Security update for SUSE Manager Client Tools

Announcement ID: SUSE-SU-2024:3266-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2023-45142 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-45142 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2024-6104 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
  • CVE-2024-6104 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products:
  • SUSE Linux Enterprise Desktop 12
  • SUSE Linux Enterprise Desktop 12 SP1
  • SUSE Linux Enterprise Desktop 12 SP2
  • SUSE Linux Enterprise Desktop 12 SP3
  • SUSE Linux Enterprise Desktop 12 SP4
  • SUSE Linux Enterprise High Performance Computing 12 SP2
  • SUSE Linux Enterprise High Performance Computing 12 SP3
  • SUSE Linux Enterprise High Performance Computing 12 SP4
  • SUSE Linux Enterprise High Performance Computing 12 SP5
  • SUSE Linux Enterprise Server 12
  • SUSE Linux Enterprise Server 12 SP1
  • SUSE Linux Enterprise Server 12 SP2
  • SUSE Linux Enterprise Server 12 SP3
  • SUSE Linux Enterprise Server 12 SP4
  • SUSE Linux Enterprise Server 12 SP5
  • SUSE Linux Enterprise Server for SAP Applications 12
  • SUSE Linux Enterprise Server for SAP Applications 12 SP1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3
  • SUSE Linux Enterprise Server for SAP Applications 12 SP4
  • SUSE Linux Enterprise Server for SAP Applications 12 SP5
  • SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2
  • SUSE Manager Client Tools for SLE 12

An update that solves two vulnerabilities, contains two features and has 22 security fixes can now be installed.

Description:

This update fixes the following issues:

golang-github-prometheus-prometheus:

  • Security issues fixed:

  • CVE-2024-6104: Update go-retryablehttp to version 0.7.7 (bsc#1227038)

  • CVE-2023-45142: Updated otelhttp to version 0.46.1 (bsc#1228556)

  • Require Go > 1.20 for building

  • Migrate from disabled to manual service mode
  • Update to 2.45.6 (jsc#PED-3577):
  • Security fixes in dependencies
  • Update to 2.45.5:
  • [BUGFIX] tsdb/agent: ensure that new series get written to WAL on rollback.
  • [BUGFIX] Remote write: Avoid a race condition when applying configuration.
  • Update to 2.45.4:
  • [BUGFIX] Remote read: Release querier resources before encoding the results.
  • Update to 2.45.3:
  • [BUGFIX] TSDB: Remove double memory snapshot on shutdown.
  • Update to 2.45.2:
  • [BUGFIX] TSDB: Fix PostingsForMatchers race with creating new series.
  • Update to 2.45.1:
  • [ENHANCEMENT] Hetzner SD: Support larger ID's that will be used by Hetzner in September.
  • [BUGFIX] Linode SD: Cast InstanceSpec values to int64 to avoid overflows on 386 architecture.
  • [BUGFIX] TSDB: Handle TOC parsing failures.

rhnlib:

  • Version 5.0.4-0
  • Add the old TLS code for very old traditional clients still on python 2.7 (bsc#1228198)

spacecmd:

  • Version 5.0.9-0
  • Update translation strings

uyuni-tools:

  • Version 0.1.21-0
  • mgrpxy: Fix typo on Systemd template
  • Version 0.1.20-0
  • Update the push tag to 5.0.1
  • mgrpxy: expose port on IPv6 network (bsc#1227951)
  • Version 0.1.19-0
  • Skip updating Tomcat remote debug if conf file is not present
  • Version 0.1.18-0
  • Setup Confidential Computing container during migration (bsc#1227588)
  • Add the /etc/uyuni/uyuni-tools.yaml path to the config help
  • Split systemd config files to not loose configuration at upgrade (bsc#1227718)
  • Use the same logic for image computation in mgradm and mgrpxy (bsc#1228026)
  • Allow building with different Helm and container default registry paths (bsc#1226191)
  • Fix recursion in mgradm upgrade podman list --help
  • Setup hub xmlrpc API service in migration to Podman (bsc#1227588)
  • Setup disabled hub xmlrpc API service in all cases (bsc#1227584)
  • Clean the inspection code to make it faster
  • Properly detect IPv6 enabled on Podman network (bsc#1224349)
  • Fix the log file path generation
  • Write scripts output to uyuni-tools.log file
  • Add uyuni-hubxml-rpc to the list of values in mgradm scale --help
  • Use path in mgradm support sql file input (bsc#1227505)
  • On Ubuntu build with go1.21 instead of go1.20
  • Enforce Cobbler setup (bsc#1226847)
  • Expose port on IPv6 network (bsc#1227951)
  • show output of podman image search --list-tags command
  • Implement mgrpxy support config command
  • During migration, ignore /etc/sysconfig/tomcat and /etc/tomcat/tomcat.conf (bsc#1228183)
  • During migration, remove java.annotation,com.sun.xml.bind and UseConcMarkSweepGC settings
  • Disable node exporter port for Kubernetes
  • Fix start, stop and restart in Kubernetes
  • Increase start timeout in Kubernetes
  • Fix traefik query
  • Fix password entry usability (bsc#1226437)
  • Add --prepare option to migrate command
  • Fix random error during installation of CA certificate (bsc#1227245)
  • Clarify and fix distro name guessing when not provided (bsc#1226284)
  • Replace not working Fatal error by plain error return (bsc#1220136)
  • Allow server installation with preexisting storage volumes
  • Do not report error when purging mounted volume (bsc#1225349)
  • Preserve PAGER settings from the host for interactive sql usage (bsc#1226914)
  • Add mgrpxy command to clear the Squid cache
  • Use local images for Confidential Computing and Hub containers (bsc#1227586)
  • Version 0.1.17-0
  • Allow GPG files to be loaded from the local file (bsc#1227195)
  • Version 0.1.16-0
  • Prefer local images in all migration steps (bsc#1227244)
  • Version 0.1.15-0
  • Define --registry flag behaviour (bsc#1226793)
  • Version 0.1.14-0
  • Do not rely on hardcoded registry, remove any FQDN
  • Version 0.1.13-0
  • Fix mgradm support config tarball creation (bsc#1226759)
  • Version 0.1.12-0
  • Detection of k8s on Proxy was wrongly influenced by Server setting

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Manager Client Tools for SLE 12
    zypper in -t patch SUSE-SLE-Manager-Tools-12-2024-3266=1

Package List:

  • SUSE Manager Client Tools for SLE 12 (aarch64 ppc64le s390x x86_64)
    • golang-github-prometheus-prometheus-2.45.6-1.53.1
    • mgrctl-debuginfo-0.1.21-1.8.1
    • mgrctl-0.1.21-1.8.1
  • SUSE Manager Client Tools for SLE 12 (noarch)
    • python2-rhnlib-5.0.4-21.52.1
    • mgrctl-bash-completion-0.1.21-1.8.1
    • mgrctl-zsh-completion-0.1.21-1.8.1
    • spacecmd-5.0.9-38.147.1

References: