Security update for SUSE Manager Client Tools

Announcement ID: SUSE-SU-202501:15286-1
Release Date: 2025-02-14T07:19:29Z
Rating: moderate
References:
Cross-References:
CVSS scores:
  • CVE-2024-22037 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L
  • CVE-2024-22037 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2024-22037 ( NVD ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • CVE-2024-22037 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products:
  • SUSE Manager Client Tools for Ubuntu 20.04 2004

An update that solves one vulnerability, contains two features and has 16 security fixes can now be installed.

Description:

This update fixes the following issues:

salt:

  • Build all python bindings for all flavors
  • Fixed the condition of alternatives for Tumbleweed and Leap 16
  • Handle logger exception when flushing already closed file
  • Included passlib as a recommended dependency
  • Make minion reconnecting on changing master IP (bsc#1228182)
  • Make Salt Bundle more tolerant to long running jobs (bsc#1228690)
  • Removed System V init support
  • Reverted setting SELinux context for minion service (bsc#1233667)
  • Use update-alternatives for salt-call and fix builing on EL8

scap-security-guide was updated to version 0.1.75 (jsc#ECO-3319):

  • Added Ism profile for OL8, OL9
  • Added new product kylinserver10
  • Created OL10 product
  • Release SLMicro5 product
  • Replaced two date injections by SOURCE_DATE_EPOCH to make reproducible (bsc#1230361)
  • Updated PCI-DSS control file for version 4.0.1

spacecmd was updated to version 5.0.11-0:

  • Updated translation strings

uyuni-tools was updated from version 0.1.23-0 to 0.1.27-0:

  • Security issues fixed:
  • CVE-2024-22037: Use podman secret to store the database credentials (bsc#1231497)
  • Other changes and bugs fixed:
  • Version 0.1.27-0
    • Bump the default image tag to 5.0.3
    • IsInstalled function fix
    • Run systemctl daemon-reload after changing the container image config (bsc#1233279)
    • Coco-replicas-upgrade
    • Persist search server indexes (bsc#1231759)
    • Sync deletes files during migration (bsc#1233660)
    • Ignore coco and hub images when applying PTF if they are not ailable (bsc#1229079)
    • Add --registry back to mgrpxy (bsc#1233202)
    • Only add java.hostname on migrated server if not present
    • Consider the configuration file to detect the coco or hub api images should be pulled (bsc#1229104)
    • Only raise an error if cloudguestregistryauth fails for PAYG (bsc#1233630)
    • Add registry.suse.com login to mgradm upgrade podman list (bsc#1234123)
  • Version 0.1.26-0
    • Ignore all zypper caches during migration (bsc#1232769)
    • Use the uyuni network for all podman containers (bsc#1232817)
  • Version 0.1.25-0
    • Don't migrate enabled systemd services, recreate them (bsc#1232575)
  • Version 0.1.24-0
    • Redact JSESSIONID and pxt-session-cookie values from logs and console output (bsc#1231568)

Special Instructions and Notes:

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Manager Client Tools for Ubuntu 20.04 2004
    zypper in -t patch suse-ubu204ct-client-tools-202501-15286=1

Package List:

  • SUSE Manager Client Tools for Ubuntu 20.04 2004 (all)
    • scap-security-guide-ubuntu-0.1.75-2.55.2
    • salt-common-3006.0+ds-1+2.134.2
    • mgrctl-bash-completion-0.1.28-2.16.2
    • mgrctl-fish-completion-0.1.28-2.16.2
    • spacecmd-5.0.11-2.95.2
    • salt-minion-3006.0+ds-1+2.134.2
    • mgrctl-zsh-completion-0.1.28-2.16.2
  • SUSE Manager Client Tools for Ubuntu 20.04 2004 (amd64)
    • mgrctl-0.1.28-2.16.2

References: