SUSE-SU-2024:4019-1

Source
https://www.suse.com/support/update/announcement/2024/suse-su-20244019-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:4019-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2024:4019-1
Related
Published
2024-11-18T13:24:46Z
Modified
2024-11-18T13:24:46Z
Summary
Security update for SUSE Manager Client Tools
Details

This update fixes the following issues:

golang-github-lusitaniae-apache_exporter was updated from version 1.0.1 to 1.0.8:

  • Security issues fixed:

    • CVE-2023-3978: Fixed security bug in x/net dependency in version 1.0.2 (bsc#1213933)
  • Bugs fixed:

    • Require Go 1.20 when building for RedHat derivatives
    • Version 1.0.8 (bsc#1227341):

      • Update prometheus/client_golang to version 1.19.1
      • Update x/net to version 0.23.0
    • Version 1.0.7:

      • Update protobuf to version 1.33.0
      • Update prometheus/client_golang to version 1.19.0
      • Update prometheus/common to version 0.46.0
      • Standardize landing page
    • Version 1.0.6:

      • Update prometheus/exporter-toolkit to version 0.11.0
      • Update prometheus/client_golang to version 1.18.0
      • Added User-Agent header
    • Version 1.0.4:

      • Update x/crypto to version 0.17.0
      • Update alecthomas/kingpin/v2 to version 2.4.0
      • Update prometheus/common to version 0.45.0
    • Version 1.0.3:

      • Update prometheus/client_golang to version 1.17.0
      • Update x/net 0.17.0
    • Version 1.0.1:

      • Update prometheus/exporter-toolkit to version 0.10.0
      • Update prometheus/common to version 0.44.0
      • Update prometheus/client_golang to version 1.16.0

scap-security-guide was updated from version 0.1.73 to 0.1.74:

  • Version 0.1.74 (jsc#ECO-3319):

    • Added Amazon Linux 2023 product
    • Introduce new remediation type Kickstart
    • Make PAM macros more flexible to variables
    • Remove Debian 10 Product
    • Remove Red Hat Enterprise Linux 7 product
    • Update CIS RHEL9 control file to v2.0.0

spacecmd was updated from version 5.0.9-0 to 5.0.10-0:

  • Version 5.0.10-0:

    • Speed up softwarechannel_removepackages (bsc#1227606)
    • Fixed error in 'kickstart_delete' when using wildcards (bsc#1227578)
    • Spacecmd bootstrap now works with specified port (bsc#1229437)
    • Fixed sls backup creation as directory with spacecmd (bsc#1230745)

uyuni-tools was updated from version 0.1.21-0 to 0.1.23-0:

  • Version 0.1.23-0:

    • Ensure namespace is defined in all kubernetes commands
    • Use SCC credentials to authenticate against registry.suse.com for kubernetes (bsc#1231157)
    • Fixed namespace usage on mgrctl cp command
  • Version 0.1.22-0:

    • Set projectId also for test packages/images
    • mgradm migration should not pull Confidential Computing and Hub image is replicas == 0 (bsc#1229432, bsc#1230136)
    • Do not allow SUSE Manager downgrade
    • Prevent completion issue when /var/log/uyuni-tools.log is missing
    • Fixed proxy shared volume flag
    • During migration, exclude mgr-sync configuration file (bsc#1228685)
    • Migrate from PostgreSQL 14 to PostgreSQL 16 pg_hba.conf and postgresql.conf files (bsc#1231206)
    • During migration, handle empty autoinstallation path (bsc#1230285)
    • During migration, handle symlinks (bsc#1230288)
    • During migration, trust the remote sender's file list (bsc#1228424)
    • Use SCC flags during podman pull
    • Restore SELinux permission after migration (bsc#1229501)
    • Share volumes between containers (bsc#1223142)
    • Save supportconfig in current directory (bsc#1226759)
    • Fixed error code handling on reinstallation (bsc#1230139)
    • Fixed creation of first user and organization
    • Added missing variable quotes for install vars (bsc#1229108)
    • Added API login and logout calls to allow persistent login
References

Affected packages

SUSE:EL-9:Update:Products:ManagerTools:Update / golang

Package

Name
golang
Purl
pkg:rpm/suse/golang&distro=SUSE:EL-9:Update:Products:ManagerTools:Update

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.20.12-1.3.1

Ecosystem specific

{
    "binaries": [
        {
            "golang": "1.20.12-1.3.1",
            "golang-src": "1.20.12-1.3.1",
            "golang-tests": "1.20.12-1.3.1",
            "golang-docs": "1.20.12-1.3.1",
            "golang-github-lusitaniae-apache_exporter": "1.0.8-1.14.1",
            "mgrctl-bash-completion": "0.1.23-1.11.1",
            "scap-security-guide-debian": "0.1.74-1.29.1",
            "mgrpxy": "0.1.23-1.11.1",
            "mgrpxy-zsh-completion": "0.1.23-1.11.1",
            "golang-misc": "1.20.12-1.3.1",
            "golang-bin": "1.20.12-1.3.1",
            "mgrpxy-bash-completion": "0.1.23-1.11.1",
            "mgrctl-zsh-completion": "0.1.23-1.11.1",
            "mgrctl": "0.1.23-1.11.1",
            "mgradm-zsh-completion": "0.1.23-1.11.1",
            "scap-security-guide-redhat": "0.1.74-1.29.1",
            "mgradm": "0.1.23-1.11.1",
            "mgradm-bash-completion": "0.1.23-1.11.1",
            "scap-security-guide": "0.1.74-1.29.1",
            "scap-security-guide-ubuntu": "0.1.74-1.29.1",
            "spacecmd": "5.0.10-1.41.1"
        }
    ]
}

SUSE:EL-9:Update:Products:ManagerTools:Update / golang-github-lusitaniae-apache_exporter

Package

Name
golang-github-lusitaniae-apache_exporter
Purl
pkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE:EL-9:Update:Products:ManagerTools:Update

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.8-1.14.1

Ecosystem specific

{
    "binaries": [
        {
            "golang": "1.20.12-1.3.1",
            "golang-src": "1.20.12-1.3.1",
            "golang-tests": "1.20.12-1.3.1",
            "golang-docs": "1.20.12-1.3.1",
            "golang-github-lusitaniae-apache_exporter": "1.0.8-1.14.1",
            "mgrctl-bash-completion": "0.1.23-1.11.1",
            "scap-security-guide-debian": "0.1.74-1.29.1",
            "mgrpxy": "0.1.23-1.11.1",
            "mgrpxy-zsh-completion": "0.1.23-1.11.1",
            "golang-misc": "1.20.12-1.3.1",
            "golang-bin": "1.20.12-1.3.1",
            "mgrpxy-bash-completion": "0.1.23-1.11.1",
            "mgrctl-zsh-completion": "0.1.23-1.11.1",
            "mgrctl": "0.1.23-1.11.1",
            "mgradm-zsh-completion": "0.1.23-1.11.1",
            "scap-security-guide-redhat": "0.1.74-1.29.1",
            "mgradm": "0.1.23-1.11.1",
            "mgradm-bash-completion": "0.1.23-1.11.1",
            "scap-security-guide": "0.1.74-1.29.1",
            "scap-security-guide-ubuntu": "0.1.74-1.29.1",
            "spacecmd": "5.0.10-1.41.1"
        }
    ]
}

SUSE:EL-9:Update:Products:ManagerTools:Update / scap-security-guide

Package

Name
scap-security-guide
Purl
pkg:rpm/suse/scap-security-guide&distro=SUSE:EL-9:Update:Products:ManagerTools:Update

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.1.74-1.29.1

Ecosystem specific

{
    "binaries": [
        {
            "golang": "1.20.12-1.3.1",
            "golang-src": "1.20.12-1.3.1",
            "golang-tests": "1.20.12-1.3.1",
            "golang-docs": "1.20.12-1.3.1",
            "golang-github-lusitaniae-apache_exporter": "1.0.8-1.14.1",
            "mgrctl-bash-completion": "0.1.23-1.11.1",
            "scap-security-guide-debian": "0.1.74-1.29.1",
            "mgrpxy": "0.1.23-1.11.1",
            "mgrpxy-zsh-completion": "0.1.23-1.11.1",
            "golang-misc": "1.20.12-1.3.1",
            "golang-bin": "1.20.12-1.3.1",
            "mgrpxy-bash-completion": "0.1.23-1.11.1",
            "mgrctl-zsh-completion": "0.1.23-1.11.1",
            "mgrctl": "0.1.23-1.11.1",
            "mgradm-zsh-completion": "0.1.23-1.11.1",
            "scap-security-guide-redhat": "0.1.74-1.29.1",
            "mgradm": "0.1.23-1.11.1",
            "mgradm-bash-completion": "0.1.23-1.11.1",
            "scap-security-guide": "0.1.74-1.29.1",
            "scap-security-guide-ubuntu": "0.1.74-1.29.1",
            "spacecmd": "5.0.10-1.41.1"
        }
    ]
}

SUSE:EL-9:Update:Products:ManagerTools:Update / spacecmd

Package

Name
spacecmd
Purl
pkg:rpm/suse/spacecmd&distro=SUSE:EL-9:Update:Products:ManagerTools:Update

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.0.10-1.41.1

Ecosystem specific

{
    "binaries": [
        {
            "golang": "1.20.12-1.3.1",
            "golang-src": "1.20.12-1.3.1",
            "golang-tests": "1.20.12-1.3.1",
            "golang-docs": "1.20.12-1.3.1",
            "golang-github-lusitaniae-apache_exporter": "1.0.8-1.14.1",
            "mgrctl-bash-completion": "0.1.23-1.11.1",
            "scap-security-guide-debian": "0.1.74-1.29.1",
            "mgrpxy": "0.1.23-1.11.1",
            "mgrpxy-zsh-completion": "0.1.23-1.11.1",
            "golang-misc": "1.20.12-1.3.1",
            "golang-bin": "1.20.12-1.3.1",
            "mgrpxy-bash-completion": "0.1.23-1.11.1",
            "mgrctl-zsh-completion": "0.1.23-1.11.1",
            "mgrctl": "0.1.23-1.11.1",
            "mgradm-zsh-completion": "0.1.23-1.11.1",
            "scap-security-guide-redhat": "0.1.74-1.29.1",
            "mgradm": "0.1.23-1.11.1",
            "mgradm-bash-completion": "0.1.23-1.11.1",
            "scap-security-guide": "0.1.74-1.29.1",
            "scap-security-guide-ubuntu": "0.1.74-1.29.1",
            "spacecmd": "5.0.10-1.41.1"
        }
    ]
}

SUSE:EL-9:Update:Products:ManagerTools:Update / uyuni-tools

Package

Name
uyuni-tools
Purl
pkg:rpm/suse/uyuni-tools&distro=SUSE:EL-9:Update:Products:ManagerTools:Update

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.1.23-1.11.1

Ecosystem specific

{
    "binaries": [
        {
            "golang": "1.20.12-1.3.1",
            "golang-src": "1.20.12-1.3.1",
            "golang-tests": "1.20.12-1.3.1",
            "golang-docs": "1.20.12-1.3.1",
            "golang-github-lusitaniae-apache_exporter": "1.0.8-1.14.1",
            "mgrctl-bash-completion": "0.1.23-1.11.1",
            "scap-security-guide-debian": "0.1.74-1.29.1",
            "mgrpxy": "0.1.23-1.11.1",
            "mgrpxy-zsh-completion": "0.1.23-1.11.1",
            "golang-misc": "1.20.12-1.3.1",
            "golang-bin": "1.20.12-1.3.1",
            "mgrpxy-bash-completion": "0.1.23-1.11.1",
            "mgrctl-zsh-completion": "0.1.23-1.11.1",
            "mgrctl": "0.1.23-1.11.1",
            "mgradm-zsh-completion": "0.1.23-1.11.1",
            "scap-security-guide-redhat": "0.1.74-1.29.1",
            "mgradm": "0.1.23-1.11.1",
            "mgradm-bash-completion": "0.1.23-1.11.1",
            "scap-security-guide": "0.1.74-1.29.1",
            "scap-security-guide-ubuntu": "0.1.74-1.29.1",
            "spacecmd": "5.0.10-1.41.1"
        }
    ]
}

SUSE:Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS / golang-github-lusitaniae-apache_exporter

Package

Name
golang-github-lusitaniae-apache_exporter
Purl
pkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Client%20Tools%20for%20RHEL,%20Liberty%20and%20Clones%209-CLIENT-TOOLS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.8-1.14.1

Ecosystem specific

{
    "binaries": [
        {
            "mgrctl-bash-completion": "0.1.23-1.11.1",
            "mgrctl": "0.1.23-1.11.1",
            "mgrctl-zsh-completion": "0.1.23-1.11.1",
            "golang-github-lusitaniae-apache_exporter": "1.0.8-1.14.1",
            "spacecmd": "5.0.10-1.41.1",
            "scap-security-guide-redhat": "0.1.74-1.29.1"
        }
    ]
}

SUSE:Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS / scap-security-guide

Package

Name
scap-security-guide
Purl
pkg:rpm/suse/scap-security-guide&distro=SUSE%20Manager%20Client%20Tools%20for%20RHEL,%20Liberty%20and%20Clones%209-CLIENT-TOOLS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.1.74-1.29.1

Ecosystem specific

{
    "binaries": [
        {
            "mgrctl-bash-completion": "0.1.23-1.11.1",
            "mgrctl": "0.1.23-1.11.1",
            "mgrctl-zsh-completion": "0.1.23-1.11.1",
            "golang-github-lusitaniae-apache_exporter": "1.0.8-1.14.1",
            "spacecmd": "5.0.10-1.41.1",
            "scap-security-guide-redhat": "0.1.74-1.29.1"
        }
    ]
}

SUSE:Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS / spacecmd

Package

Name
spacecmd
Purl
pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%20for%20RHEL,%20Liberty%20and%20Clones%209-CLIENT-TOOLS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.0.10-1.41.1

Ecosystem specific

{
    "binaries": [
        {
            "mgrctl-bash-completion": "0.1.23-1.11.1",
            "mgrctl": "0.1.23-1.11.1",
            "mgrctl-zsh-completion": "0.1.23-1.11.1",
            "golang-github-lusitaniae-apache_exporter": "1.0.8-1.14.1",
            "spacecmd": "5.0.10-1.41.1",
            "scap-security-guide-redhat": "0.1.74-1.29.1"
        }
    ]
}

SUSE:Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS / uyuni-tools

Package

Name
uyuni-tools
Purl
pkg:rpm/suse/uyuni-tools&distro=SUSE%20Manager%20Client%20Tools%20for%20RHEL,%20Liberty%20and%20Clones%209-CLIENT-TOOLS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.1.23-1.11.1

Ecosystem specific

{
    "binaries": [
        {
            "mgrctl-bash-completion": "0.1.23-1.11.1",
            "mgrctl": "0.1.23-1.11.1",
            "mgrctl-zsh-completion": "0.1.23-1.11.1",
            "golang-github-lusitaniae-apache_exporter": "1.0.8-1.14.1",
            "spacecmd": "5.0.10-1.41.1",
            "scap-security-guide-redhat": "0.1.74-1.29.1"
        }
    ]
}