Maintenance update for SUSE Manager 4.3.6 Release Notes

Announcement ID: SUSE-RU-2023:2592-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2022-46146 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-46146 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-22644 ( NVD ): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Affected Products:
  • openSUSE Leap 15.4
  • SUSE Manager Proxy 4.3
  • SUSE Manager Retail Branch Server 4.3
  • SUSE Manager Server 4.3

An update that solves two vulnerabilities, contains one feature and has 90 recommended fixes can now be installed.

Recommended update for SUSE Manager Proxy and Retail Branch Server 4.3

Description:

This update fixes the following issues:

release-notes-susemanager-proxy:

  • Update to SUSE Manager 4.3.6
  • Salt has been upgraded to 3006.0
  • Bugs mentioned bsc#1204270, bsc#1206725, bsc#1207814, bsc#1207829, bsc#1207830 bsc#1208288, bsc#1208719, bsc#1208772, bsc#1209119, bsc#1209231 bsc#1210437, bsc#1210458, bsc#1211956

Security update for SUSE Manager Server 4.3

Description:

This update fixes the following issues:

release-notes-susemanager:

  • Update to SUSE Manager 4.3.6
  • Salt has been upgraded to 3006.0
  • SUSE Linux Enterprise Server 15 SP5 Family support has been added
  • SUSE Linux Enterprise Server Micro 5.4 support has been added
  • openSUSE Leap 15.5 support has been added
  • Ability to install PTFs from SUSE Manager has been added
  • Scheduling Custom States on recurrent basis is now possible
  • Syncing optional channels from the webUI is now possible
  • All Tomcat logs are now rotated with logrotate
  • Grafana upgraded to 9.5.1
  • Node exporter upgraded to 1.5.0
  • Prometheus upgraded to 2.37.6
  • Postgres exporter upgraded to 0.10.1
  • CVEs fixed CVE-2023-22644, CVE-2022-46146

  • Bugs mentioned

    bsc#1201063, bsc#1203599, bsc#1204089, bsc#1204270, bsc#1204900 bsc#1205600, bsc#1206060, bsc#1206191, bsc#1206423, bsc#1206725 bsc#1206783, bsc#1207063, bsc#1207595, bsc#1207814, bsc#1207829 bsc#1207830, bsc#1208288, bsc#1208321, bsc#1208427, bsc#1208522 bsc#1208536, bsc#1208540, bsc#1208550, bsc#1208586, bsc#1208661 bsc#1208687, bsc#1208719, bsc#1208772, bsc#1209143, bsc#1209149 bsc#1209215, bsc#1209220, bsc#1209231, bsc#1209253, bsc#1209277 bsc#1209386, bsc#1209395, bsc#1209508, bsc#1209557, bsc#1209926 bsc#1209938, bsc#1209993, bsc#1210086, bsc#1210094, bsc#1210101 bsc#1210107, bsc#1210154, bsc#1210162, bsc#1210349, bsc#1210437 bsc#1210458, bsc#1210835, bsc#1211958, bsc#1210776, bsc#1209434 bsc#1208046, bsc#1212363, bsc#1212096, bsc#1212516

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.4
    zypper in -t patch SUSE-2023-2592=1
  • SUSE Manager Proxy 4.3
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2023-2592=1
  • SUSE Manager Retail Branch Server 4.3
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.3-2023-2592=1
  • SUSE Manager Server 4.3
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2023-2592=1

Package List:

  • openSUSE Leap 15.4 (noarch)
    • release-notes-susemanager-4.3.6-150400.3.63.2
    • release-notes-susemanager-proxy-4.3.6-150400.3.55.4
  • SUSE Manager Proxy 4.3 (noarch)
    • release-notes-susemanager-proxy-4.3.6-150400.3.55.4
  • SUSE Manager Retail Branch Server 4.3 (noarch)
    • release-notes-susemanager-proxy-4.3.6-150400.3.55.4
  • SUSE Manager Server 4.3 (noarch)
    • release-notes-susemanager-4.3.6-150400.3.63.2

References: