drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in SUSE Manager Client Tools
| Name: |
Mehrere Probleme in SUSE Manager Client Tools |
|
| ID: |
SUSE-SU-2025:0525-1 |
|
| Distribution: |
SUSE |
|
| Plattformen: |
SUSE Linux Enterprise Micro 5.0, SUSE Linux Enterprise Micro 5.1, SUSE Linux Enterprise Server for SAP Applications 15, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise High Performance Computing 15, SUSE Linux Enterprise Desktop 15, SUSE Linux Enterprise Micro 5.2, SUSE Manager Proxy 4.3, SUSE Enterprise Storage 7.1, SUSE Manager Server 4.3, SUSE Manager Retail Branch Server 4.3, SUSE Linux Enterprise Micro 5.3, SUSE Linux Enterprise Real Time 15 SP4, SUSE Linux Enterprise High Performance Computing 15 SP3, SUSE Linux Enterprise Server for SAP Applications 15 SP1, SUSE Linux Enterprise High Performance Computing 15 SP4, SUSE Linux Enterprise Server 15 SP2, SUSE Linux Enterprise Server 15 SP4, SUSE Linux Enterprise High Performance Computing 15 SP1, SUSE Linux Enterprise Server 15 SP3, SUSE Linux Enterprise Desktop 15 SP4, SUSE Linux Enterprise Server for SAP Applications 15 SP2, SUSE Linux Enterprise Server for SAP Applications 15 SP4, SUSE Linux Enterprise Server 15 SP1, SUSE Linux Enterprise Server for SAP Applications 15 SP3, SUSE Linux Enterprise Real Time 15 SP3, SUSE Linux Enterprise High Performance Computing LTSS 15 SP3, SUSE Linux Enterprise High Performance Computing 15 SP2, SUSE Linux Enterprise Micro 5.4, SUSE Linux Enterprise Real Time 15 SP5, SUSE Linux Enterprise Real Time 15 SP1, SUSE Linux Enterprise Server for SAP Applications 15 SP5, SUSE Linux Enterprise Real Time 15 SP2, SUSE Linux Enterprise Desktop 15 SP3, SUSE Manager Client Tools for SLE 15, SUSE Manager Client Tools for SLE Micro 5, SUSE Linux Enterprise Server 15 SP5, SUSE Linux Enterprise Desktop 15 SP2, SUSE Linux Enterprise High Performance Computing 15 SP5, SUSE Linux Enterprise Desktop 15 SP5, SUSE Linux Enterprise Desktop 15 SP1, SUSE Linux Enterprise Micro 5.5, SUSE openSUSE Leap 15.5, SUSE openSUSE Leap 15.4, SUSE openSUSE Leap 15.3, SUSE Linux Enterprise High Performance Computing LTSS 15 SP4, SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4, SUSE Linux Enterprise Desktop 15 SP6, SUSE Linux Enterprise Server for SAP Applications 15 SP6, SUSE Linux Enterprise Server 15 SP6, SUSE Linux Enterprise Real Time 15 SP6, SUSE openSUSE Leap 15.6, SUSE Basesystem Module 15-SP6, SUSE Package Hub 15 15-SP6, SUSE Linux Enterprise Server 15 SP4 LTSS, SUSE Linux Enterprise Server 15 SP3 LTSS, SUSE Linux Enterprise High Performance Computing LTSS 15 SP5, SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5, SUSE Linux Enterprise Server 15 SP5 LTSS |
|
| Datum: |
Fr, 14. Februar 2025, 17:06 |
|
| Referenzen: |
https://www.cve.org/CVERecord?id=CVE-2023-3128
https://www.cve.org/CVERecord?id=CVE-2024-8118
https://www.cve.org/CVERecord?id=CVE-2024-45337
https://www.cve.org/CVERecord?id=CVE-2024-6837
https://www.cve.org/CVERecord?id=CVE-2024-51744
https://www.cve.org/CVERecord?id=CVE-2024-22037
https://www.cve.org/CVERecord?id=CVE-2023-6152 |
|
| Applikationen: |
SUSE Manager Client Tools |
|
Originalnachricht |
--===============3404946545198670988==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
# Security update for SUSE Manager Client Tools
Announcement ID: SUSE-SU-2025:0525-1
Release Date: 2025-02-14T07:19:20Z
Rating: moderate
References:
* bsc#1212641
* bsc#1219912
* bsc#1229079
* bsc#1229104
* bsc#1231024
* bsc#1231497
* bsc#1231568
* bsc#1231759
* bsc#1232575
* bsc#1232769
* bsc#1232817
* bsc#1232970
* bsc#1233202
* bsc#1233279
* bsc#1233630
* bsc#1233660
* bsc#1234123
* bsc#1234554
* bsc#1235145
* bsc#1236301
* jsc#MSQA-914
* jsc#PED-11591
* jsc#PED-11649
* jsc#SUMA-314
Cross-References:
* CVE-2023-3128
* CVE-2023-6152
* CVE-2024-22037
* CVE-2024-45337
* CVE-2024-51744
* CVE-2024-6837
* CVE-2024-8118
CVSS scores:
* CVE-2023-3128 ( SUSE ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
* CVE-2023-3128 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
* CVE-2023-3128 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6152 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
* CVE-2023-6152 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
* CVE-2023-6152 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
* CVE-2024-22037 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L
* CVE-2024-22037 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-22037 ( NVD ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-22037 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-45337 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-45337 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2024-51744 ( SUSE ): 2.1
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2024-51744 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2024-51744 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2024-6837 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2024-6837 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2024-8118 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
* CVE-2024-8118 ( NVD ): 5.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Affected Products:
* Basesystem Module 15-SP6
* openSUSE Leap 15.3
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15
* SUSE Linux Enterprise Desktop 15 SP1
* SUSE Linux Enterprise Desktop 15 SP2
* SUSE Linux Enterprise Desktop 15 SP3
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15
* SUSE Linux Enterprise High Performance Computing 15 SP1
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.0
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP1
* SUSE Linux Enterprise Real Time 15 SP2
* SUSE Linux Enterprise Real Time 15 SP3
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15
* SUSE Linux Enterprise Server 15 SP1
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Manager Client Tools for SLE 15
* SUSE Manager Client Tools for SLE Micro 5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
* SUSE Package Hub 15 15-SP6
An update that solves seven vulnerabilities, contains four features and has 13
security fixes can now be installed.
## Description:
This update fixes the following issues:
dracut-saltboot was updated to version 0.1.1728559936.c16d4fb:
* Added MAC based terminal naming option (jsc#SUMA-314)
golang-github-prometheus-prometheus was updated from version 2.45.6 to 2.53.3
(jsc#PED-11649):
* Security issues fixed:
* CVE-2024-51744: Updated golang-jwt to version 5.0 to fix bad error handling
(bsc#1232970)
* Highlights of other changes:
* Performance:
* Significant enhancements to PromQL execution speed, TSDB operations
(especially querying and compaction) and remote write operations.
* Default GOGC value lowered to 75 for better memory management.
* Option to limit memory usage from dropped targets added.
* New Features:
* Experimental OpenTelemetry ingestion.
* Automatic memory limit handling.
* Native histogram support, including new functions, UI enhancements, and
improved scraping.
* Improved alerting features, such as relabeling rules for
AlertmanagerConfig and a new query_offset option.
* Expanded service discovery options with added metadata and support for
new services.
* New promtool commands for PromQL formatting, label manipulation, metric
pushing, and OpenMetrics dumping.
* Bug Fixes:
* Numerous fixes across scraping, API, TSDB, PromQL, and service discovery.
* For a detailed list of changes consult the package changelog or
https://github.com/prometheus/prometheus/compare/v2.45.6...v2.53.3
grafana was updated from version 9.5.18 to 10.4.13
(jsc#PED-11591,jsc#PED-11649):
* Security issues fixed:
* CVE-2024-45337: Prevent possible misuse of ServerConfig.PublicKeyCallback
by
upgrading golang.org/x/crypto (bsc#1234554)
* CVE-2023-3128: Fixed authentication bypass using Azure AD OAuth
(bsc#1212641)
* CVE-2023-6152: Add email verification when updating user email
(bsc#1219912)
* CVE-2024-6837: Fixed potential data source permission escalation
(bsc#1236301)
* CVE-2024-8118: Fixed permission on external alerting rule write endpoint
(bsc#1231024)
* Potential breaking changes in version 10:
* In panels using the `extract fields` transformation, where one of the
extracted names collides with one of the already existing ields, the
extracted field will be renamed.
* For the existing backend mode users who have table visualization might see
some inconsistencies on their panels. We have updated the table column
naming. This will potentially affect field transformations and/or field
overrides. To resolve this either: update transformation or field override.
* For the existing backend mode users who have Transformations with the
`time`
field, might see their transformations are not working. Those panels that
have broken transformations will fail to render. This is because we changed
the field key. To resolve this either: Remove the affected panel and re-
create it; Select the `Time` field again; Edit the `time` field as `Time`
for transformation in `panel.json` or `dashboard.json`
* The following data source permission endpoints have been removed: `GET
/datasources/:datasourceId/permissions` `POST
/api/datasources/:datasourceId/permissions` `DELETE
/datasources/:datasourceId/permissions` `POST
/datasources/:datasourceId/enable-permissions` `POST
/datasources/:datasourceId/disable-permissions`
* Please use the following endpoints instead: `GET
/api/access-control/datasources/:uid` for listing data source permissions `POST /api/access-control/datasources/:uid/users/:id`, `POST /api/access-control/datasources/:uid/teams/:id` and `POST /api/access-control/datasources/:uid/buildInRoles/:id` for adding or removing data source permissions
* If you are using Terraform Grafana provider to manage data source
permissions, you will need to upgrade your provider.
* For the existing backend mode users who have table visualization might see
some inconsistencies on their panels. We have updated the table column
naming. This will potentially affect field transformations and/or field
overrides.
* The deprecated `/playlists/{uid}/dashboards` API endpoint has been removed.
Dashboard information can be retrieved from the `/dashboard/...` APIs.
* The `PUT /api/folders/:uid` endpoint no more supports modifying the
folder's
`UID`
* Removed all components for the old panel header design.
* Please review https://grafana.com/docs/grafana/next/breaking-
changes/breaking-changes-v10-3/ for more details
* OAuth role mapping enforcement: This change impacts GitHub, Gitlab, Okta,
and Generic OAuth. To avoid overriding manually set roles, enable the
skip_org_role_sync option in the Grafana configuration for your OAuth
provider before upgrading
* Angular has been deprecated
* Grafana legacy alerting has been deprecated
* API keys are migrating to service accounts
* The experimental “dashboard previews” feature is removed
* Usernames are now case-insensitive by default
* Grafana OAuth integrations do not work anymore with email lookups
* The “Alias” field in the CloudWatch data source is removed
* Athena data source plugin must be updated to version >=2.9.3
* Redshift data source plugin must be updated to version >=1.8.3
* DoiT International BigQuery plugin no longer supported
* Please review https://grafana.com/docs/grafana/next/breaking-
changes/breaking-changes-v10-0 for more details
* This update brings many new features, enhancements and fixes highlighted
at:
* https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-4/
* https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-3/
* https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-2/
* https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-1/
* https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-0/:
spacecmd was updated to version 5.0.11-0:
* Updated translation strings
supportutils-plugin-salt was updated to version 1.2.3:
* Adjusted requirements for plugin to allow compatibility with supportutils
3.2.9 release (bsc#1235145)
* Provide backwards-compatible scripts version
supportutils-plugin-susemanager-client was updated to version 5.0.4-0:
* Adjusted requirements for plugin to allow compatibility with supportutils
3.2.9 release (bsc#1235145)
uyuni-tools was updated from version 0.1.23-0 to 0.1.27-0:
* Security issues fixed:
* CVE-2024-22037: Use podman secret to store the database credentials
(bsc#1231497)
* Other changes and bugs fixed:
* Version 0.1.27-0
* Bump the default image tag to 5.0.3
* IsInstalled function fix
* Run systemctl daemon-reload after changing the container image config
(bsc#1233279)
* Coco-replicas-upgrade
* Persist search server indexes (bsc#1231759)
* Sync deletes files during migration (bsc#1233660)
* Ignore coco and hub images when applying PTF if they are not ailable
(bsc#1229079)
* Add --registry back to mgrpxy (bsc#1233202)
* Only add java.hostname on migrated server if not present
* Consider the configuration file to detect the coco or hub api images
should be pulled (bsc#1229104)
* Only raise an error if cloudguestregistryauth fails for PAYG
(bsc#1233630)
* Add registry.suse.com login to mgradm upgrade podman list (bsc#1234123)
* Version 0.1.26-0
* Ignore all zypper caches during migration (bsc#1232769)
* Use the uyuni network for all podman containers (bsc#1232817)
* Version 0.1.25-0
* Don't migrate enabled systemd services, recreate them (bsc#1232575)
* Version 0.1.24-0
* Redact JSESSIONID and pxt-session-cookie values from logs and console
output (bsc#1231568)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-525=1
* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-525=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-525=1
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-525=1
* SUSE Manager Client Tools for SLE 15
zypper in -t patch SUSE-SLE-Manager-Tools-15-2025-525=1
* SUSE Manager Client Tools for SLE Micro 5
zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2025-525=1
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-525=1
* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-525=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-525=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-525=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-525=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-525=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-525=1
* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-525=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-525=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-525=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-525=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-525=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-525=1
* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-525=1
## Package List:
* SUSE Manager Retail Branch Server 4.3 (noarch)
* supportutils-plugin-salt-1.2.3-150000.3.16.1
* SUSE Manager Server 4.3 (noarch)
* supportutils-plugin-salt-1.2.3-150000.3.16.1
* SUSE Enterprise Storage 7.1 (noarch)
* supportutils-plugin-salt-1.2.3-150000.3.16.1
* openSUSE Leap 15.6 (noarch)
* supportutils-plugin-salt-1.2.3-150000.3.16.1
* dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1
* supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1
* spacecmd-5.0.11-150000.3.130.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* golang-github-prometheus-promu-0.17.0-150000.3.24.1
* SUSE Manager Client Tools for SLE 15 (noarch)
* mgrctl-lang-0.1.28-150000.1.16.1
* mgrctl-bash-completion-0.1.28-150000.1.16.1
* dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1
* mgrctl-zsh-completion-0.1.28-150000.1.16.1
* supportutils-plugin-salt-1.2.3-150000.3.16.1
* spacecmd-5.0.11-150000.3.130.1
* supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1
* SUSE Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64)
* grafana-debuginfo-10.4.13-150000.1.66.1
* grafana-10.4.13-150000.1.66.1
* golang-github-prometheus-prometheus-2.53.3-150000.3.59.1
* mgrctl-debuginfo-0.1.28-150000.1.16.1
* mgrctl-0.1.28-150000.1.16.1
* firewalld-prometheus-config-0.1-150000.3.59.1
* SUSE Manager Client Tools for SLE Micro 5 (noarch)
* mgrctl-lang-0.1.28-150000.1.16.1
* dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1
* mgrctl-zsh-completion-0.1.28-150000.1.16.1
* mgrctl-bash-completion-0.1.28-150000.1.16.1
* SUSE Manager Client Tools for SLE Micro 5 (aarch64 s390x x86_64)
* mgrctl-debuginfo-0.1.28-150000.1.16.1
* mgrctl-0.1.28-150000.1.16.1
* Basesystem Module 15-SP6 (noarch)
* supportutils-plugin-salt-1.2.3-150000.3.16.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* golang-github-prometheus-promu-0.17.0-150000.3.24.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* supportutils-plugin-salt-1.2.3-150000.3.16.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* supportutils-plugin-salt-1.2.3-150000.3.16.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* supportutils-plugin-salt-1.2.3-150000.3.16.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* supportutils-plugin-salt-1.2.3-150000.3.16.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* supportutils-plugin-salt-1.2.3-150000.3.16.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
* supportutils-plugin-salt-1.2.3-150000.3.16.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* supportutils-plugin-salt-1.2.3-150000.3.16.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* supportutils-plugin-salt-1.2.3-150000.3.16.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* supportutils-plugin-salt-1.2.3-150000.3.16.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* supportutils-plugin-salt-1.2.3-150000.3.16.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* supportutils-plugin-salt-1.2.3-150000.3.16.1
* SUSE Manager Proxy 4.3 (noarch)
* supportutils-plugin-salt-1.2.3-150000.3.16.1
## References:
* https://www.suse.com/security/cve/CVE-2023-3128.html
* https://www.suse.com/security/cve/CVE-2023-6152.html
* https://www.suse.com/security/cve/CVE-2024-22037.html
* https://www.suse.com/security/cve/CVE-2024-45337.html
* https://www.suse.com/security/cve/CVE-2024-51744.html
* https://www.suse.com/security/cve/CVE-2024-6837.html
* https://www.suse.com/security/cve/CVE-2024-8118.html
* https://bugzilla.suse.com/show_bug.cgi?id=1212641
* https://bugzilla.suse.com/show_bug.cgi?id=1219912
* https://bugzilla.suse.com/show_bug.cgi?id=1229079
* https://bugzilla.suse.com/show_bug.cgi?id=1229104
* https://bugzilla.suse.com/show_bug.cgi?id=1231024
* https://bugzilla.suse.com/show_bug.cgi?id=1231497
* https://bugzilla.suse.com/show_bug.cgi?id=1231568
* https://bugzilla.suse.com/show_bug.cgi?id=1231759
* https://bugzilla.suse.com/show_bug.cgi?id=1232575
* https://bugzilla.suse.com/show_bug.cgi?id=1232769
* https://bugzilla.suse.com/show_bug.cgi?id=1232817
* https://bugzilla.suse.com/show_bug.cgi?id=1232970
* https://bugzilla.suse.com/show_bug.cgi?id=1233202
* https://bugzilla.suse.com/show_bug.cgi?id=1233279
* https://bugzilla.suse.com/show_bug.cgi?id=1233630
* https://bugzilla.suse.com/show_bug.cgi?id=1233660
* https://bugzilla.suse.com/show_bug.cgi?id=1234123
* https://bugzilla.suse.com/show_bug.cgi?id=1234554
* https://bugzilla.suse.com/show_bug.cgi?id=1235145
* https://bugzilla.suse.com/show_bug.cgi?id=1236301
* https://jira.suse.com/browse/MSQA-914
* https://jira.suse.com/browse/PED-11591
* https://jira.suse.com/browse/PED-11649
* https://jira.suse.com/browse/SUMA-314
--===============3404946545198670988==
Content-Type: text/html; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
<div class="container">
<h1>Security update for SUSE Manager Client Tools</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2025:0525-1</td>
</tr>
<tr>
<th>Release Date:</th>
<td>2025-02-14T07:19:20Z</td>
</tr>
<tr>
<th>Rating:</th>
<td>moderate</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212641">bsc#1212641</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1219912">bsc#1219912</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1229079">bsc#1229079</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1229104">bsc#1229104</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1231024">bsc#1231024</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1231497">bsc#1231497</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1231568">bsc#1231568</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1231759">bsc#1231759</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1232575">bsc#1232575</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1232769">bsc#1232769</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1232817">bsc#1232817</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1232970">bsc#1232970</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1233202">bsc#1233202</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1233279">bsc#1233279</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1233630">bsc#1233630</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1233660">bsc#1233660</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1234123">bsc#1234123</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1234554">bsc#1234554</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1235145">bsc#1235145</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1236301">bsc#1236301</a>
</li>
<li style="display: inline;">
<a href="https://jira.suse.com/browse/MSQA-914">jsc#MSQA-914</a>
</li>
<li style="display: inline;">
<a href="https://jira.suse.com/browse/PED-11591">jsc#PED-11591</a>
</li>
<li style="display: inline;">
<a href="https://jira.suse.com/browse/PED-11649">jsc#PED-11649</a>
</li>
<li style="display: inline;">
<a href="https://jira.suse.com/browse/SUMA-314">jsc#SUMA-314</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-3128.html">CVE-2023-3128</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-6152.html">CVE-2023-6152</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-22037.html">CVE-2024-22037</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-45337.html">CVE-2024-45337</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-51744.html">CVE-2024-51744</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-6837.html">CVE-2024-6837</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-8118.html">CVE-2024-8118</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span
class="cvss-reference">CVE-2023-3128</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">9.4</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2023-3128</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">9.4</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2023-3128</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">9.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2023-6152</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">5.4</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2023-6152</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">5.4</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2023-6152</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">5.4</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-22037</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">5.7</span>
<span
class="cvss-vector">CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-22037</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">5.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-22037</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">5.7</span>
<span
class="cvss-vector">CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-22037</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">5.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-45337</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">8.1</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-45337</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">9.1</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-51744</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">2.1</span>
<span
class="cvss-vector">CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-51744</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">3.1</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-51744</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">3.1</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-6837</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">5.3</span>
<span
class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-6837</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">5.4</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-8118</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">4.7</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-8118</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">5.1</span>
<span
class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">Basesystem
Module 15-SP6</li>
<li class="list-group-item">openSUSE Leap
15.3</li>
<li class="list-group-item">openSUSE Leap
15.4</li>
<li class="list-group-item">openSUSE Leap
15.5</li>
<li class="list-group-item">openSUSE Leap
15.6</li>
<li class="list-group-item">SUSE
Enterprise Storage 7.1</li>
<li class="list-group-item">SUSE Linux
Enterprise Desktop 15</li>
<li class="list-group-item">SUSE Linux
Enterprise Desktop 15 SP1</li>
<li class="list-group-item">SUSE Linux
Enterprise Desktop 15 SP2</li>
<li class="list-group-item">SUSE Linux
Enterprise Desktop 15 SP3</li>
<li class="list-group-item">SUSE Linux
Enterprise Desktop 15 SP4</li>
<li class="list-group-item">SUSE Linux
Enterprise Desktop 15 SP5</li>
<li class="list-group-item">SUSE Linux
Enterprise Desktop 15 SP6</li>
<li class="list-group-item">SUSE Linux
Enterprise High Performance Computing 15</li>
<li class="list-group-item">SUSE Linux
Enterprise High Performance Computing 15 SP1</li>
<li class="list-group-item">SUSE Linux
Enterprise High Performance Computing 15 SP2</li>
<li class="list-group-item">SUSE Linux
Enterprise High Performance Computing 15 SP3</li>
<li class="list-group-item">SUSE Linux
Enterprise High Performance Computing 15 SP4</li>
<li class="list-group-item">SUSE Linux
Enterprise High Performance Computing 15 SP5</li>
<li class="list-group-item">SUSE Linux
Enterprise High Performance Computing ESPOS 15 SP4</li>
<li class="list-group-item">SUSE Linux
Enterprise High Performance Computing ESPOS 15 SP5</li>
<li class="list-group-item">SUSE Linux
Enterprise High Performance Computing LTSS 15 SP3</li>
<li class="list-group-item">SUSE Linux
Enterprise High Performance Computing LTSS 15 SP4</li>
<li class="list-group-item">SUSE Linux
Enterprise High Performance Computing LTSS 15 SP5</li>
<li class="list-group-item">SUSE Linux
Enterprise Micro 5.0</li>
<li class="list-group-item">SUSE Linux
Enterprise Micro 5.1</li>
<li class="list-group-item">SUSE Linux
Enterprise Micro 5.2</li>
<li class="list-group-item">SUSE Linux
Enterprise Micro 5.3</li>
<li class="list-group-item">SUSE Linux
Enterprise Micro 5.4</li>
<li class="list-group-item">SUSE Linux
Enterprise Micro 5.5</li>
<li class="list-group-item">SUSE Linux
Enterprise Real Time 15 SP1</li>
<li class="list-group-item">SUSE Linux
Enterprise Real Time 15 SP2</li>
<li class="list-group-item">SUSE Linux
Enterprise Real Time 15 SP3</li>
<li class="list-group-item">SUSE Linux
Enterprise Real Time 15 SP4</li>
<li class="list-group-item">SUSE Linux
Enterprise Real Time 15 SP5</li>
<li class="list-group-item">SUSE Linux
Enterprise Real Time 15 SP6</li>
<li class="list-group-item">SUSE Linux
Enterprise Server 15</li>
<li class="list-group-item">SUSE Linux
Enterprise Server 15 SP1</li>
<li class="list-group-item">SUSE Linux
Enterprise Server 15 SP2</li>
<li class="list-group-item">SUSE Linux
Enterprise Server 15 SP3</li>
<li class="list-group-item">SUSE Linux
Enterprise Server 15 SP3 LTSS</li>
<li class="list-group-item">SUSE Linux
Enterprise Server 15 SP4</li>
<li class="list-group-item">SUSE Linux
Enterprise Server 15 SP4 LTSS</li>
<li class="list-group-item">SUSE Linux
Enterprise Server 15 SP5</li>
<li class="list-group-item">SUSE Linux
Enterprise Server 15 SP5 LTSS</li>
<li class="list-group-item">SUSE Linux
Enterprise Server 15 SP6</li>
<li class="list-group-item">SUSE Linux
Enterprise Server for SAP Applications 15</li>
<li class="list-group-item">SUSE Linux
Enterprise Server for SAP Applications 15 SP1</li>
<li class="list-group-item">SUSE Linux
Enterprise Server for SAP Applications 15 SP2</li>
<li class="list-group-item">SUSE Linux
Enterprise Server for SAP Applications 15 SP3</li>
<li class="list-group-item">SUSE Linux
Enterprise Server for SAP Applications 15 SP4</li>
<li class="list-group-item">SUSE Linux
Enterprise Server for SAP Applications 15 SP5</li>
<li class="list-group-item">SUSE Linux
Enterprise Server for SAP Applications 15 SP6</li>
<li class="list-group-item">SUSE Manager
Client Tools for SLE 15</li>
<li class="list-group-item">SUSE Manager
Client Tools for SLE Micro 5</li>
<li class="list-group-item">SUSE Manager
Proxy 4.3</li>
<li class="list-group-item">SUSE Manager
Retail Branch Server 4.3</li>
<li class="list-group-item">SUSE Manager
Server 4.3</li>
<li class="list-group-item">SUSE Package
Hub 15 15-SP6</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves seven vulnerabilities, contains four
features and has 13 security fixes can now be installed.</p>
<h2>Description:</h2>
<p>This update fixes the following issues:</p>
<p>dracut-saltboot was updated to version
0.1.1728559936.c16d4fb:</p>
<ul>
<li>Added MAC based terminal naming option (jsc#SUMA-314)</li>
</ul>
<p>golang-github-prometheus-prometheus was updated from version 2.45.6 to
2.53.3 (jsc#PED-11649):</p>
<ul>
<li>Security issues fixed:</li>
<li>
<p>CVE-2024-51744: Updated golang-jwt to version 5.0 to fix bad error
handling (bsc#1232970)</p>
</li>
<li>
<p>Highlights of other changes:</p>
</li>
<li>Performance: <ul>
<li>Significant enhancements to PromQL execution speed, TSDB operations
(especially querying and compaction) and
remote write operations.</li>
<li>Default GOGC value lowered to 75 for better memory management.
</li>
<li>Option to limit memory usage from dropped targets added.</li>
</ul>
</li>
<li>New Features:<ul>
<li>Experimental OpenTelemetry ingestion.</li>
<li>Automatic memory limit handling.</li>
<li>Native histogram support, including new functions, UI enhancements,
and improved scraping.</li>
<li>Improved alerting features, such as relabeling rules for
AlertmanagerConfig and a new query_offset option.</li>
<li>Expanded service discovery options with added metadata and support
for new services.</li>
<li>New promtool commands for PromQL formatting, label manipulation,
metric pushing, and OpenMetrics dumping.</li>
</ul>
</li>
<li>Bug Fixes: <ul>
<li>Numerous fixes across scraping, API, TSDB, PromQL, and service
discovery.</li>
</ul>
</li>
<li>For a detailed list of changes consult the package changelog or
https://github.com/prometheus/prometheus/compare/v2.45.6...v2.53.3</li>
</ul>
<p>grafana was updated from version 9.5.18 to 10.4.13
(jsc#PED-11591,jsc#PED-11649):</p>
<ul>
<li>Security issues fixed:</li>
<li>CVE-2024-45337: Prevent possible misuse of
ServerConfig.PublicKeyCallback by upgrading
golang.org/x/crypto (bsc#1234554)</li>
<li>CVE-2023-3128: Fixed authentication bypass using Azure AD OAuth
(bsc#1212641)</li>
<li>CVE-2023-6152: Add email verification when updating user email
(bsc#1219912)</li>
<li>CVE-2024-6837: Fixed potential data source permission escalation
(bsc#1236301)</li>
<li>
<p>CVE-2024-8118: Fixed permission on external alerting rule write
endpoint (bsc#1231024)</p>
</li>
<li>
<p>Potential breaking changes in version 10:</p>
</li>
<li>In panels using the <code>extract fields</code>
transformation, where one
of the extracted names collides with one of the already
existing ields, the extracted field will be renamed.</li>
<li>For the existing backend mode users who have table
visualization might see some inconsistencies on their panels.
We have updated the table column naming. This will
potentially affect field transformations and/or field
overrides. To resolve this either: update transformation or
field override.</li>
<li>For the existing backend mode users who have Transformations
with the <code>time</code> field, might see their
transformations are
not working. Those panels that have broken transformations
will fail to render. This is because we changed the field
key. To resolve this either: Remove the affected panel and
re-create it; Select the <code>Time</code> field again; Edit
the <code>time</code>
field as <code>Time</code> for transformation in
<code>panel.json</code> or
<code>dashboard.json</code> </li>
<li>The following data source permission endpoints have been removed:
<code>GET /datasources/:datasourceId/permissions</code>
<code>POST /api/datasources/:datasourceId/permissions</code>
<code>DELETE /datasources/:datasourceId/permissions</code>
<code>POST /datasources/:datasourceId/enable-permissions</code>
<code>POST
/datasources/:datasourceId/disable-permissions</code><ul>
<li>Please use the following endpoints instead:
<code>GET /api/access-control/datasources/:uid</code> for listing
data
source permissions
<code>POST /api/access-control/datasources/:uid/users/:id</code>,
<code>POST /api/access-control/datasources/:uid/teams/:id</code>
and
<code>POST
/api/access-control/datasources/:uid/buildInRoles/:id</code>
for adding or removing data source permissions</li>
</ul>
</li>
<li>If you are using Terraform Grafana provider to manage data source
permissions, you will need to upgrade your
provider.</li>
<li>For the existing backend mode users who have table visualization
might see some inconsistencies on their panels.
We have updated the table column naming. This will potentially affect field
transformations and/or field overrides.</li>
<li>The deprecated <code>/playlists/{uid}/dashboards</code>
API endpoint has been removed.
Dashboard information can be retrieved from the
<code>/dashboard/...</code> APIs.</li>
<li>The <code>PUT /api/folders/:uid</code> endpoint no more
supports modifying the folder's <code>UID</code></li>
<li>Removed all components for the old panel header design.</li>
<li>Please review https://grafana.com/docs/grafana/next/breaking-changes/breaking-changes-v10-3/
for more details</li>
<li>OAuth role mapping enforcement: This change impacts GitHub,
Gitlab, Okta, and Generic OAuth. To avoid overriding manually
set roles, enable the skip_org_role_sync option in the
Grafana configuration for your OAuth provider before
upgrading</li>
<li>Angular has been deprecated</li>
<li>Grafana legacy alerting has been deprecated</li>
<li>API keys are migrating to service accounts</li>
<li>The experimental “dashboard previews” feature is removed</li>
<li>Usernames are now case-insensitive by default</li>
<li>Grafana OAuth integrations do not work anymore with email
lookups</li>
<li>The “Alias” field in the CloudWatch data source is removed</li>
<li>Athena data source plugin must be updated to version
>=2.9.3</li>
<li>Redshift data source plugin must be updated to version
>=1.8.3</li>
<li>DoiT International BigQuery plugin no longer supported</li>
<li>
<p>Please review https://grafana.com/docs/grafana/next/breaking-changes/breaking-changes-v10-0
for more details</p>
</li>
<li>
<p>This update brings many new features, enhancements and fixes
highlighted at:</p>
</li>
<li>https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-4/</li>
<li>https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-3/</li>
<li>https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-2/</li>
<li>https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-1/</li>
<li>https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-0/:</li>
</ul>
<p>spacecmd was updated to version 5.0.11-0:</p>
<ul>
<li>Updated translation strings</li>
</ul>
<p>supportutils-plugin-salt was updated to version 1.2.3:</p>
<ul>
<li>Adjusted requirements for plugin to allow compatibility with
supportutils 3.2.9 release (bsc#1235145)</li>
<li>Provide backwards-compatible scripts version</li>
</ul>
<p>supportutils-plugin-susemanager-client was updated to version
5.0.4-0:</p>
<ul>
<li>Adjusted requirements for plugin to allow compatibility with
supportutils 3.2.9 release (bsc#1235145)</li>
</ul>
<p>uyuni-tools was updated from version 0.1.23-0 to 0.1.27-0:</p>
<ul>
<li>Security issues fixed:</li>
<li>CVE-2024-22037: Use podman secret to store the database credentials
(bsc#1231497)</li>
<li>Other changes and bugs fixed:</li>
<li>Version 0.1.27-0<ul>
<li>Bump the default image tag to 5.0.3</li>
<li>IsInstalled function fix</li>
<li>Run systemctl daemon-reload after changing the container image config
(bsc#1233279)</li>
<li>Coco-replicas-upgrade</li>
<li>Persist search server indexes (bsc#1231759)</li>
<li>Sync deletes files during migration (bsc#1233660)</li>
<li>Ignore coco and hub images when applying PTF if they are not ailable
(bsc#1229079)</li>
<li>Add --registry back to mgrpxy (bsc#1233202)</li>
<li>Only add java.hostname on migrated server if not present</li>
<li>Consider the configuration file to detect the coco or hub api images
should be pulled (bsc#1229104)</li>
<li>Only raise an error if cloudguestregistryauth fails for PAYG
(bsc#1233630)</li>
<li>Add registry.suse.com login to mgradm upgrade podman list
(bsc#1234123)</li>
</ul>
</li>
<li>Version 0.1.26-0<ul>
<li>Ignore all zypper caches during migration (bsc#1232769)</li>
<li>Use the uyuni network for all podman containers
(bsc#1232817)</li>
</ul>
</li>
<li>Version 0.1.25-0<ul>
<li>Don't migrate enabled systemd services, recreate them
(bsc#1232575)</li>
</ul>
</li>
<li>Version 0.1.24-0<ul>
<li>Redact JSESSIONID and pxt-session-cookie values from logs and
console output (bsc#1231568)</li>
</ul>
</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper
patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Manager Retail Branch Server 4.3
<br/>
<code>zypper in -t patch
SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.3-2025-525=1</code>
</li>
<li class="list-group-item">
SUSE Manager Server 4.3
<br/>
<code>zypper in -t patch
SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-525=1</code>
</li>
<li class="list-group-item">
SUSE Enterprise Storage 7.1
<br/>
<code>zypper in -t patch
SUSE-Storage-7.1-2025-525=1</code>
</li>
<li class="list-group-item">
openSUSE Leap 15.6
<br/>
<code>zypper in -t patch
openSUSE-SLE-15.6-2025-525=1</code>
</li>
<li class="list-group-item">
SUSE Manager Client Tools for SLE 15
<br/>
<code>zypper in -t patch
SUSE-SLE-Manager-Tools-15-2025-525=1</code>
</li>
<li class="list-group-item">
SUSE Manager Client Tools for SLE Micro 5
<br/>
<code>zypper in -t patch
SUSE-SLE-Manager-Tools-For-Micro-5-2025-525=1</code>
</li>
<li class="list-group-item">
Basesystem Module 15-SP6
<br/>
<code>zypper in -t patch
SUSE-SLE-Module-Basesystem-15-SP6-2025-525=1</code>
</li>
<li class="list-group-item">
SUSE Package Hub 15 15-SP6
<br/>
<code>zypper in -t patch
SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-525=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
<br/>
<code>zypper in -t patch
SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-525=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
<br/>
<code>zypper in -t patch
SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-525=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
<br/>
<code>zypper in -t patch
SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-525=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
<br/>
<code>zypper in -t patch
SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-525=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
<br/>
<code>zypper in -t patch
SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-525=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server 15 SP3 LTSS
<br/>
<code>zypper in -t patch
SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-525=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server 15 SP4 LTSS
<br/>
<code>zypper in -t patch
SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-525=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server 15 SP5 LTSS
<br/>
<code>zypper in -t patch
SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-525=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server for SAP Applications 15 SP3
<br/>
<code>zypper in -t patch
SUSE-SLE-Product-SLES_SAP-15-SP3-2025-525=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server for SAP Applications 15 SP4
<br/>
<code>zypper in -t patch
SUSE-SLE-Product-SLES_SAP-15-SP4-2025-525=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server for SAP Applications 15 SP5
<br/>
<code>zypper in -t patch
SUSE-SLE-Product-SLES_SAP-15-SP5-2025-525=1</code>
</li>
<li class="list-group-item">
SUSE Manager Proxy 4.3
<br/>
<code>zypper in -t patch
SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-525=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Manager Retail Branch Server 4.3 (noarch)
<ul>
<li>supportutils-plugin-salt-1.2.3-150000.3.16.1</li>
</ul>
</li>
<li>
SUSE Manager Server 4.3 (noarch)
<ul>
<li>supportutils-plugin-salt-1.2.3-150000.3.16.1</li>
</ul>
</li>
<li>
SUSE Enterprise Storage 7.1 (noarch)
<ul>
<li>supportutils-plugin-salt-1.2.3-150000.3.16.1</li>
</ul>
</li>
<li>
openSUSE Leap 15.6 (noarch)
<ul>
<li>supportutils-plugin-salt-1.2.3-150000.3.16.1</li>
<li>dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1</li>
<li>supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1</li>
<li>spacecmd-5.0.11-150000.3.130.1</li>
</ul>
</li>
<li>
openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
<ul>
<li>golang-github-prometheus-promu-0.17.0-150000.3.24.1</li>
</ul>
</li>
<li>
SUSE Manager Client Tools for SLE 15 (noarch)
<ul>
<li>mgrctl-lang-0.1.28-150000.1.16.1</li>
<li>mgrctl-bash-completion-0.1.28-150000.1.16.1</li>
<li>dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1</li>
<li>mgrctl-zsh-completion-0.1.28-150000.1.16.1</li>
<li>supportutils-plugin-salt-1.2.3-150000.3.16.1</li>
<li>spacecmd-5.0.11-150000.3.130.1</li>
<li>supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1</li>
</ul>
</li>
<li>
SUSE Manager Client Tools for SLE 15 (aarch64 ppc64le s390x
x86_64)
<ul>
<li>grafana-debuginfo-10.4.13-150000.1.66.1</li>
<li>grafana-10.4.13-150000.1.66.1</li>
<li>golang-github-prometheus-prometheus-2.53.3-150000.3.59.1</li>
<li>mgrctl-debuginfo-0.1.28-150000.1.16.1</li>
<li>mgrctl-0.1.28-150000.1.16.1</li>
<li>firewalld-prometheus-config-0.1-150000.3.59.1</li>
</ul>
</li>
<li>
SUSE Manager Client Tools for SLE Micro 5 (noarch)
<ul>
<li>mgrctl-lang-0.1.28-150000.1.16.1</li>
<li>dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1</li>
<li>mgrctl-zsh-completion-0.1.28-150000.1.16.1</li>
<li>mgrctl-bash-completion-0.1.28-150000.1.16.1</li>
</ul>
</li>
<li>
SUSE Manager Client Tools for SLE Micro 5 (aarch64 s390x
x86_64)
<ul>
<li>mgrctl-debuginfo-0.1.28-150000.1.16.1</li>
<li>mgrctl-0.1.28-150000.1.16.1</li>
</ul>
</li>
<li>
Basesystem Module 15-SP6 (noarch)
<ul>
<li>supportutils-plugin-salt-1.2.3-150000.3.16.1</li>
</ul>
</li>
<li>
SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
<ul>
<li>golang-github-prometheus-promu-0.17.0-150000.3.24.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing LTSS 15
SP3 (noarch)
<ul>
<li>supportutils-plugin-salt-1.2.3-150000.3.16.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing ESPOS 15
SP4 (noarch)
<ul>
<li>supportutils-plugin-salt-1.2.3-150000.3.16.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing LTSS 15
SP4 (noarch)
<ul>
<li>supportutils-plugin-salt-1.2.3-150000.3.16.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing ESPOS 15
SP5 (noarch)
<ul>
<li>supportutils-plugin-salt-1.2.3-150000.3.16.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing LTSS 15
SP5 (noarch)
<ul>
<li>supportutils-plugin-salt-1.2.3-150000.3.16.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
<ul>
<li>supportutils-plugin-salt-1.2.3-150000.3.16.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
<ul>
<li>supportutils-plugin-salt-1.2.3-150000.3.16.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
<ul>
<li>supportutils-plugin-salt-1.2.3-150000.3.16.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 15 SP3
(noarch)
<ul>
<li>supportutils-plugin-salt-1.2.3-150000.3.16.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 15 SP4
(noarch)
<ul>
<li>supportutils-plugin-salt-1.2.3-150000.3.16.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 15 SP5
(noarch)
<ul>
<li>supportutils-plugin-salt-1.2.3-150000.3.16.1</li>
</ul>
</li>
<li>
SUSE Manager Proxy 4.3 (noarch)
<ul>
<li>supportutils-plugin-salt-1.2.3-150000.3.16.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-3128.html">https://www.suse.com/security/cve/CVE-2023-3128.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-6152.html">https://www.suse.com/security/cve/CVE-2023-6152.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-22037.html">https://www.suse.com/security/cve/CVE-2024-22037.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-45337.html">https://www.suse.com/security/cve/CVE-2024-45337.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-51744.html">https://www.suse.com/security/cve/CVE-2024-51744.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-6837.html">https://www.suse.com/security/cve/CVE-2024-6837.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-8118.html">https://www.suse.com/security/cve/CVE-2024-8118.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212641">https://bugzilla.suse.com/show_bug.cgi?id=1212641</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1219912">https://bugzilla.suse.com/show_bug.cgi?id=1219912</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1229079">https://bugzilla.suse.com/show_bug.cgi?id=1229079</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1229104">https://bugzilla.suse.com/show_bug.cgi?id=1229104</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1231024">https://bugzilla.suse.com/show_bug.cgi?id=1231024</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1231497">https://bugzilla.suse.com/show_bug.cgi?id=1231497</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1231568">https://bugzilla.suse.com/show_bug.cgi?id=1231568</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1231759">https://bugzilla.suse.com/show_bug.cgi?id=1231759</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1232575">https://bugzilla.suse.com/show_bug.cgi?id=1232575</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1232769">https://bugzilla.suse.com/show_bug.cgi?id=1232769</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1232817">https://bugzilla.suse.com/show_bug.cgi?id=1232817</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1232970">https://bugzilla.suse.com/show_bug.cgi?id=1232970</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1233202">https://bugzilla.suse.com/show_bug.cgi?id=1233202</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1233279">https://bugzilla.suse.com/show_bug.cgi?id=1233279</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1233630">https://bugzilla.suse.com/show_bug.cgi?id=1233630</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1233660">https://bugzilla.suse.com/show_bug.cgi?id=1233660</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1234123">https://bugzilla.suse.com/show_bug.cgi?id=1234123</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1234554">https://bugzilla.suse.com/show_bug.cgi?id=1234554</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1235145">https://bugzilla.suse.com/show_bug.cgi?id=1235145</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1236301">https://bugzilla.suse.com/show_bug.cgi?id=1236301</a>
</li>
<li>
<a href="https://jira.suse.com/browse/MSQA-914">https://jira.suse.com/browse/MSQA-914</a>
</li>
<li>
<a href="https://jira.suse.com/browse/PED-11591">https://jira.suse.com/browse/PED-11591</a>
</li>
<li>
<a href="https://jira.suse.com/browse/PED-11649">https://jira.suse.com/browse/PED-11649</a>
</li>
<li>
<a href="https://jira.suse.com/browse/SUMA-314">https://jira.suse.com/browse/SUMA-314</a>
</li>
</ul>
</div>
--===============3404946545198670988==--
|
|
|
|
