SUSE-SU-2023:0353-1

Source
https://www.suse.com/support/update/announcement/2023/suse-su-20230353-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:0353-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2023:0353-1
Related
Published
2023-02-10T14:12:55Z
Modified
2023-02-10T14:12:55Z
Summary
Security update for SUSE Manager Client Tools
Details

This update fixes the following issues:

dracut-saltboot:

  • Update to version 0.1.1673279145.e7616bd
    • Add failsafe stop file when salt-minion does not stop (bsc#1172110)
    • Copy existing wicked config instead of generating new (bsc#1205599)

grafana:

  • Update to version 8.5.15 (jsc#PED-2617):
    • CVE-2022-39306: Fix for privilege escalation (bsc#1205225)
    • CVE-2022-39307: Omit error from http response when user does not exists (bsc#1205227)
  • Update to version 8.5.14:
    • CVE-2022-39201: Fix do not forward login cookie in outgoing requests (bsc#1204303)
    • CVE-2022-31130: Make proxy endpoints not leak sensitive HTTP headers (bsc#1204305)
    • CVE-2022-31123: Fix plugin signature bypass (bsc#1204302)
    • CVE-2022-39229: Fix blocknig other users from signing in (bsc#1204304)

mgr-osad:

  • Version 4.3.7-1
    • Updated logrotate configuration (bsc#1206470)

mgr-push:

  • Version 4.3.5-1
    • Update translation strings

rhnlib:

  • Version 4.3.5-1
    • Don't get stuck at the end of SSL transfers (bsc#1204032)

spacecmd:

  • Version 4.3.18-1
    • Add python-dateutil dependency, required to process date values in spacecmd api calls
  • Version 4.3.17-1
    • Remove python3-simplejson dependency
    • Correctly understand 'ssm' keyword on scap scheduling
    • Add vendoradvisory information to erratadetails call (bsc#1205207)
    • Added two missing options to schedule product migration: allow-vendor-change and remove-products-without-successor (bsc#1204126)
    • Changed schedule product migration to use the correct API method
    • Change default port of 'Containerized Proxy configuration' 8022

spacewalk-client-tools:

  • Version 4.3.14-1
    • Update translation strings

uyuni-common-libs:

  • Version 4.3.7-1
    • unify user notification code on java side
References

Affected packages

SUSE:Manager Client Tools 15 / dracut-saltboot

Package

Name
dracut-saltboot
Purl
pkg:rpm/suse/dracut-saltboot&distro=SUSE%20Manager%20Client%20Tools%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.1.1673279145.e7616bd-150000.1.44.1

Ecosystem specific

{
    "binaries": [
        {
            "python3-mgr-osa-common": "4.3.7-150000.1.42.1",
            "dracut-saltboot": "0.1.1673279145.e7616bd-150000.1.44.1",
            "python3-rhnlib": "4.3.5-150000.3.40.1",
            "mgr-osad": "4.3.7-150000.1.42.1",
            "spacewalk-check": "4.3.14-150000.3.74.1",
            "python3-spacewalk-client-setup": "4.3.14-150000.3.74.1",
            "python3-mgr-push": "4.3.5-150000.1.24.2",
            "python3-spacewalk-check": "4.3.14-150000.3.74.1",
            "spacewalk-client-setup": "4.3.14-150000.3.74.1",
            "spacewalk-client-tools": "4.3.14-150000.3.74.1",
            "python3-uyuni-common-libs": "4.3.7-150000.1.30.1",
            "python3-spacewalk-client-tools": "4.3.14-150000.3.74.1",
            "mgr-push": "4.3.5-150000.1.24.2",
            "spacecmd": "4.3.18-150000.3.92.1",
            "python3-mgr-osad": "4.3.7-150000.1.42.1",
            "grafana": "8.5.15-150000.1.39.1"
        }
    ]
}

SUSE:Manager Client Tools 15 / grafana

Package

Name
grafana
Purl
pkg:rpm/suse/grafana&distro=SUSE%20Manager%20Client%20Tools%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.5.15-150000.1.39.1

Ecosystem specific

{
    "binaries": [
        {
            "python3-mgr-osa-common": "4.3.7-150000.1.42.1",
            "dracut-saltboot": "0.1.1673279145.e7616bd-150000.1.44.1",
            "python3-rhnlib": "4.3.5-150000.3.40.1",
            "mgr-osad": "4.3.7-150000.1.42.1",
            "spacewalk-check": "4.3.14-150000.3.74.1",
            "python3-spacewalk-client-setup": "4.3.14-150000.3.74.1",
            "python3-mgr-push": "4.3.5-150000.1.24.2",
            "python3-spacewalk-check": "4.3.14-150000.3.74.1",
            "spacewalk-client-setup": "4.3.14-150000.3.74.1",
            "spacewalk-client-tools": "4.3.14-150000.3.74.1",
            "python3-uyuni-common-libs": "4.3.7-150000.1.30.1",
            "python3-spacewalk-client-tools": "4.3.14-150000.3.74.1",
            "mgr-push": "4.3.5-150000.1.24.2",
            "spacecmd": "4.3.18-150000.3.92.1",
            "python3-mgr-osad": "4.3.7-150000.1.42.1",
            "grafana": "8.5.15-150000.1.39.1"
        }
    ]
}

SUSE:Manager Client Tools 15 / mgr-osad

Package

Name
mgr-osad
Purl
pkg:rpm/suse/mgr-osad&distro=SUSE%20Manager%20Client%20Tools%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.7-150000.1.42.1

Ecosystem specific

{
    "binaries": [
        {
            "python3-mgr-osa-common": "4.3.7-150000.1.42.1",
            "dracut-saltboot": "0.1.1673279145.e7616bd-150000.1.44.1",
            "python3-rhnlib": "4.3.5-150000.3.40.1",
            "mgr-osad": "4.3.7-150000.1.42.1",
            "spacewalk-check": "4.3.14-150000.3.74.1",
            "python3-spacewalk-client-setup": "4.3.14-150000.3.74.1",
            "python3-mgr-push": "4.3.5-150000.1.24.2",
            "python3-spacewalk-check": "4.3.14-150000.3.74.1",
            "spacewalk-client-setup": "4.3.14-150000.3.74.1",
            "spacewalk-client-tools": "4.3.14-150000.3.74.1",
            "python3-uyuni-common-libs": "4.3.7-150000.1.30.1",
            "python3-spacewalk-client-tools": "4.3.14-150000.3.74.1",
            "mgr-push": "4.3.5-150000.1.24.2",
            "spacecmd": "4.3.18-150000.3.92.1",
            "python3-mgr-osad": "4.3.7-150000.1.42.1",
            "grafana": "8.5.15-150000.1.39.1"
        }
    ]
}

SUSE:Manager Client Tools 15 / mgr-push

Package

Name
mgr-push
Purl
pkg:rpm/suse/mgr-push&distro=SUSE%20Manager%20Client%20Tools%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.5-150000.1.24.2

Ecosystem specific

{
    "binaries": [
        {
            "python3-mgr-osa-common": "4.3.7-150000.1.42.1",
            "dracut-saltboot": "0.1.1673279145.e7616bd-150000.1.44.1",
            "python3-rhnlib": "4.3.5-150000.3.40.1",
            "mgr-osad": "4.3.7-150000.1.42.1",
            "spacewalk-check": "4.3.14-150000.3.74.1",
            "python3-spacewalk-client-setup": "4.3.14-150000.3.74.1",
            "python3-mgr-push": "4.3.5-150000.1.24.2",
            "python3-spacewalk-check": "4.3.14-150000.3.74.1",
            "spacewalk-client-setup": "4.3.14-150000.3.74.1",
            "spacewalk-client-tools": "4.3.14-150000.3.74.1",
            "python3-uyuni-common-libs": "4.3.7-150000.1.30.1",
            "python3-spacewalk-client-tools": "4.3.14-150000.3.74.1",
            "mgr-push": "4.3.5-150000.1.24.2",
            "spacecmd": "4.3.18-150000.3.92.1",
            "python3-mgr-osad": "4.3.7-150000.1.42.1",
            "grafana": "8.5.15-150000.1.39.1"
        }
    ]
}

SUSE:Manager Client Tools 15 / rhnlib

Package

Name
rhnlib
Purl
pkg:rpm/suse/rhnlib&distro=SUSE%20Manager%20Client%20Tools%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.5-150000.3.40.1

Ecosystem specific

{
    "binaries": [
        {
            "python3-mgr-osa-common": "4.3.7-150000.1.42.1",
            "dracut-saltboot": "0.1.1673279145.e7616bd-150000.1.44.1",
            "python3-rhnlib": "4.3.5-150000.3.40.1",
            "mgr-osad": "4.3.7-150000.1.42.1",
            "spacewalk-check": "4.3.14-150000.3.74.1",
            "python3-spacewalk-client-setup": "4.3.14-150000.3.74.1",
            "python3-mgr-push": "4.3.5-150000.1.24.2",
            "python3-spacewalk-check": "4.3.14-150000.3.74.1",
            "spacewalk-client-setup": "4.3.14-150000.3.74.1",
            "spacewalk-client-tools": "4.3.14-150000.3.74.1",
            "python3-uyuni-common-libs": "4.3.7-150000.1.30.1",
            "python3-spacewalk-client-tools": "4.3.14-150000.3.74.1",
            "mgr-push": "4.3.5-150000.1.24.2",
            "spacecmd": "4.3.18-150000.3.92.1",
            "python3-mgr-osad": "4.3.7-150000.1.42.1",
            "grafana": "8.5.15-150000.1.39.1"
        }
    ]
}

SUSE:Manager Client Tools 15 / spacecmd

Package

Name
spacecmd
Purl
pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.18-150000.3.92.1

