Security update for SUSE Manager Client Tools

Announcement ID:	SUSE-SU-2024:1508-1
Rating:	moderate
References:	bsc#1219912 bsc#1221465 bsc#1222155 jsc#MSQA-760 jsc#PED-7893 jsc#PED-7928
Cross-References:	CVE-2023-6152 CVE-2024-1313
CVSS scores:	CVE-2023-6152 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2024-1313 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected Products:	SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise High Performance Computing 12 SP2 SUSE Linux Enterprise High Performance Computing 12 SP3 SUSE Linux Enterprise High Performance Computing 12 SP4 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 SUSE Manager Client Tools for SLE 12

An update that solves two vulnerabilities, contains three features and has one security fix can now be installed.

Description:

This update fixes the following issues:

golang-github-prometheus-node_exporter:

Update to 1.7.0 (jsc#PED-7893, jsc#PED-7928):
[FEATURE] Add ZFS freebsd per dataset stats #2753
[FEATURE] Add cpu vulnerabilities reporting from sysfs #2721
[ENHANCEMENT] Parallelize stat calls in Linux filesystem collector #1772
[ENHANCEMENT] Add missing linkspeeds to ethtool collector #2711
[ENHANCEMENT] Add CPU MHz as the value for node_cpu_info metric #2778
[ENHANCEMENT] Improve qdisc collector performance #2779
[ENHANCEMENT] Add include and exclude filter for hwmon collector #2699
[ENHANCEMENT] Optionally fetch ARP stats via rtnetlink instead of procfs #2777
[BUFFIX] Fix ZFS arcstats on FreeBSD 14.0+ 2754
[BUGFIX] Fallback to 32-bit stats in netdev #2757
[BUGFIX] Close btrfs.FS handle after use #2780
[BUGFIX] Move RO status before error return #2807
[BUFFIX] Fix promhttp_metric_handler_errors_total being always active #2808
[BUGFIX] Fix nfsd v4 index miss #2824
Update to 1.6.1: (no source code changes in this release)
BuildRequire go1.20
Update to 1.6.0:
[CHANGE] Fix cpustat when some cpus are offline #2318
[CHANGE] Remove metrics of offline CPUs in CPU collector #2605
[CHANGE] Deprecate ntp collector #2603
[CHANGE] Remove bcache cache_readaheads_totals metrics #2583
[CHANGE] Deprecate supervisord collector #2685
[FEATURE] Enable uname collector on NetBSD #2559
[FEATURE] NetBSD support for the meminfo collector #2570
[FEATURE] NetBSD support for CPU collector #2626
[FEATURE] Add FreeBSD collector for netisr subsystem #2668
[FEATURE] Add softirqs collector #2669
[ENHANCEMENT] Add suspended as a node_zfs_zpool_state #2449
[ENHANCEMENT] Add administrative state of Linux network interfaces #2515
[ENHANCEMENT] Log current value of GOMAXPROCS #2537
[ENHANCEMENT] Add profiler options for perf collector #2542
[ENHANCEMENT] Allow root path as metrics path #2590
[ENHANCEMENT] Add cpu frequency governor metrics #2569
[ENHANCEMENT] Add new landing page #2622
[ENHANCEMENT] Reduce privileges needed for btrfs device stats #2634
[ENHANCEMENT] Add ZFS memory_available_bytes #2687
[ENHANCEMENT] Use SCSI_IDENT_SERIAL as serial in diskstats #2612
[ENHANCEMENT] Read missing from netlink netclass attributes from sysfs #2669
[BUGFIX] perf: fixes for automatically detecting the correct tracefs mountpoints #2553
[BUGFIX] Fix thermal_zone collector noise @2554
[BUGFIX] Fix a problem fetching the user wire count on FreeBSD 2584
[BUGFIX] interrupts: Fix fields on linux aarch64 #2631
[BUGFIX] Remove metrics of offline CPUs in CPU collector #2605
[BUGFIX] Fix OpenBSD filesystem collector string parsing #2637
[BUGFIX] Fix bad reporting of node_cpu_seconds_total in OpenBSD #2663
Change go_modules archive in _service to use obscpio file

grafana:

Packaging improvements:
Changed deprecated disabled service mode to manual
Drop golang-packaging macros
Drop explicit mod=vendor as it is enabled automatically
Update to version 9.5.18:
[SECURITY] CVE-2024-1313: Require same organisation when deleting snapshots (bsc#1222155)
Update to version 9.5.17:
[FEATURE] Alerting: Backport use Alertmanager API v2
Require Go 1.20
Update to version 9.5.16:
[SECURITY] CVE-2023-6152: Add email verification when updating user email (bsc#1219912)
[BUGFIX] Annotations: Split cleanup into separate queries and deletes to avoid deadlocks on MySQL
Update to version 9.5.15:
[FEATURE] Alerting: Attempt to retry retryable errors
Update to version 9.5.14:
[BUGFIX] Alerting: Fix state manager to not keep datasource_uid and ref_id labels in state after Error
[BUGFIX] Transformations: Config overrides being lost when config from query transform is applied
[BUGFIX] LDAP: Fix enable users on successfull login
Update to version 9.5.13:
[BUGFIX] BrowseDashboards: Only remember the most recent expanded folder
[BUGFIX] Licensing: Pass func to update env variables when starting plugin
Update to version 9.5.12:
[FEATURE] Azure: Add support for Workload Identity authentication
Update to version 9.5.9:
[FEATURE] SSE: Fix DSNode to not panic when response has empty response
[FEATURE] Prometheus: Handle the response with different field key order
[BUGFIX] LDAP: Fix user disabling

mgr-daemon:

Version 4.3.9-0
Update translation strings

spacecmd:

Version 4.3.27-0
Update translation strings

spacewalk-client-tools:

Version 4.3.19-0
Update translation strings

spacewalk-koan:

Version 4.3.6-0
Change Docker image location for test

uyuni-common-libs:

Version 4.3.10-0
Add support for package signature type V4 RSA/SHA384
Add support for package signature type V4 RSA/SHA512 (bsc#1221465)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

SUSE Manager Client Tools for SLE 12
zypper in -t patch SUSE-SLE-Manager-Tools-12-2024-1508=1
SUSE Linux Enterprise High Performance Computing 12 SP5
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-1508=1
SUSE Linux Enterprise Server 12 SP5
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-1508=1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-1508=1

Package List:

SUSE Manager Client Tools for SLE 12 (aarch64 ppc64le s390x x86_64)
- golang-github-prometheus-promu-0.14.0-1.18.1
- golang-github-prometheus-alertmanager-0.26.0-1.27.2
- golang-github-prometheus-node_exporter-1.7.0-1.30.2
- python2-uyuni-common-libs-4.3.10-1.39.1
- grafana-9.5.18-1.63.1
SUSE Manager Client Tools for SLE 12 (noarch)
- spacewalk-client-setup-4.3.19-52.98.1
- spacecmd-4.3.27-38.139.1
- python2-spacewalk-client-tools-4.3.19-52.98.1
- spacewalk-client-tools-4.3.19-52.98.1
- python2-spacewalk-check-4.3.19-52.98.1
- spacewalk-koan-4.3.6-24.36.1
- spacewalk-check-4.3.19-52.98.1
- mgr-daemon-4.3.9-1.47.1
- python2-spacewalk-koan-4.3.6-24.36.1
- python2-spacewalk-client-setup-4.3.19-52.98.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
- golang-github-prometheus-node_exporter-1.7.0-1.30.2
SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
- golang-github-prometheus-node_exporter-1.7.0-1.30.2
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
- golang-github-prometheus-node_exporter-1.7.0-1.30.2

Security update for SUSE Manager Client Tools

Description:

Patch Instructions:

Package List:

References: