drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in SUSE Manager Server 4.1
Name: |
Mehrere Probleme in SUSE Manager Server 4.1 |
|
ID: |
SUSE-SU-2022:2145-1 |
|
Distribution: |
SUSE |
|
Plattformen: |
SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Server 4.1 |
|
Datum: |
Di, 21. Juni 2022, 23:39 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21724
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21952
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21698
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26520
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31248 |
|
Applikationen: |
SUSE Manager Server 4.1 |
|
Originalnachricht |
SUSE Security Update: Security update for SUSE Manager Server 4.1 ______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2145-1 Rating: important References: #1173527 #1182742 #1189501 #1190535 #1191143 #1192850 #1193032 #1193238 #1193707 #1194262 #1194447 #1194594 #1194909 #1195561 #1196067 #1196338 #1196407 #1196702 #1196704 #1197356 #1197429 #1197438 #1197488 #1198221 #1198356 #1198686 #1198914 #1199036 #1199142 #1199149 #1199512 #1199528 #1199577 #1199629 #1199677 #1199888 #1200212 #1200606 SLE-24238 SLE-24239 Cross-References: CVE-2022-21698 CVE-2022-21724 CVE-2022-21952 CVE-2022-26520 CVE-2022-31248 CVSS scores: CVE-2022-21698 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-21698 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-21724 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-21724 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2022-26520 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26520 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2022-31248 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________
An update that solves 5 vulnerabilities, contains two features and has 33 fixes is now available.
Description:
This update fixes the following issues:
golang-github-QubitProducts-exporter_exporter:
- Adapted to build on Enterprise Linux. - Fix build for RedHat 7 - Require Go >= 1.14 also for CentOS - Add support for CentOS - Replace %{?systemd_requires} with %{?systemd_ordering}
golang-github-lusitaniae-apache_exporter:
- Require building with Go 1.15 - Add %license macro for LICENSE file
golang-github-prometheus-node_exporter:
- CVE-2022-21698: Update vendor tarball with prometheus/client_golang 1.11.1 (bsc#1196338, jsc#SLE-24238, jsc#SLE-24239) - Update to 1.3.0 * [CHANGE] Add path label to rapl collector #2146 * [CHANGE] Exclude filesystems under /run/credentials #2157 * [CHANGE] Add TCPTimeouts to netstat default filter #2189 * [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771 * [FEATURE] Add darwin powersupply collector #1777 * [FEATURE] Add support for monitoring GPUs on Linux #1998 * [FEATURE] Add Darwin thermal collector #2032 * [FEATURE] Add os release collector #2094 * [FEATURE] Add netdev.address-info collector #2105 * [FEATURE] Add clocksource metrics to time collector #2197 * [ENHANCEMENT] Support glob textfile collector directories #1985 * [ENHANCEMENT] ethtool: Expose node_ethtool_info metric #2080 * [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165 * [ENHANCEMENT] Add flag to disable guest CPU metrics #2123 * [ENHANCEMENT] Add DMI collector #2131 * [ENHANCEMENT] Add threads metrics to processes collector #2164 * [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector #2169 * [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189 * [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208 * [BUGFIX] ethtool: Sanitize metric names #2093 * [BUGFIX] Fix ethtool collector for multiple interfaces #2126 * [BUGFIX] Fix possible panic on macOS #2133 * [BUGFIX] Collect flag_info and bug_info only for one core #2156 * [BUGFIX] Prevent duplicate ethtool metric names #2187 - Update to 1.2.2 * Bug fixes Fix processes collector long int parsing #2112 - Update to 1.2.1 * Removed Remove obsolete capture permission denied error patch already included upstream Fix zoneinfo parsing prometheus/procfs#386 Fix nvme collector log noise #2091 Fix rapl collector log noise #2092 - Update to 1.2.0 * Changes Rename filesystem collector flags to match other collectors #2012 Make node_exporter print usage to STDOUT #203 * Features Add conntrack statistics metrics #1155 Add ethtool stats collector #1832 Add flag to ignore network speed if it is unknown #1989 Add tapestats collector for Linux #2044 Add nvme collector #2062 * Enhancements Add ErrorLog plumbing to promhttp #1887 Add more Infiniband counters #2019 netclass: retrieve interface names and filter before parsing #2033 Add time zone offset metric #2060 Handle errors from disabled PSI subsystem #1983 Fix panic when using backwards compatible flags #2000 Fix wrong value for OpenBSD memory buffer cache #2015 Only initiate collectors once #2048 Handle small backwards jumps in CPU idle #2067 - Capture permission denied error for "energy_uj" file (bsc#1190535)
patterns-suse-manager:
- Golang-github-wrouesnel-postgres_exporter was renamed to prometheus-postgres_exporter
postgresql-jdbc:
- CVE-2022-26520: Address Arbitrary File Write Vulnerability (bsc#1197356) - CVE-2022-21724: Address unchecked class instantiation when loading plugins based on class names (bsc#1195561)
prometheus-exporters-formula:
- Version 0.9.5 * Postgres exporter package was renamed for Red Hat - Version 0.9.4 * Postgres exporter package was renamed for SUSE Linux Enterprise Server and openSUSE
prometheus-formula:
- Version 0.3.7 * Allow prometheus-formula only for SUSE systems (bsc#1199149)
py27-compat-salt:
- Remove redundant overrides causing confusing DEBUG logging (bsc#1189501)
spacecmd:
- Version 4.1.18-1 * implement system.bootstrap (bsc#1194909)
spacewalk-backend:
- Version 4.1.31-1 * Fix traceback on calling spacewalk-repo-sync --show-packages (bsc#1193238) * Fix virt_notify SQL syntax error (bsc#1199528) * Do not raise error on file:// based DEB repo when looking for alternative Release files (bsc#1199142) * Improve parsing deb packages dependencies (bsc#1194594) * Fix reposync update notice formatting and date parsing (bsc#1194447) * implement more decompression algorithms for reposync (bsc#1196704)
spacewalk-java:
- Version 4.1.46-1 * Fix changelog to include the reference to CVE-2022-31248 - Version 4.1.45-1 * CVE-2022-31248: User enumeration via weak error message (bsc#1199629) * CVE-2022-21952: Unauthenticated remote Denial of Service via resource exhaustion. (bsc#1199512) * During re-activation, recalculate grains if contact method has been changed (bsc#1199677) * autoinstallation: missing whitespace after install URL (bsc#1199888) * Change system details lock tab name to lock/unlock (bsc#1193032) * Set profile tag has no-mandatory in XCCDF result (bsc#1194262) * Added a notification to inform the administrators about the product end-of-life * provisioning thought proxy should use proxy for self_update (bsc#1199036) * Allow removing duplicated packages names in the same Salt action (bsc#1198686) * Fix ACL rules for config diff download for SLS files (bsc#1198914) * fix invalid link to action schedule * Redesign the auto errata task to schedule combined actions (bsc#1197429) * detect free products in Alpha and Beta stage and prevent checks on openSUSE products (bsc#1197488) * Optimize adding new products function (bsc#1193707) * change directory owner and permissions only when needed * Fixed broken help link for system overview * Finding empty profiles by mac address must be case insensitive (bsc#1196407) * generate the system ssh key when bootstrapping a salt-ssh client (bsc#1194909)
spacewalk-setup:
- Version 4.1.11-1 * spacewalk-setup-cobbler assumes /etc/apache2/conf.d now as a default instead of /etc/httpd/conf.d (bsc#1198356)
spacewalk-utils:
- Version 4.1.20-1 * spacewalk-hostname-rename now correctly replaces the hostname for the mgr-sync configuration file (bsc#1198356) * spacewalk-hostname-rename now utilizes the "--apache2-conf-dir" flag for spacewalk-setup-cobbler (bsc#1198356)
spacewalk-web:
- Version 4.1.34-1 * Update Web UI version to 4.1.15 - Version 4.1.33-1 * Added support for end of life notifications
subscription-matcher:
- Version 0.28 * Support both antlr3-java and antlr3-runtime as dependencies * Make it obvious that log4j12 is used
susemanager:
- version 4.1.36-1 * Add python3-contextvars and python3-immutables to missing bootstrap repos (bsc#1200606) - version 4.1.35-1 * Add python3-gnupg to bootstrap repo definition for Ubuntu 20.04 (bsc#1200212) - Version 4.1.34-1 * mgr-sync: Raise a proper exception when duplicated lines exist in a config file (bsc#1182742) * fix SLE15 bootstrap repo definition (bsc#1197438) * Add SLES15SP4 and SUMA Proxy 4.3 to bootstrap repo definitions (bsc#1196702) * Add missing dependencies for Salt 3004 into bootstrap repository for SLE15 family (bsc#1198221)
susemanager-doc-indexes:
- The Large deployments Guide now includes a mention of the proxy (bsc#1199577) - In the Administration Guide, documented that monitoring tools are now available on SUSE Linux Enterprise 12, 15 and openSUSE Leap 15, however, Grafana is not available on Proxy (bsc#1191143) - In the Administration Guide, renamed the golang-github-wrouesnel-postgres_exporter to prometheus-postgres_exporter - In the Client Configuration and Retail Guides clarified that mandatory channels are automatically checked (bsc#1173527) - In the Client Configuration Guide, marked Yomi as unsupported on SUSE Linux Enterprise Server 11 and 12 - Clarified channel label name in Registering Clients with RHUI section of the Client Configuration Guide (bsc#1196067)
susemanager-docs_en:
- The Large deployments Guide now includes a mention of the proxy (bsc#1199577) - In the Administration Guide, documented that monitoring tools are now available on SUSE Linux Enterprise 12, 15 and openSUSE Leap 15, however, Grafana is not available on Proxy (bsc#1191143) - In the Administration Guide, renamed the golang-github-wrouesnel-postgres_exporter to prometheus-postgres_exporter - In the Client Configuration and Retail Guides clarified that mandatory channels are automatically checked (bsc#1173527) - In the Client Configuration Guide, marked Yomi as unsupported on SUSE Linux Enterprise Server 11 and 12 - Clarified channel label name in Registering Clients with RHUI section of the Client Configuration Guide (bsc#1196067)
susemanager-schema:
- Version 4.1.26-1 * add schema update directory from 4.1.25 to 4.1.26
susemanager-sls:
- version 4.1.36-1 * Prevent possible tracebacks on calling module.run from mgrcompat by setting proper globals with using LazyLoader
- Version 4.1.35-1 * Add support to packages.pkgremove to deal with duplicated pkg names (bsc#1198686) * Fix bootstrap repository path resolution for Oracle Linux * Fix deprecated warning when getting pillar data (bsc#1192850) * fixing how the return code is returned in mgrutil runner (bsc#1194909)
How to apply this update:
1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start`
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-2145=1
Package List:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (ppc64le s390x x86_64):
golang-github-QubitProducts-exporter_exporter-0.4.0-150200.6.12.2 golang-github-lusitaniae-apache_exporter-0.7.0-150200.2.6.2 golang-github-lusitaniae-apache_exporter-debuginfo-0.7.0-150200.2.6.2 golang-github-prometheus-node_exporter-1.3.0-150200.3.9.3 patterns-suma_retail-4.1-150200.6.12.2 patterns-suma_server-4.1-150200.6.12.2 susemanager-4.1.36-150200.3.52.1 susemanager-tools-4.1.36-150200.3.52.1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch):
postgresql-jdbc-42.2.10-150200.3.8.2 prometheus-exporters-formula-0.9.5-150200.3.31.2 prometheus-formula-0.3.7-150200.3.21.2 py27-compat-salt-3000.3-150200.6.24.2 spacecmd-4.1.18-150200.4.39.3 spacewalk-backend-4.1.31-150200.4.50.4 spacewalk-backend-app-4.1.31-150200.4.50.4 spacewalk-backend-applet-4.1.31-150200.4.50.4 spacewalk-backend-config-files-4.1.31-150200.4.50.4 spacewalk-backend-config-files-common-4.1.31-150200.4.50.4 spacewalk-backend-config-files-tool-4.1.31-150200.4.50.4 spacewalk-backend-iss-4.1.31-150200.4.50.4 spacewalk-backend-iss-export-4.1.31-150200.4.50.4 spacewalk-backend-package-push-server-4.1.31-150200.4.50.4 spacewalk-backend-server-4.1.31-150200.4.50.4 spacewalk-backend-sql-4.1.31-150200.4.50.4 spacewalk-backend-sql-postgresql-4.1.31-150200.4.50.4 spacewalk-backend-tools-4.1.31-150200.4.50.4 spacewalk-backend-xml-export-libs-4.1.31-150200.4.50.4 spacewalk-backend-xmlrpc-4.1.31-150200.4.50.4 spacewalk-base-4.1.34-150200.3.47.6 spacewalk-base-minimal-4.1.34-150200.3.47.6 spacewalk-base-minimal-config-4.1.34-150200.3.47.6 spacewalk-html-4.1.34-150200.3.47.6 spacewalk-java-4.1.46-150200.3.71.5 spacewalk-java-config-4.1.46-150200.3.71.5 spacewalk-java-lib-4.1.46-150200.3.71.5 spacewalk-java-postgresql-4.1.46-150200.3.71.5 spacewalk-setup-4.1.11-150200.3.18.2 spacewalk-taskomatic-4.1.46-150200.3.71.5 spacewalk-utils-4.1.20-150200.3.30.2 spacewalk-utils-extras-4.1.20-150200.3.30.2 subscription-matcher-0.28-150200.3.15.2 susemanager-doc-indexes-4.1-150200.11.55.4 susemanager-docs_en-4.1-150200.11.55.2 susemanager-docs_en-pdf-4.1-150200.11.55.2 susemanager-schema-4.1.26-150200.3.45.4 susemanager-sls-4.1.36-150200.3.64.2 susemanager-web-libs-4.1.34-150200.3.47.6 uyuni-config-modules-4.1.36-150200.3.64.2
References:
https://www.suse.com/security/cve/CVE-2022-21698.html https://www.suse.com/security/cve/CVE-2022-21724.html https://www.suse.com/security/cve/CVE-2022-21952.html https://www.suse.com/security/cve/CVE-2022-26520.html https://www.suse.com/security/cve/CVE-2022-31248.html https://bugzilla.suse.com/1173527 https://bugzilla.suse.com/1182742 https://bugzilla.suse.com/1189501 https://bugzilla.suse.com/1190535 https://bugzilla.suse.com/1191143 https://bugzilla.suse.com/1192850 https://bugzilla.suse.com/1193032 https://bugzilla.suse.com/1193238 https://bugzilla.suse.com/1193707 https://bugzilla.suse.com/1194262 https://bugzilla.suse.com/1194447 https://bugzilla.suse.com/1194594 https://bugzilla.suse.com/1194909 https://bugzilla.suse.com/1195561 https://bugzilla.suse.com/1196067 https://bugzilla.suse.com/1196338 https://bugzilla.suse.com/1196407 https://bugzilla.suse.com/1196702 https://bugzilla.suse.com/1196704 https://bugzilla.suse.com/1197356 https://bugzilla.suse.com/1197429 https://bugzilla.suse.com/1197438 https://bugzilla.suse.com/1197488 https://bugzilla.suse.com/1198221 https://bugzilla.suse.com/1198356 https://bugzilla.suse.com/1198686 https://bugzilla.suse.com/1198914 https://bugzilla.suse.com/1199036 https://bugzilla.suse.com/1199142 https://bugzilla.suse.com/1199149 https://bugzilla.suse.com/1199512 https://bugzilla.suse.com/1199528 https://bugzilla.suse.com/1199577 https://bugzilla.suse.com/1199629 https://bugzilla.suse.com/1199677 https://bugzilla.suse.com/1199888 https://bugzilla.suse.com/1200212 https://bugzilla.suse.com/1200606
|
|
|
|