4.3.15-150000.3.86.1",
            "grafana": "8.3.10-150000.1.33.1"
        }
    ]
}

SUSE:Manager Tools 15 / mgr-daemon

Package

Name
mgr-daemon
Purl
purl:rpm/suse/mgr-daemon&distro=SUSE%20Manager%20Tools%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.6-150000.1.38.1

Ecosystem specific

{
    "binaries": [
        {
            "python3-spacewalk-check": "4.3.12-150000.3.68.2",
            "dracut-saltboot": "0.1.1661440542.6cbe0da-150000.1.38.1",
            "spacewalk-client-setup": "4.3.12-150000.3.68.2",
            "mgr-daemon": "4.3.6-150000.1.38.1",
            "golang-github-lusitaniae-apache_exporter": "0.11.0-150000.1.12.1",
            "spacewalk-check": "4.3.12-150000.3.68.2",
            "python3-spacewalk-client-setup": "4.3.12-150000.3.68.2",
            "python3-uyuni-common-libs": "4.3.6-150000.1.27.2",
            "python3-spacewalk-client-tools": "4.3.12-150000.3.68.2",
            "spacewalk-client-tools": "4.3.12-150000.3.68.2",
            "spacecmd": "4.3.15-150000.3.86.1",
            "grafana": "8.3.10-150000.1.33.1"
        }
    ]
}

SUSE:Manager Tools 15 / spacecmd

Package

Name
spacecmd
Purl
purl:rpm/suse/spacecmd&distro=SUSE%20Manager%20Tools%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.15-150000.3.86.1

Ecosystem specific

{
    "binaries": [
        {
            "python3-spacewalk-check": "4.3.12-150000.3.68.2",
            "dracut-saltboot": "0.1.1661440542.6cbe0da-150000.1.38.1",
            "spacewalk-client-setup": "4.3.12-150000.3.68.2",
            "mgr-daemon": "4.3.6-150000.1.38.1",
            "golang-github-lusitaniae-apache_exporter": "0.11.0-150000.1.12.1",
            "spacewalk-check": "4.3.12-150000.3.68.2",
            "python3-spacewalk-client-setup": "4.3.12-150000.3.68.2",
            "python3-uyuni-common-libs": "4.3.6-150000.1.27.2",
            "python3-spacewalk-client-tools": "4.3.12-150000.3.68.2",
            "spacewalk-client-tools": "4.3.12-150000.3.68.2",
            "spacecmd": "4.3.15-150000.3.86.1",
            "grafana": "8.3.10-150000.1.33.1"
        }
    ]
}

SUSE:Manager Tools 15 / spacewalk-client-tools

Package

Name
spacewalk-client-tools
Purl
purl:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Tools%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.12-150000.3.68.2

Ecosystem specific

{
    "binaries": [
        {
            "python3-spacewalk-check": "4.3.12-150000.3.68.2",
            "dracut-saltboot": "0.1.1661440542.6cbe0da-150000.1.38.1",
            "spacewalk-client-setup": "4.3.12-150000.3.68.2",
            "mgr-daemon": "4.3.6-150000.1.38.1",
            "golang-github-lusitaniae-apache_exporter": "0.11.0-150000.1.12.1",
            "spacewalk-check": "4.3.12-150000.3.68.2",
            "python3-spacewalk-client-setup": "4.3.12-150000.3.68.2",
            "python3-uyuni-common-libs": "4.3.6-150000.1.27.2",
            "python3-spacewalk-client-tools": "4.3.12-150000.3.68.2",
            "spacewalk-client-tools": "4.3.12-150000.3.68.2",
            "spacecmd": "4.3.15-150000.3.86.1",
            "grafana": "8.3.10-150000.1.33.1"
        }
    ]
}

SUSE:Manager Tools 15 / uyuni-common-libs

Package

Name
uyuni-common-libs
Purl
purl:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Tools%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.6-150000.1.27.2

Ecosystem specific

{
    "binaries": [
        {
            "python3-spacewalk-check": "4.3.12-150000.3.68.2",
            "dracut-saltboot": "0.1.1661440542.6cbe0da-150000.1.38.1",
            "spacewalk-client-setup": "4.3.12-150000.3.68.2",
            "mgr-daemon": "4.3.6-150000.1.38.1",
            "golang-github-lusitaniae-apache_exporter": "0.11.0-150000.1.12.1",
            "spacewalk-check": "4.3.12-150000.3.68.2",
            "python3-spacewalk-client-setup": "4.3.12-150000.3.68.2",
            "python3-uyuni-common-libs": "4.3.6-150000.1.27.2",
            "python3-spacewalk-client-tools": "4.3.12-150000.3.68.2",
            "spacewalk-client-tools": "4.3.12-150000.3.68.2",
            "spacecmd": "4.3.15-150000.3.86.1",
            "grafana": "8.3.10-150000.1.33.1"
        }
    ]
}

SUSE:Manager Proxy Module 4.2 / golang-github-lusitaniae-apache_exporter

Package

Name
golang-github-lusitaniae-apache_exporter
Purl
purl:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Proxy%20Module%204.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.11.0-150000.1.12.1

Ecosystem specific

{
    "binaries": [
        {
            "golang-github-lusitaniae-apache_exporter": "0.11.0-150000.1.12.1"
        }
    ]
}

SUSE:Manager Proxy Module 4.3 / golang-github-lusitaniae-apache_exporter

Package

Name
golang-github-lusitaniae-apache_exporter
Purl
purl:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Proxy%20Module%204.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.11.0-150000.1.12.1

Ecosystem specific

{
    "binaries": [
        {
            "golang-github-lusitaniae-apache_exporter": "0.11.0-150000.1.12.1"
        }
    ]
}

SUSE:Manager Server Module 4.2 / golang-github-lusitaniae-apache_exporter

Package

Name
golang-github-lusitaniae-apache_exporter
Purl
purl:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Server%20Module%204.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.11.0-150000.1.12.1

Ecosystem specific

{
    "binaries": [
        {
            "golang-github-lusitaniae-apache_exporter": "0.11.0-150000.1.12.1"
        }
    ]
}

SUSE:Manager Server Module 4.3 / golang-github-lusitaniae-apache_exporter

Package

Name
golang-github-lusitaniae-apache_exporter
Purl
purl:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Server%20Module%204.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.11.0-150000.1.12.1

Ecosystem specific

{
    "binaries": [
        {
            "golang-github-lusitaniae-apache_exporter": "0.11.0-150000.1.12.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15-ESPOS / golang-github-prometheus-node_exporter

Package

Name
golang-github-prometheus-node_exporter
Purl
purl:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.0-150000.3.18.1

Ecosystem specific

{
    "binaries": [
        {
            "golang-github-prometheus-node_exporter": "1.3.0-150000.3.18.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15-LTSS / golang-github-prometheus-node_exporter

Package

Name
golang-github-prometheus-node_exporter
Purl
purl:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.0-150000.3.18.1

Ecosystem specific

{
    "binaries": [
        {
            "golang-github-prometheus-node_exporter": "1.3.0-150000.3.18.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15-LTSS / golang-github-prometheus-node_exporter

Package

Name
golang-github-prometheus-node_exporter
Purl
purl:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.0-150000.3.18.1

Ecosystem specific

{
    "binaries": [
        {
            "golang-github-prometheus-node_exporter": "1.3.0-150000.3.18.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 / golang-github-prometheus-node_exporter

Package

Name
golang-github-prometheus-node_exporter
Purl
purl:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.0-150000.3.18.1

Ecosystem specific

{
    "binaries": [
        {
            "golang-github-prometheus-node_exporter": "1.3.0-150000.3.18.1"
        }
    ]
}

openSUSE:Leap 15.3 / dracut-saltboot

Package

Name
dracut-saltboot
Purl
purl:rpm/suse/dracut-saltboot&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.1.1661440542.6cbe0da-150000.1.38.1

Ecosystem specific

{
    "binaries": [
        {
            "dracut-saltboot": "0.1.1661440542.6cbe0da-150000.1.38.1",
            "golang-github-lusitaniae-apache_exporter": "0.11.0-150000.1.12.1",
            "spacecmd": "4.3.15-150000.3.86.1"
        }
    ]
}

openSUSE:Leap 15.3 / golang-github-lusitaniae-apache_exporter

Package

Name
golang-github-lusitaniae-apache_exporter
Purl
purl:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.11.0-150000.1.12.1

Ecosystem specific

{
    "binaries": [
        {
            "dracut-saltboot": "0.1.1661440542.6cbe0da-150000.1.38.1",
            "golang-github-lusitaniae-apache_exporter": "0.11.0-150000.1.12.1",
            "spacecmd": "4.3.15-150000.3.86.1"
        }
    ]
}

openSUSE:Leap 15.3 / spacecmd

Package

Name
spacecmd
Purl
purl:rpm/suse/spacecmd&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.15-150000.3.86.1

Ecosystem specific

{
    "binaries": [
        {
            "dracut-saltboot": "0.1.1661440542.6cbe0da-150000.1.38.1",
            "golang-github-lusitaniae-apache_exporter": "0.11.0-150000.1.12.1",
            "spacecmd": "4.3.15-150000.3.86.1"
        }
    ]
}

openSUSE:Leap 15.4 / dracut-saltboot

Package

Name
dracut-saltboot
Purl
purl:rpm/suse/dracut-saltboot&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.1.1661440542.6cbe0da-150000.1.38.1

Ecosystem specific

{
    "binaries": [
        {
            "dracut-saltboot": "0.1.1661440542.6cbe0da-150000.1.38.1",
            "golang-github-lusitaniae-apache_exporter": "0.11.0-150000.1.12.1",
            "spacecmd": "4.3.15-150000.3.86.1"
        }
    ]
}

openSUSE:Leap 15.4 / golang-github-lusitaniae-apache_exporter

Package

Name
golang-github-lusitaniae-apache_exporter
Purl
purl:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.11.0-150000.1.12.1

Ecosystem specific

{
    "binaries": [
        {
            "dracut-saltboot": "0.1.1661440542.6cbe0da-150000.1.38.1",
            "golang-github-lusitaniae-apache_exporter": "0.11.0-150000.1.12.1",
            "spacecmd": "4.3.15-150000.3.86.1"
        }
    ]
}

openSUSE:Leap 15.4 / spacecmd

Package

Name
spacecmd
Purl
purl:rpm/suse/spacecmd&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.15-150000.3.86.1

Ecosystem specific

{
    "binaries": [
        {
            "dracut-saltboot": "0.1.1661440542.6cbe0da-150000.1.38.1",
            "golang-github-lusitaniae-apache_exporter": "0.11.0-150000.1.12.1",
            "spacecmd": "4.3.15-150000.3.86.1"
        }
    ]
}