SUSE-SU-2024:4010-1

Source
https://www.suse.com/support/update/announcement/2024/suse-su-20244010-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:4010-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2024:4010-1
Related
Published
2024-11-18T13:22:17Z
Modified
2024-11-18T13:22:17Z
Summary
Security update for SUSE Manager Client Tools
Details

This update fixes the following issues:

golang-github-lusitaniae-apache_exporter:

  • Security issues fixed:

    • CVE-2023-3978: Fixed security bug in x/net dependency (bsc#1213933)
  • Other changes and issues fixed:

    • Delete unpackaged debug files for RHEL
    • Do not include source files in the package for RHEL 9
    • Require Go 1.20 when building for RedHat derivatives
    • Drop EnvironmentFile from the service definition
    • Explicitly unset $ARGS environment variable. Setting environment variables should be done in drop-in systemd configuration files.
    • Drop go_nostrip macro. It is not needed with current binutils and Go.
    • Migrate from disabled to manual source service type
    • Drop BuildRequires: golang-packaging
    • Upgrade to version 1.0.8 (bsc#1227341)
      • Update prometheus/client_golang to version 1.19.1
      • Update x/net to version 0.23.0
    • Upgrade to version 1.0.7
      • Update protobuf to version 1.33.0
      • Update prometheus/client_golang to version 1.19.0
      • Update prometheus/common to version 0.46.0
      • Standardize landing page
    • Upgrade to version 1.0.6
      • Update prometheus/exporter-toolkit to version 0.11.0
      • Update prometheus/client_golang to version 1.18.0
      • Add User-Agent header
    • Upgrade to version 1.0.4
      • Update x/crypto to version 0.17.0
      • Update alecthomas/kingpin/v2 to version 2.4.0
      • Update prometheus/common to version 0.45.0
    • Upgrade to version 1.0.3
      • Update prometheus/client_golang to version 1.17.0
      • Update x/net 0.17.0
    • Upgrade to version 1.0.1
      • Update prometheus/exporter-toolkit to version 0.10.0
      • Update prometheus/common to version 0.44.0
      • Update prometheus/client_golang to version 1.16.0

golang-github-prometheus-promu:

  • Require Go >= 1.21 for building
  • Packaging improvements:
    • Drop export CGO_ENABLED='0'. Use the default unless there is a defined requirement or benefit (bsc#1230623).
  • Update to version 0.16.0:
    • Do not discover user/host for reproducible builds
    • Fix example/prometheus build error
  • Update to version 0.15.0:
    • Add linux/riscv64 to default platforms
    • Use yaml.Unmarshalstrict to validate configuration files

spacecmd:

  • Version 5.0.10-0
    • Speed up softwarechannelremovepackages (bsc#1227606)
    • Fix error in 'kickstartdelete' when using wildcards (bsc#1227578)
    • Spacecmd bootstrap now works with specified port (bsc#1229437)
    • Fix sls backup creation as directory with spacecmd (bsc#1230745)

uyuni-common-libs:

  • Version 5.0.5-0
    • Enforce directory permissions at repo-sync when creating directories (bsc#1229260)

uyuni-tools:

  • Version 0.1.23-0
    • Ensure namespace is defined in all kubernetes commands
    • Use SCC credentials to authenticate against registry.suse.com for kubernetes (bsc#1231157)
    • Fix namespace usage on mgrctl cp command
  • Version 0.1.22-0
    • Set projectId also for test packages/images
    • mgradm migration should not pull Confidential Computing and Hub image is replicas == 0 (bsc#1229432, bsc#1230136)
    • Do not allow SUSE Manager downgrade
    • Prevent completion issue when /var/log/uyuni-tools.log is missing
    • Fix proxy shared volume flag
    • During migration, exclude mgr-sync configuration file (bsc#1228685)
    • Migrate from PostgreSQL 14 to PostgreSQL 16 pg_hba.conf and postgresql.conf files (bsc#1231206)
    • During migration, handle empty autoinstallation path (bsc#1230285)
    • During migration, handle symlinks (bsc#1230288)
    • During migration, trust the remote sender's file list (bsc#1228424)
    • Use SCC flags during podman pull
    • Restore SELinux permission after migration (bsc#1229501)
    • Share volumes between containers (bsc#1223142)
    • Save supportconfig in current directory (bsc#1226759)
    • Fix error code handling on reinstallation (bsc#1230139)
    • Fix creating first user and organization
    • Add missing variable quotes for install vars (bsc#1229108)
    • Add API login and logout calls to allow persistent login

Changes that only impact SUSE Manager 4.3:

mgr-daemon:

  • Version 4.3.11-0
    • Update translation strings

spacewalk-client-tools:

  • Version 4.3.21-0
    • Update translation strings
References

Affected packages

SUSE:Manager Client Tools 12 / golang-github-lusitaniae-apache_exporter

Package

Name
golang-github-lusitaniae-apache_exporter
Purl
pkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Client%20Tools%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.8-1.24.3

Ecosystem specific

{
    "binaries": [
        {
            "python2-spacewalk-client-tools": "4.3.21-52.104.2",
            "mgrctl-bash-completion": "0.1.23-1.13.2",
            "golang-github-lusitaniae-apache_exporter": "1.0.8-1.24.3",
            "spacewalk-check": "4.3.21-52.104.2",
            "python2-spacewalk-client-setup": "4.3.21-52.104.2",
            "python2-uyuni-common-libs": "5.0.5-1.45.2",
            "golang-github-prometheus-promu": "0.16.0-1.21.3",
            "mgrctl-zsh-completion": "0.1.23-1.13.2",
            "mgrctl": "0.1.23-1.13.2",
            "mgr-daemon": "4.3.11-1.53.2",
            "spacewalk-client-tools": "4.3.21-52.104.2",
            "spacewalk-client-setup": "4.3.21-52.104.2",
            "python2-spacewalk-check": "4.3.21-52.104.2",
            "spacecmd": "5.0.10-38.150.2"
        }
    ]
}

SUSE:Manager Client Tools 12 / golang-github-prometheus-promu

Package

Name
golang-github-prometheus-promu
Purl
pkg:rpm/suse/golang-github-prometheus-promu&distro=SUSE%20Manager%20Client%20Tools%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.16.0-1.21.3

Ecosystem specific

{
    "binaries": [
        {
            "python2-spacewalk-client-tools": "4.3.21-52.104.2",
            "mgrctl-bash-completion": "0.1.23-1.13.2",
            "golang-github-lusitaniae-apache_exporter": "1.0.8-1.24.3",
            "spacewalk-check": "4.3.21-52.104.2",
            "python2-spacewalk-client-setup": "4.3.21-52.104.2",
            "python2-uyuni-common-libs": "5.0.5-1.45.2",
            "golang-github-prometheus-promu": "0.16.0-1.21.3",
            "mgrctl-zsh-completion": "0.1.23-1.13.2",
            "mgrctl": "0.1.23-1.13.2",
            "mgr-daemon": "4.3.11-1.53.2",
            "spacewalk-client-tools": "4.3.21-52.104.2",
            "spacewalk-client-setup": "4.3.21-52.104.2",
            "python2-spacewalk-check": "4.3.21-52.104.2",
            "spacecmd": "5.0.10-38.150.2"
        }
    ]
}

SUSE:Manager Client Tools 12 / mgr-daemon

Package

Name
mgr-daemon
Purl
pkg:rpm/suse/mgr-daemon&distro=SUSE%20Manager%20Client%20Tools%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.11-1.53.2

Ecosystem specific

{
    "binaries": [
        {
            "python2-spacewalk-client-tools": "4.3.21-52.104.2",
            "mgrctl-bash-completion": "0.1.23-1.13.2",
            "golang-github-lusitaniae-apache_exporter": "1.0.8-1.24.3",
            "spacewalk-check": "4.3.21-52.104.2",
            "python2-spacewalk-client-setup": "4.3.21-52.104.2",
            "python2-uyuni-common-libs": "5.0.5-1.45.2",
            "golang-github-prometheus-promu": "0.16.0-1.21.3",
            "mgrctl-zsh-completion": "0.1.23-1.13.2",
            "mgrctl": "0.1.23-1.13.2",
            "mgr-daemon": "4.3.11-1.53.2",
            "spacewalk-client-tools": "4.3.21-52.104.2",
            "spacewalk-client-setup": "4.3.21-52.104.2",
            "python2-spacewalk-check": "4.3.21-52.104.2",
            "spacecmd": "5.0.10-38.150.2"
        }
    ]
}

SUSE:Manager Client Tools 12 / spacecmd

Package

Name
spacecmd
Purl
pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.0.10-38.150.2

Ecosystem specific

{
    "binaries": [
        {
            "python2-spacewalk-client-tools": "4.3.21-52.104.2",
            "mgrctl-bash-completion": "0.1.23-1.13.2",
            "golang-github-lusitaniae-apache_exporter": "1.0.8-1.24.3",
            "spacewalk-check": "4.3.21-52.104.2",
            "python2-spacewalk-client-setup": "4.3.21-52.104.2",
            "python2-uyuni-common-libs": "5.0.5-1.45.2",
            "golang-github-prometheus-promu": "0.16.0-1.21.3",
            "mgrctl-zsh-completion": "0.1.23-1.13.2",
            "mgrctl": "0.1.23-1.13.2",
            "mgr-daemon": "4.3.11-1.53.2",
            "spacewalk-client-tools": "4.3.21-52.104.2",
            "spacewalk-client-setup": "4.3.21-52.104.2",
            "python2-spacewalk-check": "4.3.21-52.104.2",
            "spacecmd": "5.0.10-38.150.2"
        }
    ]
}

SUSE:Manager Client Tools 12 / spacewalk-client-tools

Package

Name
spacewalk-client-tools
Purl
pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Client%20Tools%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.21-52.104.2

Ecosystem specific

{
    "binaries": [
        {
            "python2-spacewalk-client-tools": "4.3.21-52.104.2",
            "mgrctl-bash-completion": "0.1.23-1.13.2",
            "golang-github-lusitaniae-apache_exporter": "1.0.8-1.24.3",
            "spacewalk-check": "4.3.21-52.104.2",
            "python2-spacewalk-client-setup": "4.3.21-52.104.2",
            "python2-uyuni-common-libs": "5.0.5-1.45.2",
            "golang-github-prometheus-promu": "0.16.0-1.21.3",
            "mgrctl-zsh-completion": "0.1.23-1.13.2",
            "mgrctl": "0.1.23-1.13.2",
            "mgr-daemon": "4.3.11-1.53.2",
            "spacewalk-client-tools": "4.3.21-52.104.2",
            "spacewalk-client-setup": "4.3.21-52.104.2",
            "python2-spacewalk-check": "4.3.21-52.104.2",
            "spacecmd": "5.0.10-38.150.2"
        }
    ]
}

SUSE:Manager Client Tools 12 / uyuni-common-libs

Package

Name
uyuni-common-libs
Purl
pkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Client%20Tools%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.0.5-1.45.2

Ecosystem specific

{
    "binaries": [
        {
            "python2-spacewalk-client-tools": "4.3.21-52.104.2",
            "mgrctl-bash-completion": "0.1.23-1.13.2",
            "golang-github-lusitaniae-apache_exporter": "1.0.8-1.24.3",
            "spacewalk-check": "4.3.21-52.104.2",
            "python2-spacewalk-client-setup": "4.3.21-52.104.2",
            "python2-uyuni-common-libs": "5.0.5-1.45.2",
            "golang-github-prometheus-promu": "0.16.0-1.21.3",
            "mgrctl-zsh-completion": "0.1.23-1.13.2",
            "mgrctl": "0.1.23-1.13.2",
            "mgr-daemon": "4.3.11-1.53.2",
            "spacewalk-client-tools": "4.3.21-52.104.2",
            "spacewalk-client-setup": "4.3.21-52.104.2",
            "python2-spacewalk-check": "4.3.21-52.104.2",
            "spacecmd": "5.0.10-38.150.2"
        }
    ]
}

SUSE:Manager Client Tools 12 / uyuni-tools

Package

Name
uyuni-tools
Purl
pkg:rpm/suse/uyuni-tools&distro=SUSE%20Manager%20Client%20Tools%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.1.23-1.13.2

Ecosystem specific

{
    "binaries": [
        {
            "python2-spacewalk-client-tools": "4.3.21-52.104.2",
            "mgrctl-bash-completion": "0.1.23-1.13.2",
            "golang-github-lusitaniae-apache_exporter": "1.0.8-1.24.3",
            "spacewalk-check": "4.3.21-52.104.2",
            "python2-spacewalk-client-setup": "4.3.21-52.104.2",
            "python2-uyuni-common-libs": "5.0.5-1.45.2",
            "golang-github-prometheus-promu": "0.16.0-1.21.3",
            "mgrctl-zsh-completion": "0.1.23-1.13.2",
            "mgrctl": "0.1.23-1.13.2",
            "mgr-daemon": "4.3.11-1.53.2",
            "spacewalk-client-tools": "4.3.21-52.104.2",
            "spacewalk-client-setup": "4.3.21-52.104.2",
            "python2-spacewalk-check": "4.3.21-52.104.2",
            "spacecmd": "5.0.10-38.150.2"
        }
    ]
}