SUSE-SU-2023:0811-1
- Source
- https://www.suse.com/support/update/announcement/2023/suse-su-20230811-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:0811-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2023:0811-1
- Upstream
- Related
- Published
- 2023-03-20T15:29:15Z
- Modified
- 2025-05-02T04:32:49.115400Z
- Summary
- Security update for SUSE Manager Client Tools
- Details
-
This update fixes the following issues:
grafana:
- CVE-2022-46146: Fix basic authentication bypass by updating the exporter toolkit to version 0.7.3 (bsc#1208065)
- CVE-2022-41723: Require Go 1.19 or newer (bsc#1208293)
- Update to version 8.5.20:
- CVE-2022-23552: Security: SVG: Add dompurify preprocessor step (bsc#1207749)
- CVE-2022-39324: Security: Snapshots: Fix originalUrl spoof security issue (bsc#1207750)
- Security: Omit error from http response
- Bug fix: Email and username trimming and invitation validation
spacecmd:
- Version 4.3.19-1
- Fix spacecmd not showing any output for softwarechanneldiff and softwarechannelerrata_diff (bsc#1207352)
- Prevent string api parameters to be parsed as dates if not in ISO-8601 format (bsc#1205759)
spacewalk-client-tools:
- Version 4.3.15-1
- Update translation strings
- References
-
- https://www.suse.com/support/update/announcement/2023/suse-su-20230811-1/
- https://bugzilla.suse.com/1205759
- https://bugzilla.suse.com/1207352
- https://bugzilla.suse.com/1207749
- https://bugzilla.suse.com/1207750
- https://bugzilla.suse.com/1208065
- https://bugzilla.suse.com/1208293
- https://www.suse.com/security/cve/CVE-2022-23552
- https://www.suse.com/security/cve/CVE-2022-39324
- https://www.suse.com/security/cve/CVE-2022-41723
- https://www.suse.com/security/cve/CVE-2022-46146
Affected packages
SUSE:Manager Client Tools 12 / grafana
Package
- Name
- grafana
- Purl
- pkg:rpm/suse/grafana&distro=SUSE%20Manager%20Client%20Tools%2012
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.5.20-1.42.1
Ecosystem specific
{
"binaries": [
{
"python2-spacewalk-check": "4.3.15-52.86.1",
"python2-spacewalk-client-setup": "4.3.15-52.86.1",
"spacewalk-client-tools": "4.3.15-52.86.1",
"spacecmd": "4.3.19-38.118.1",
"grafana": "8.5.20-1.42.1",
"python2-spacewalk-client-tools": "4.3.15-52.86.1",
"spacewalk-client-setup": "4.3.15-52.86.1",
"spacewalk-check": "4.3.15-52.86.1"
}
]
}
SUSE:Manager Client Tools 12 / spacecmd
Package
- Name
- spacecmd
- Purl
- pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%2012
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.3.19-38.118.1
Ecosystem specific
{
"binaries": [
{
"python2-spacewalk-check": "4.3.15-52.86.1",
"python2-spacewalk-client-setup": "4.3.15-52.86.1",
"spacewalk-client-tools": "4.3.15-52.86.1",
"spacecmd": "4.3.19-38.118.1",
"grafana": "8.5.20-1.42.1",
"python2-spacewalk-client-tools": "4.3.15-52.86.1",
"spacewalk-client-setup": "4.3.15-52.86.1",
"spacewalk-check": "4.3.15-52.86.1"
}
]
}
SUSE:Manager Client Tools 12 / spacewalk-client-tools
Package
- Name
- spacewalk-client-tools
- Purl
- pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Client%20Tools%2012
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.3.15-52.86.1
Ecosystem specific
{
"binaries": [
{
"python2-spacewalk-check": "4.3.15-52.86.1",
"python2-spacewalk-client-setup": "4.3.15-52.86.1",
"spacewalk-client-tools": "4.3.15-52.86.1",
"spacecmd": "4.3.19-38.118.1",
"grafana": "8.5.20-1.42.1",
"python2-spacewalk-client-tools": "4.3.15-52.86.1",
"spacewalk-client-setup": "4.3.15-52.86.1",
"spacewalk-check": "4.3.15-52.86.1"
}
]
}