Security update for SUSE Manager Client Tools

Announcement ID:	SUSE-SU-2024:1509-1
Rating:	important
References:	bsc#1008037 bsc#1008038 bsc#1010940 bsc#1019021 bsc#1038785 bsc#1059235 bsc#1099805 bsc#1166389 bsc#1171823 bsc#1174145 bsc#1174302 bsc#1175993 bsc#1177948 bsc#1216854 bsc#1219002 bsc#1219912 bsc#1221092 bsc#1221465 bsc#1222155 jsc#MSQA-760
Cross-References:	CVE-2016-8614 CVE-2016-8628 CVE-2016-8647 CVE-2016-9587 CVE-2017-7550 CVE-2018-10874 CVE-2020-10744 CVE-2020-14330 CVE-2020-14332 CVE-2020-14365 CVE-2020-1753 CVE-2023-5764 CVE-2023-6152 CVE-2024-0690 CVE-2024-1313
CVSS scores:	CVE-2016-8614 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2016-8628 ( NVD ): 9.1 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2016-8647 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N CVE-2016-8647 ( NVD ): 2.2 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N CVE-2016-9587 ( NVD ): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-7550 ( SUSE ): 8.5 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2017-7550 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-7550 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-10874 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2018-10874 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-10744 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L CVE-2020-10744 ( NVD ): 5.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L CVE-2020-14330 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-14330 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-14332 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-14332 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-14365 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2020-14365 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2020-1753 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2023-5764 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N CVE-2023-5764 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-6152 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2024-0690 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-0690 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2024-1313 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected Products:	openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap 15.5 openSUSE Leap 15.6 SUSE Linux Enterprise Desktop 15 SUSE Linux Enterprise Desktop 15 SP1 SUSE Linux Enterprise Desktop 15 SP2 SUSE Linux Enterprise Desktop 15 SP3 SUSE Linux Enterprise Desktop 15 SP4 SUSE Linux Enterprise Desktop 15 SP5 SUSE Linux Enterprise Desktop 15 SP6 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15 SP1 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise High Performance Computing 15 SP4 SUSE Linux Enterprise High Performance Computing 15 SP5 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Micro 5.5 SUSE Linux Enterprise Real Time 15 SP1 SUSE Linux Enterprise Real Time 15 SP2 SUSE Linux Enterprise Real Time 15 SP3 SUSE Linux Enterprise Real Time 15 SP4 SUSE Linux Enterprise Real Time 15 SP5 SUSE Linux Enterprise Real Time 15 SP6 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server 15 SP4 SUSE Linux Enterprise Server 15 SP5 SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP6 SUSE Manager Client Tools for SLE 15 SUSE Manager Client Tools for SLE Micro 5 SUSE Manager Proxy 4.3 SUSE Manager Proxy 4.3 Module 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Package Hub 15 15-SP5

An update that solves 15 vulnerabilities, contains one feature and has four security fixes can now be installed.

Description:

This update fixes the following issues:

POS_Image-Graphical7 was updated to version 0.1.1710765237.46af599:

• Version 0.1.1710765237.46af599

• Moved image services to dracut-saltboot package

• Use salt bundle

• Version 0.1.1645440615.7f1328c

• Removed deprecated kiwi functions

POS_Image-JeOS7 was updated to version 0.1.1710765237.46af599:

• Version 0.1.1710765237.46af599

• Moved image services to dracut-saltboot package

• Use salt bundle

• Version 0.1.1645440615.7f1328c

• Removed deprecated kiwi functions

ansible received the following fixes:

• Security issues fixed:

• CVE-2023-5764: Address issues where internal templating can cause unsafe variables to lose their unsafe designation (bsc#1216854)

  • Breaking changes: assert - Nested templating may result in an inability for the conditional to be evaluated. See the porting guide for more information.

• CVE-2024-0690: Address issue where ANSIBLE_NO_LOG was ignored (bsc#1219002)

• CVE-2020-14365: Ensure that packages are GPG validated (bsc#1175993)
• CVE-2020-10744: Fixed insecure temporary directory creation (bsc#1171823)

• CVE-2018-10874: Fixed inventory variables loading from current working directory when running ad-hoc command that can lead to code execution (bsc#1099805)

• Bugs fixed:

• Don't Require python-coverage, it is needed only for testing (bsc#1177948)

dracut-saltboot was updated to version 0.1.1710765237.46af599:

• Version 0.1.1710765237.46af599

• Load only first available leaseinfo (bsc#1221092)

• Version 0.1.1681904360.84ef141

grafana was updated to version 9.5.18:

• Grafana now requires Go 1.20

• Security issues fixed:

• CVE-2024-1313: Require same organisation when deleting snapshots (bsc#1222155)

• CVE-2023-6152: Add email verification when updating user email (bsc#1219912)

• Other non-security related changes:

• Version 9.5.17:

  • [FEATURE] Alerting: Backport use Alertmanager API v2

• Version 9.5.16:

  • [BUGFIX] Annotations: Split cleanup into separate queries and deletes to avoid deadlocks on MySQL

• Version 9.5.15:

  • [FEATURE] Alerting: Attempt to retry retryable errors

• Version 9.5.14:

  • [BUGFIX] Alerting: Fix state manager to not keep datasource_uid and ref_id labels in state after Error
  • [BUGFIX] Transformations: Config overrides being lost when config from query transform is applied
  • [BUGFIX] LDAP: Fix enable users on successfull login

• Version 9.5.13:

  • [BUGFIX] BrowseDashboards: Only remember the most recent expanded folder
  • [BUGFIX] Licensing: Pass func to update env variables when starting plugin

• Version 9.5.12:

  • [FEATURE] Azure: Add support for Workload Identity authentication

• Version 9.5.9:

  • [FEATURE] SSE: Fix DSNode to not panic when response has empty response
  • [FEATURE] Prometheus: Handle the response with different field key order
  • [BUGFIX] LDAP: Fix user disabling

mgr-daemon was updated to version 4.3.9-0:

• Version 4.3.9-0

• Update translation strings

spacecmd was updated to version 4.3.27-0:

• Version 4.3.27-0

• Update translation strings

spacewalk-client-tools was updated to version 4.3.19-0:

• Version 4.3.19-0

• Update translation strings

spacewalk-koan was updated to version version 4.3.6-0:

• Version 4.3.6-0

• Change Docker image location for test

uyuni-common-libs was updated to version 4.3.10-0:

• Version 4.3.10-0

• Add support for package signature type V4 RSA/SHA384

• Add support for package signature type V4 RSA/SHA512 (bsc#1221465)

uyuni-proxy-systemd-services was updated to version 4.3.12-0:

• Version 4.3.12-0

• Update to SUSE Manager 4.3.12

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• openSUSE Leap 15.5
  zypper in -t patch openSUSE-SLE-15.5-2024-1509=1
• SUSE Manager Client Tools for SLE 15
  zypper in -t patch SUSE-SLE-Manager-Tools-15-2024-1509=1
• SUSE Manager Client Tools for SLE Micro 5
  zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2024-1509=1
• SUSE Package Hub 15 15-SP5
  zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1509=1
• SUSE Manager Proxy 4.3 Module 4.3
  zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2024-1509=1

Package List:

• openSUSE Leap 15.5 (noarch)
  • POS_Image-JeOS7-0.1.1710765237.46af599-150000.1.21.2
  • ansible-2.9.27-150000.1.17.2
  • ansible-test-2.9.27-150000.1.17.2
  • ansible-doc-2.9.27-150000.1.17.2
  • spacecmd-4.3.27-150000.3.116.2
  • POS_Image-Graphical7-0.1.1710765237.46af599-150000.1.21.2
  • dracut-saltboot-0.1.1710765237.46af599-150000.1.53.2
• openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
  • golang-github-prometheus-promu-0.14.0-150000.3.18.2
• SUSE Manager Client Tools for SLE 15 (noarch)
  • python3-spacewalk-koan-4.3.6-150000.3.33.2
  • POS_Image-JeOS7-0.1.1710765237.46af599-150000.1.21.2
  • ansible-2.9.27-150000.1.17.2
  • python3-spacewalk-client-setup-4.3.19-150000.3.89.2
  • spacewalk-client-tools-4.3.19-150000.3.89.2
  • uyuni-proxy-systemd-services-4.3.12-150000.1.21.2
  • mgr-daemon-4.3.9-150000.1.47.2
  • ansible-doc-2.9.27-150000.1.17.2
  • spacewalk-koan-4.3.6-150000.3.33.2
  • spacecmd-4.3.27-150000.3.116.2
  • POS_Image-Graphical7-0.1.1710765237.46af599-150000.1.21.2
  • spacewalk-client-setup-4.3.19-150000.3.89.2
  • python3-spacewalk-check-4.3.19-150000.3.89.2
  • python3-spacewalk-client-tools-4.3.19-150000.3.89.2
  • dracut-saltboot-0.1.1710765237.46af599-150000.1.53.2
  • spacewalk-check-4.3.19-150000.3.89.2
• SUSE Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64)
  • grafana-debuginfo-9.5.18-150000.1.63.2
  • python3-uyuni-common-libs-4.3.10-150000.1.39.2
  • grafana-9.5.18-150000.1.63.2
• SUSE Manager Client Tools for SLE Micro 5 (noarch)
  • uyuni-proxy-systemd-services-4.3.12-150000.1.21.2
  • dracut-saltboot-0.1.1710765237.46af599-150000.1.53.2
• SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64)
  • golang-github-prometheus-promu-0.14.0-150000.3.18.2
• SUSE Manager Proxy 4.3 Module 4.3 (noarch)
  • ansible-2.9.27-150000.1.17.2
  • ansible-doc-2.9.27-150000.1.17.2
  • uyuni-proxy-systemd-services-4.3.12-150000.1.21.2

References:

• https://www.suse.com/security/cve/CVE-2016-8614.html
• https://www.suse.com/security/cve/CVE-2016-8628.html
• https://www.suse.com/security/cve/CVE-2016-8647.html
• https://www.suse.com/security/cve/CVE-2016-9587.html
• https://www.suse.com/security/cve/CVE-2017-7550.html
• https://www.suse.com/security/cve/CVE-2018-10874.html
• https://www.suse.com/security/cve/CVE-2020-10744.html
• https://www.suse.com/security/cve/CVE-2020-14330.html
• https://www.suse.com/security/cve/CVE-2020-14332.html
• https://www.suse.com/security/cve/CVE-2020-14365.html
• https://www.suse.com/security/cve/CVE-2020-1753.html
• https://www.suse.com/security/cve/CVE-2023-5764.html
• https://www.suse.com/security/cve/CVE-2023-6152.html
• https://www.suse.com/security/cve/CVE-2024-0690.html
• https://www.suse.com/security/cve/CVE-2024-1313.html
• https://bugzilla.suse.com/show_bug.cgi?id=1008037
• https://bugzilla.suse.com/show_bug.cgi?id=1008038
• https://bugzilla.suse.com/show_bug.cgi?id=1010940
• https://bugzilla.suse.com/show_bug.cgi?id=1019021
• https://bugzilla.suse.com/show_bug.cgi?id=1038785
• https://bugzilla.suse.com/show_bug.cgi?id=1059235
• https://bugzilla.suse.com/show_bug.cgi?id=1099805
• https://bugzilla.suse.com/show_bug.cgi?id=1166389
• https://bugzilla.suse.com/show_bug.cgi?id=1171823
• https://bugzilla.suse.com/show_bug.cgi?id=1174145
• https://bugzilla.suse.com/show_bug.cgi?id=1174302
• https://bugzilla.suse.com/show_bug.cgi?id=1175993
• https://bugzilla.suse.com/show_bug.cgi?id=1177948
• https://bugzilla.suse.com/show_bug.cgi?id=1216854
• https://bugzilla.suse.com/show_bug.cgi?id=1219002
• https://bugzilla.suse.com/show_bug.cgi?id=1219912
• https://bugzilla.suse.com/show_bug.cgi?id=1221092
• https://bugzilla.suse.com/show_bug.cgi?id=1221465
• https://bugzilla.suse.com/show_bug.cgi?id=1222155
• https://jira.suse.com/browse/MSQA-760