SUSE-SU-2023:0352-1

Source
https://www.suse.com/support/update/announcement/2023/suse-su-20230352-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:0352-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2023:0352-1
Related
Published
2023-02-10T14:12:06Z
Modified
2023-02-10T14:12:06Z
Summary
Security update for SUSE Manager Client Tools
Details

This update fixes the following issues:

grafana:

  • Update to version 8.5.15 (jsc#PED-2617):
    • CVE-2022-39306: Fix for privilege escalation (bsc#1205225)
    • CVE-2022-39307: Omit error from http response when user does not exists (bsc#1205227)
  • Update to version 8.5.14:
    • CVE-2022-39201: Fix do not forward login cookie in outgoing requests (bsc#1204303)
    • CVE-2022-31130: Make proxy endpoints not leak sensitive HTTP headers (bsc#1204305)
    • CVE-2022-31123: Fix plugin signature bypass (bsc#1204302)
    • CVE-2022-39229: Fix blocknig other users from signing in (bsc#1204304)

kiwi-desc-saltboot:

  • Update to version 0.1.1673279145.e7616bd
    • Add failsafe stop file when salt-minion does not stop (bsc#1172110)

mgr-osad:

  • Version 4.3.7-1
    • Updated logrotate configuration (bsc#1206470)

mgr-push:

  • Version 4.3.5-1
    • Update translation strings

rhnlib:

  • Version 4.3.5-1
    • Don't get stuck at the end of SSL transfers (bsc#1204032)

spacecmd:

  • Version 4.3.18-1
    • Add python-dateutil dependency, required to process date values in spacecmd api calls
  • Version 4.3.17-1
    • Remove python3-simplejson dependency
    • Correctly understand 'ssm' keyword on scap scheduling
    • Add vendoradvisory information to erratadetails call (bsc#1205207)
    • Added two missing options to schedule product migration: allow-vendor-change and remove-products-without-successor (bsc#1204126)
    • Changed schedule product migration to use the correct API method
    • Change default port of 'Containerized Proxy configuration' 8022

spacewalk-client-tools:

  • Version 4.3.14-1
    • Update translation strings

uyuni-common-libs:

  • Version 4.3.7-1
    • unify user notification code on java side
References

Affected packages

SUSE:Manager Tools 12 / grafana

Package

Name
grafana
Purl
purl:rpm/suse/grafana&distro=SUSE%20Manager%20Tools%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.5.15-1.39.1

Ecosystem specific

{
    "binaries": [
        {
            "python2-spacewalk-client-tools": "4.3.14-52.83.1",
            "python2-mgr-push": "4.3.5-1.24.1",
            "mgr-osad": "4.3.7-1.42.1",
            "spacewalk-check": "4.3.14-52.83.1",
            "python2-spacewalk-client-setup": "4.3.14-52.83.1",
            "python2-uyuni-common-libs": "4.3.7-1.30.1",
            "kiwi-desc-saltboot": "0.1.1673279145.e7616bd-1.32.1",
            "spacewalk-client-setup": "4.3.14-52.83.1",
            "spacewalk-client-tools": "4.3.14-52.83.1",
            "python2-mgr-osa-common": "4.3.7-1.42.1",
            "python2-spacewalk-check": "4.3.14-52.83.1",
            "python2-rhnlib": "4.3.5-21.46.1",
            "mgr-push": "4.3.5-1.24.1",
            "spacecmd": "4.3.18-38.115.1",
            "python2-mgr-osad": "4.3.7-1.42.1",
            "grafana": "8.5.15-1.39.1"
        }
    ]
}

SUSE:Manager Tools 12 / kiwi-desc-saltboot

Package

Name
kiwi-desc-saltboot
Purl
purl:rpm/suse/kiwi-desc-saltboot&distro=SUSE%20Manager%20Tools%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.1.1673279145.e7616bd-1.32.1

Ecosystem specific

{
    "binaries": [
        {
            "python2-spacewalk-client-tools": "4.3.14-52.83.1",
            "python2-mgr-push": "4.3.5-1.24.1",
            "mgr-osad": "4.3.7-1.42.1",
            "spacewalk-check": "4.3.14-52.83.1",
            "python2-spacewalk-client-setup": "4.3.14-52.83.1",
            "python2-uyuni-common-libs": "4.3.7-1.30.1",
            "kiwi-desc-saltboot": "0.1.1673279145.e7616bd-1.32.1",
            "spacewalk-client-setup": "4.3.14-52.83.1",
            "spacewalk-client-tools": "4.3.14-52.83.1",
            "python2-mgr-osa-common": "4.3.7-1.42.1",
            "python2-spacewalk-check": "4.3.14-52.83.1",
            "python2-rhnlib": "4.3.5-21.46.1",
            "mgr-push": "4.3.5-1.24.1",
            "spacecmd": "4.3.18-38.115.1",
            "python2-mgr-osad": "4.3.7-1.42.1",
            "grafana": "8.5.15-1.39.1"
        }
    ]
}

SUSE:Manager Tools 12 / mgr-osad

Package

Name
mgr-osad
Purl
purl:rpm/suse/mgr-osad&distro=SUSE%20Manager%20Tools%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.7-1.42.1

Ecosystem specific

{
    "binaries": [
        {
            "python2-spacewalk-client-tools": "4.3.14-52.83.1",
            "python2-mgr-push": "4.3.5-1.24.1",
            "mgr-osad": "4.3.7-1.42.1",
            "spacewalk-check": "4.3.14-52.83.1",
            "python2-spacewalk-client-setup": "4.3.14-52.83.1",
            "python2-uyuni-common-libs": "4.3.7-1.30.1",
            "kiwi-desc-saltboot": "0.1.1673279145.e7616bd-1.32.1",
            "spacewalk-client-setup": "4.3.14-52.83.1",
            "spacewalk-client-tools": "4.3.14-52.83.1",
            "python2-mgr-osa-common": "4.3.7-1.42.1",
            "python2-spacewalk-check": "4.3.14-52.83.1",
            "python2-rhnlib": "4.3.5-21.46.1",
            "mgr-push": "4.3.5-1.24.1",
            "spacecmd": "4.3.18-38.115.1",
            "python2-mgr-osad": "4.3.7-1.42.1",
            "grafana": "8.5.15-1.39.1"
        }
    ]
}

SUSE:Manager Tools 12 / mgr-push

Package

Name
mgr-push
Purl
purl:rpm/suse/mgr-push&distro=SUSE%20Manager%20Tools%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.5-1.24.1

Ecosystem specific

{
    "binaries": [
        {
            "python2-spacewalk-client-tools": "4.3.14-52.83.1",
            "python2-mgr-push": "4.3.5-1.24.1",
            "mgr-osad": "4.3.7-1.42.1",
            "spacewalk-check": "4.3.14-52.83.1",
            "python2-spacewalk-client-setup": "4.3.14-52.83.1",
            "python2-uyuni-common-libs": "4.3.7-1.30.1",
            "kiwi-desc-saltboot": "0.1.1673279145.e7616bd-1.32.1",
            "spacewalk-client-setup": "4.3.14-52.83.1",
            "spacewalk-client-tools": "4.3.14-52.83.1",
            "python2-mgr-osa-common": "4.3.7-1.42.1",
            "python2-spacewalk-check": "4.3.14-52.83.1",
            "python2-rhnlib": "4.3.5-21.46.1",
            "mgr-push": "4.3.5-1.24.1",
            "spacecmd": "4.3.18-38.115.1",
            "python2-mgr-osad": "4.3.7-1.42.1",
            "grafana": "8.5.15-1.39.1"
        }
    ]
}

SUSE:Manager Tools 12 / rhnlib

Package

Name
rhnlib
Purl
purl:rpm/suse/rhnlib&distro=SUSE%20Manager%20Tools%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.5-21.46.1

Ecosystem specific

{
    "binaries": [
        {
            "python2-spacewalk-client-tools": "4.3.14-52.83.1",
            "python2-mgr-push": "4.3.5-1.24.1",
            "mgr-osad": "4.3.7-1.42.1",
            "spacewalk-check": "4.3.14-52.83.1",
            "python2-spacewalk-client-setup": "4.3.14-52.83.1",
            "python2-uyuni-common-libs": "4.3.7-1.30.1",
            "kiwi-desc-saltboot": "0.1.1673279145.e7616bd-1.32.1",
            "spacewalk-client-setup": "4.3.14-52.83.1",
            "spacewalk-client-tools": "4.3.14-52.83.1",
            "python2-mgr-osa-common": "4.3.7-1.42.1",
            "python2-spacewalk-check": "4.3.14-52.83.1",
            "python2-rhnlib": "4.3.5-21.46.1",
            "mgr-push": "4.3.5-1.24.1",
            "spacecmd": "4.3.18-38.115.1",
            "python2-mgr-osad": "4.3.7-1.42.1",
            "grafana": "8.5.15-1.39.1"
        }
    ]
}

SUSE:Manager Tools 12 / spacecmd

Package

Name
spacecmd
Purl
purl:rpm/suse/spacecmd&distro=SUSE%20Manager%20Tools%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.18-38.115.1

Ecosystem specific

{
    "binaries": [
        {
            "python2-spacewalk-client-tools": "4.3.14-52.83.1",
            "python2-mgr-push": "4.3.5-1.24.1",
            "mgr-osad": "4.3.7-1.42.1",
            "spacewalk-check": "4.3.14-52.83.1",
            "python2-spacewalk-client-setup": "4.3.14-52.83.1",
            "python2-uyuni-common-libs": "4.3.7-1.30.1",
            "kiwi-desc-saltboot": "0.1.1673279145.e7616bd-1.32.1",
            "spacewalk-client-setup": "4.3.14-52.83.1",
            "spacewalk-client-tools": "4.3.14-52.83.1",
            "python2-mgr-osa-common": "4.3.7-1.42.1",
            "python2-spacewalk-check": "4.3.14-52.83.1",
            "python2-rhnlib": "4.3.5-21.46.1",
            "mgr-push": "4.3.5-1.24.1",
            "spacecmd": "4.3.18-38.115.1",
            "python2-mgr-osad": "4.3.7-1.42.1",
            "grafana": "8.5.15-1.39.1"
        }
    ]
}

SUSE:Manager Tools 12 / spacewalk-client-tools

Package

Name
spacewalk-client-tools
Purl
purl:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Tools%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.14-52.83.1

Ecosystem specific

{
    "binaries": [
        {
            "python2-spacewalk-client-tools": "4.3.14-52.83.1",
            "python2-mgr-push": "4.3.5-1.24.1",
            "mgr-osad": "4.3.7-1.42.1",
            "spacewalk-check": "4.3.14-52.83.1",
            "python2-spacewalk-client-setup": "4.3.14-52.83.1",
            "python2-uyuni-common-libs": "4.3.7-1.30.1",
            "kiwi-desc-saltboot": "0.1.1673279145.e7616bd-1.32.1",
            "spacewalk-client-setup": "4.3.14-52.83.1",
            "spacewalk-client-tools": "4.3.14-52.83.1",
            "python2-mgr-osa-common": "4.3.7-1.42.1",
            "python2-spacewalk-check": "4.3.14-52.83.1",
            "python2-rhnlib": "4.3.5-21.46.1",
            "mgr-push": "4.3.5-1.24.1",
            "spacecmd": "4.3.18-38.115.1",
            "python2-mgr-osad": "4.3.7-1.42.1",
            "grafana": "8.5.15-1.39.1"
        }
    ]
}

SUSE:Manager Tools 12 / uyuni-common-libs

Package

Name
uyuni-common-libs
Purl
purl:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Tools%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.7-1.30.1

Ecosystem specific

{
    "binaries": [
        {
            "python2-spacewalk-client-tools": "4.3.14-52.83.1",
            "python2-mgr-push": "4.3.5-1.24.1",
            "mgr-osad": "4.3.7-1.42.1",
            "spacewalk-check": "4.3.14-52.83.1",
            "python2-spacewalk-client-setup": "4.3.14-52.83.1",
            "python2-uyuni-common-libs": "4.3.7-1.30.1",
            "kiwi-desc-saltboot": "0.1.1673279145.e7616bd-1.32.1",
            "spacewalk-client-setup": "4.3.14-52.83.1",
            "spacewalk-client-tools": "4.3.14-52.83.1",
            "python2-mgr-osa-common": "4.3.7-1.42.1",
            "python2-spacewalk-check": "4.3.14-52.83.1",
            "python2-rhnlib": "4.3.5-21.46.1",
            "mgr-push": "4.3.5-1.24.1",
            "spacecmd": "4.3.18-38.115.1",
            "python2-mgr-osad": "4.3.7-1.42.1",
            "grafana": "8.5.15-1.39.1"
        }
    ]
}