Ecosystem specific

{
    "binaries": [
        {
            "python3-mgr-osa-common": "4.3.7-150000.1.42.1",
            "dracut-saltboot": "0.1.1673279145.e7616bd-150000.1.44.1",
            "python3-rhnlib": "4.3.5-150000.3.40.1",
            "mgr-osad": "4.3.7-150000.1.42.1",
            "spacewalk-check": "4.3.14-150000.3.74.1",
            "python3-spacewalk-client-setup": "4.3.14-150000.3.74.1",
            "python3-mgr-push": "4.3.5-150000.1.24.2",
            "python3-spacewalk-check": "4.3.14-150000.3.74.1",
            "spacewalk-client-setup": "4.3.14-150000.3.74.1",
            "spacewalk-client-tools": "4.3.14-150000.3.74.1",
            "python3-uyuni-common-libs": "4.3.7-150000.1.30.1",
            "python3-spacewalk-client-tools": "4.3.14-150000.3.74.1",
            "mgr-push": "4.3.5-150000.1.24.2",
            "spacecmd": "4.3.18-150000.3.92.1",
            "python3-mgr-osad": "4.3.7-150000.1.42.1",
            "grafana": "8.5.15-150000.1.39.1"
        }
    ]
}

SUSE:Manager Client Tools 15 / spacewalk-client-tools

Package

Name
spacewalk-client-tools
Purl
pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Client%20Tools%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.14-150000.3.74.1

Ecosystem specific

{
    "binaries": [
        {
            "python3-mgr-osa-common": "4.3.7-150000.1.42.1",
            "dracut-saltboot": "0.1.1673279145.e7616bd-150000.1.44.1",
            "python3-rhnlib": "4.3.5-150000.3.40.1",
            "mgr-osad": "4.3.7-150000.1.42.1",
            "spacewalk-check": "4.3.14-150000.3.74.1",
            "python3-spacewalk-client-setup": "4.3.14-150000.3.74.1",
            "python3-mgr-push": "4.3.5-150000.1.24.2",
            "python3-spacewalk-check": "4.3.14-150000.3.74.1",
            "spacewalk-client-setup": "4.3.14-150000.3.74.1",
            "spacewalk-client-tools": "4.3.14-150000.3.74.1",
            "python3-uyuni-common-libs": "4.3.7-150000.1.30.1",
            "python3-spacewalk-client-tools": "4.3.14-150000.3.74.1",
            "mgr-push": "4.3.5-150000.1.24.2",
            "spacecmd": "4.3.18-150000.3.92.1",
            "python3-mgr-osad": "4.3.7-150000.1.42.1",
            "grafana": "8.5.15-150000.1.39.1"
        }
    ]
}

SUSE:Manager Client Tools 15 / uyuni-common-libs

Package

Name
uyuni-common-libs
Purl
pkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Client%20Tools%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.7-150000.1.30.1

Ecosystem specific

{
    "binaries": [
        {
            "python3-mgr-osa-common": "4.3.7-150000.1.42.1",
            "dracut-saltboot": "0.1.1673279145.e7616bd-150000.1.44.1",
            "python3-rhnlib": "4.3.5-150000.3.40.1",
            "mgr-osad": "4.3.7-150000.1.42.1",
            "spacewalk-check": "4.3.14-150000.3.74.1",
            "python3-spacewalk-client-setup": "4.3.14-150000.3.74.1",
            "python3-mgr-push": "4.3.5-150000.1.24.2",
            "python3-spacewalk-check": "4.3.14-150000.3.74.1",
            "spacewalk-client-setup": "4.3.14-150000.3.74.1",
            "spacewalk-client-tools": "4.3.14-150000.3.74.1",
            "python3-uyuni-common-libs": "4.3.7-150000.1.30.1",
            "python3-spacewalk-client-tools": "4.3.14-150000.3.74.1",
            "mgr-push": "4.3.5-150000.1.24.2",
            "spacecmd": "4.3.18-150000.3.92.1",
            "python3-mgr-osad": "4.3.7-150000.1.42.1",
            "grafana": "8.5.15-150000.1.39.1"
        }
    ]
}

SUSE:Manager Client Tools for SLE Micro 5 / dracut-saltboot

Package

Name
dracut-saltboot
Purl
pkg:rpm/suse/dracut-saltboot&distro=SUSE%20Manager%20Client%20Tools%20for%20SLE%20Micro%205

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.1.1673279145.e7616bd-150000.1.44.1

Ecosystem specific

{
    "binaries": [
        {
            "dracut-saltboot": "0.1.1673279145.e7616bd-150000.1.44.1"
        }
    ]
}

openSUSE:Leap 15.4 / dracut-saltboot

Package

Name
dracut-saltboot
Purl
pkg:rpm/opensuse/dracut-saltboot&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.1.1673279145.e7616bd-150000.1.44.1

Ecosystem specific

{
    "binaries": [
        {
            "dracut-saltboot": "0.1.1673279145.e7616bd-150000.1.44.1",
            "spacecmd": "4.3.18-150000.3.92.1"
        }
    ]
}

openSUSE:Leap 15.4 / spacecmd

Package

Name
spacecmd
Purl
pkg:rpm/opensuse/spacecmd&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.18-150000.3.92.1

Ecosystem specific

{
    "binaries": [
        {
            "dracut-saltboot": "0.1.1673279145.e7616bd-150000.1.44.1",
            "spacecmd": "4.3.18-150000.3.92.1"
        }
    ]
}