SUSE-SU-2023:0812-1

Source
https://www.suse.com/support/update/announcement/2023/suse-su-20230812-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:0812-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2023:0812-1
Related
Published
2023-03-20T15:32:26Z
Modified
2023-03-20T15:32:26Z
Summary
Security update for SUSE Manager Client Tools
Details

This update fixes the following issues:

dracut-saltboot:

  • Update to verion 0.1.1674034019.a93ff61
    • Install copied wicked config as client.xml (bsc#1205599)
  • Update to version 0.1.1673279145.e7616bd

grafana:

  • CVE-2022-46146: Fix basic authentication bypass by updating the exporter toolkit to version 0.7.3 (bsc#1208065,)
  • CVE-2022-41723: Require Go 1.19 or newer (bsc#1208293)
  • Update to version 8.5.20:
    • CVE-2022-23552: Security: SVG: Add dompurify preprocessor step (bsc#1207749)
    • CVE-2022-39324: Security: Snapshots: Fix originalUrl spoof security issue (bsc#1207750)
    • Security: Omit error from http response
    • Bug fix: Email and username trimming and invitation validation

spacecmd:

  • Version 4.3.19-1
    • Fix spacecmd not showing any output for softwarechanneldiff and softwarechannelerrata_diff (bsc#1207352)
    • Prevent string api parameters to be parsed as dates if not in ISO-8601 format (bsc#1205759)

spacewalk-client-tools:

  • Version 4.3.15-1
    • Update translation strings

supportutils-plugin-salt:

  • Update to version 1.2.2
    • Remove possible passwords from Salt configuration files (bsc#1201059)

uyuni-proxy-systemd-services:

  • Version 4.3.8-1
    • Allow using container images from different registry paths
References

Affected packages

SUSE:Manager Client Tools 15 / dracut-saltboot

Package

Name
dracut-saltboot
Purl
pkg:rpm/suse/dracut-saltboot&distro=SUSE%20Manager%20Client%20Tools%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.1.1674034019.a93ff61-150000.1.47.1

Ecosystem specific

{
    "binaries": [
        {
            "python3-spacewalk-check": "4.3.15-150000.3.77.1",
            "dracut-saltboot": "0.1.1674034019.a93ff61-150000.1.47.1",
            "supportutils-plugin-salt": "1.2.2-150000.3.13.1",
            "spacewalk-client-setup": "4.3.15-150000.3.77.1",
            "uyuni-proxy-systemd-services": "4.3.8-150000.1.12.1",
            "spacewalk-client-tools": "4.3.15-150000.3.77.1",
            "spacewalk-check": "4.3.15-150000.3.77.1",
            "python3-spacewalk-client-setup": "4.3.15-150000.3.77.1",
            "python3-spacewalk-client-tools": "4.3.15-150000.3.77.1",
            "spacecmd": "4.3.19-150000.3.95.1",
            "grafana": "8.5.20-150000.1.42.1"
        }
    ]
}

SUSE:Manager Client Tools 15 / grafana

Package

Name
grafana
Purl
pkg:rpm/suse/grafana&distro=SUSE%20Manager%20Client%20Tools%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.5.20-150000.1.42.1

Ecosystem specific

{
    "binaries": [
        {
            "python3-spacewalk-check": "4.3.15-150000.3.77.1",
            "dracut-saltboot": "0.1.1674034019.a93ff61-150000.1.47.1",
            "supportutils-plugin-salt": "1.2.2-150000.3.13.1",
            "spacewalk-client-setup": "4.3.15-150000.3.77.1",
            "uyuni-proxy-systemd-services": "4.3.8-150000.1.12.1",
            "spacewalk-client-tools": "4.3.15-150000.3.77.1",
            "spacewalk-check": "4.3.15-150000.3.77.1",
            "python3-spacewalk-client-setup": "4.3.15-150000.3.77.1",
            "python3-spacewalk-client-tools": "4.3.15-150000.3.77.1",
            "spacecmd": "4.3.19-150000.3.95.1",
            "grafana": "8.5.20-150000.1.42.1"
        }
    ]
}

SUSE:Manager Client Tools 15 / spacecmd

Package

Name
spacecmd
Purl
pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.19-150000.3.95.1

Ecosystem specific

{
    "binaries": [
        {
            "python3-spacewalk-check": "4.3.15-150000.3.77.1",
            "dracut-saltboot": "0.1.1674034019.a93ff61-150000.1.47.1",
            "supportutils-plugin-salt": "1.2.2-150000.3.13.1",
            "spacewalk-client-setup": "4.3.15-150000.3.77.1",
            "uyuni-proxy-systemd-services": "4.3.8-150000.1.12.1",
            "spacewalk-client-tools": "4.3.15-150000.3.77.1",
            "spacewalk-check": "4.3.15-150000.3.77.1",
            "python3-spacewalk-client-setup": "4.3.15-150000.3.77.1",
            "python3-spacewalk-client-tools": "4.3.15-150000.3.77.1",
            "spacecmd": "4.3.19-150000.3.95.1",
            "grafana": "8.5.20-150000.1.42.1"
        }
    ]
}

SUSE:Manager Client Tools 15 / spacewalk-client-tools

Package

Name
spacewalk-client-tools
Purl
pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Client%20Tools%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.15-150000.3.77.1

Ecosystem specific

{
    "binaries": [
        {
            "python3-spacewalk-check": "4.3.15-150000.3.77.1",
            "dracut-saltboot": "0.1.1674034019.a93ff61-150000.1.47.1",
            "supportutils-plugin-salt": "1.2.2-150000.3.13.1",
            "spacewalk-client-setup": "4.3.15-150000.3.77.1",
            "uyuni-proxy-systemd-services": "4.3.8-150000.1.12.1",
            "spacewalk-client-tools": "4.3.15-150000.3.77.1",
            "spacewalk-check": "4.3.15-150000.3.77.1",
            "python3-spacewalk-client-setup": "4.3.15-150000.3.77.1",
            "python3-spacewalk-client-tools": "4.3.15-150000.3.77.1",
            "spacecmd": "4.3.19-150000.3.95.1",
            "grafana": "8.5.20-150000.1.42.1"
        }
    ]
}

SUSE:Manager Client Tools 15 / supportutils-plugin-salt

Package

Name
supportutils-plugin-salt
Purl
pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Manager%20Client%20Tools%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.2-150000.3.13.1

Ecosystem specific

{
    "binaries": [
        {
            "python3-spacewalk-check": "4.3.15-150000.3.77.1",
            "dracut-saltboot": "0.1.1674034019.a93ff61-150000.1.47.1",
            "supportutils-plugin-salt": "1.2.2-150000.3.13.1",
            "spacewalk-client-setup": "4.3.15-150000.3.77.1",
            "uyuni-proxy-systemd-services": "4.3.8-150000.1.12.1",
            "spacewalk-client-tools": "4.3.15-150000.3.77.1",
            "spacewalk-check": "4.3.15-150000.3.77.1",
            "python3-spacewalk-client-setup": "4.3.15-150000.3.77.1",
            "python3-spacewalk-client-tools": "4.3.15-150000.3.77.1",
            "spacecmd": "4.3.19-150000.3.95.1",
            "grafana": "8.5.20-150000.1.42.1"
        }
    ]
}

SUSE:Manager Client Tools 15 / uyuni-proxy-systemd-services

Package

Name
uyuni-proxy-systemd-services
Purl
pkg:rpm/suse/uyuni-proxy-systemd-services&distro=SUSE%20Manager%20Client%20Tools%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.8-150000.1.12.1

Ecosystem specific

{
    "binaries": [
        {
            "python3-spacewalk-check": "4.3.15-150000.3.77.1",
            "dracut-saltboot": "0.1.1674034019.a93ff61-150000.1.47.1",
            "supportutils-plugin-salt": "1.2.2-150000.3.13.1",
            "spacewalk-client-setup": "4.3.15-150000.3.77.1",
            "uyuni-proxy-systemd-services": "4.3.8-150000.1.12.1",
            "spacewalk-client-tools": "4.3.15-150000.3.77.1",
            "spacewalk-check": "4.3.15-150000.3.77.1",
            "python3-spacewalk-client-setup": "4.3.15-150000.3.77.1",
            "python3-spacewalk-client-tools": "4.3.15-150000.3.77.1",
            "spacecmd": "4.3.19-150000.3.95.1",
            "grafana": "8.5.20-150000.1.42.1"
        }
    ]
}

SUSE:Manager Client Tools for SLE Micro 5 / dracut-saltboot

Package

Name
dracut-saltboot
Purl
pkg:rpm/suse/dracut-saltboot&distro=SUSE%20Manager%20Client%20Tools%20for%20SLE%20Micro%205

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.1.1674034019.a93ff61-150000.1.47.1

Ecosystem specific

{
    "binaries": [
        {
            "dracut-saltboot": "0.1.1674034019.a93ff61-150000.1.47.1",
            "uyuni-proxy-systemd-services": "4.3.8-150000.1.12.1"
        }
    ]
}

SUSE:Manager Client Tools for SLE Micro 5 / uyuni-proxy-systemd-services

Package

Name
uyuni-proxy-systemd-services
Purl
pkg:rpm/suse/uyuni-proxy-systemd-services&distro=SUSE%20Manager%20Client%20Tools%20for%20SLE%20Micro%205

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.8-150000.1.12.1

Ecosystem specific

{
    "binaries": [
        {
            "dracut-saltboot": "0.1.1674034019.a93ff61-150000.1.47.1",
            "uyuni-proxy-systemd-services": "4.3.8-150000.1.12.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Basesystem 15 SP4 / supportutils-plugin-salt

Package

Name
supportutils-plugin-salt
Purl
pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.2-150000.3.13.1

Ecosystem specific

{
    "binaries": [
        {
            "supportutils-plugin-salt": "1.2.2-150000.3.13.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSS / supportutils-plugin-salt

Package

Name
supportutils-plugin-salt
Purl
pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.2-150000.3.13.1

Ecosystem specific

{
    "binaries": [
        {
            "supportutils-plugin-salt": "1.2.2-150000.3.13.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSS / supportutils-plugin-salt

Package

Name
supportutils-plugin-salt
Purl
pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.2-150000.3.13.1

Ecosystem specific

{
    "binaries": [
        {
            "supportutils-plugin-salt": "1.2.2-150000.3.13.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP3-ESPOS / supportutils-plugin-salt

Package

Name
supportutils-plugin-salt
Purl
pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.2-150000.3.13.1

Ecosystem specific

{
    "binaries": [
        {
            "supportutils-plugin-salt": "1.2.2-150000.3.13.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS / supportutils-plugin-salt

Package

Name
supportutils-plugin-salt
Purl
pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.2-150000.3.13.1

Ecosystem specific

{
    "binaries": [
        {
            "supportutils-plugin-salt": "1.2.2-150000.3.13.1"
        }
    ]
}

SUSE:Linux Enterprise Real Time 15 SP3 / supportutils-plugin-salt

Package

Name
supportutils-plugin-salt
Purl
pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.2-150000.3.13.1

Ecosystem specific

{
    "binaries": [
        {
            "supportutils-plugin-salt": "1.2.2-150000.3.13.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP1-LTSS / supportutils-plugin-salt

Package

Name
supportutils-plugin-salt
Purl
pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.2-150000.3.13.1

Ecosystem specific

{
    "binaries": [
        {
            "supportutils-plugin-salt": "1.2.2-150000.3.13.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP2-LTSS / supportutils-plugin-salt

Package

Name
supportutils-plugin-salt
Purl
pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.2-150000.3.13.1

Ecosystem specific

{
    "binaries": [
        {
            "supportutils-plugin-salt": "1.2.2-150000.3.13.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP3-LTSS / supportutils-plugin-salt

Package

Name
supportutils-plugin-salt
Purl
pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.2-150000.3.13.1

Ecosystem specific

{
    "binaries": [
        {
            "supportutils-plugin-salt": "1.2.2-150000.3.13.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP1 / supportutils-plugin-salt

Package

Name
supportutils-plugin-salt
Purl
pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.2-150000.3.13.1

Ecosystem specific

{
    "binaries": [
        {
            "supportutils-plugin-salt": "1.2.2-150000.3.13.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP2 / supportutils-plugin-salt

Package

Name
supportutils-plugin-salt
Purl
pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.2-150000.3.13.1

Ecosystem specific

{
    "binaries": [
        {
            "supportutils-plugin-salt": "1.2.2-150000.3.13.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP3 / supportutils-plugin-salt

Package

Name
supportutils-plugin-salt
Purl
pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.2-150000.3.13.1

Ecosystem specific

{
    "binaries": [
        {
            "supportutils-plugin-salt": "1.2.2-150000.3.13.1"
        }
    ]
}

SUSE:Manager Proxy 4.2 / supportutils-plugin-salt

Package

Name
supportutils-plugin-salt
Purl
pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Manager%20Proxy%204.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.2-150000.3.13.1

Ecosystem specific

{
    "binaries": [
        {
            "supportutils-plugin-salt": "1.2.2-150000.3.13.1"
        }
    ]
}

SUSE:Manager Server 4.2 / supportutils-plugin-salt

Package

Name
supportutils-plugin-salt
Purl
pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Manager%20Server%204.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.2-150000.3.13.1

Ecosystem specific

{
    "binaries": [
        {
            "supportutils-plugin-salt": "1.2.2-150000.3.13.1"
        }
    ]
}

SUSE:Enterprise Storage 7 / supportutils-plugin-salt

Package

Name
supportutils-plugin-salt
Purl
pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Enterprise%20Storage%207

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.2-150000.3.13.1

Ecosystem specific

{
    "binaries": [
        {
            "supportutils-plugin-salt": "1.2.2-150000.3.13.1"
        }
    ]
}

SUSE:Enterprise Storage 7.1 / supportutils-plugin-salt

Package

Name
supportutils-plugin-salt
Purl
pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Enterprise%20Storage%207.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.2-150000.3.13.1

Ecosystem specific

{
    "binaries": [
        {
            "supportutils-plugin-salt": "1.2.2-150000.3.13.1"
        }
    ]
}

openSUSE:Leap 15.4 / dracut-saltboot

Package

Name
dracut-saltboot
Purl
pkg:rpm/opensuse/dracut-saltboot&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.1.1674034019.a93ff61-150000.1.47.1

Ecosystem specific

{
    "binaries": [
        {
            "dracut-saltboot": "0.1.1674034019.a93ff61-150000.1.47.1",
            "supportutils-plugin-salt": "1.2.2-150000.3.13.1",
            "spacecmd": "4.3.19-150000.3.95.1"
        }
    ]
}

openSUSE:Leap 15.4 / spacecmd

Package

Name
spacecmd
Purl
pkg:rpm/opensuse/spacecmd&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.19-150000.3.95.1

Ecosystem specific

{
    "binaries": [
        {
            "dracut-saltboot": "0.1.1674034019.a93ff61-150000.1.47.1",
            "supportutils-plugin-salt": "1.2.2-150000.3.13.1",
            "spacecmd": "4.3.19-150000.3.95.1"
        }
    ]
}

openSUSE:Leap 15.4 / supportutils-plugin-salt

Package

Name
supportutils-plugin-salt
Purl
pkg:rpm/opensuse/supportutils-plugin-salt&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.2-150000.3.13.1

Ecosystem specific

{
    "binaries": [
        {
            "dracut-saltboot": "0.1.1674034019.a93ff61-150000.1.47.1",
            "supportutils-plugin-salt": "1.2.2-150000.3.13.1",
            "spacecmd": "4.3.19-150000.3.95.1"
        }
    ]
}