Security update for SUSE Manager Client Tools

Announcement ID:	SUSE-SU-2024:3266-1
Rating:	important
References:	bsc#1220136 bsc#1224349 bsc#1225349 bsc#1226191 bsc#1226284 bsc#1226437 bsc#1226759 bsc#1226793 bsc#1226847 bsc#1226914 bsc#1227038 bsc#1227195 bsc#1227244 bsc#1227245 bsc#1227505 bsc#1227584 bsc#1227586 bsc#1227588 bsc#1227718 bsc#1227951 bsc#1228026 bsc#1228183 bsc#1228198 bsc#1228556 jsc#MSQA-848 jsc#PED-3577
Cross-References:	CVE-2023-45142 CVE-2024-6104
CVSS scores:	CVE-2023-45142 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-45142 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-6104 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N CVE-2024-6104 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products:	SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise High Performance Computing 12 SP2 SUSE Linux Enterprise High Performance Computing 12 SP3 SUSE Linux Enterprise High Performance Computing 12 SP4 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 SUSE Manager Client Tools for SLE 12

An update that solves two vulnerabilities, contains two features and has 22 security fixes can now be installed.

Description:

This update fixes the following issues:

golang-github-prometheus-prometheus:

• Security issues fixed:

• CVE-2024-6104: Update go-retryablehttp to version 0.7.7 (bsc#1227038)

• CVE-2023-45142: Updated otelhttp to version 0.46.1 (bsc#1228556)

• Require Go > 1.20 for building

• Migrate from disabled to manual service mode
• Update to 2.45.6 (jsc#PED-3577):
• Security fixes in dependencies
• Update to 2.45.5:
• [BUGFIX] tsdb/agent: ensure that new series get written to WAL on rollback.
• [BUGFIX] Remote write: Avoid a race condition when applying configuration.
• Update to 2.45.4:
• [BUGFIX] Remote read: Release querier resources before encoding the results.
• Update to 2.45.3:
• [BUGFIX] TSDB: Remove double memory snapshot on shutdown.
• Update to 2.45.2:
• [BUGFIX] TSDB: Fix PostingsForMatchers race with creating new series.
• Update to 2.45.1:
• [ENHANCEMENT] Hetzner SD: Support larger ID's that will be used by Hetzner in September.
• [BUGFIX] Linode SD: Cast InstanceSpec values to int64 to avoid overflows on 386 architecture.
• [BUGFIX] TSDB: Handle TOC parsing failures.

rhnlib:

• Version 5.0.4-0
• Add the old TLS code for very old traditional clients still on python 2.7 (bsc#1228198)

spacecmd:

• Version 5.0.9-0
• Update translation strings

uyuni-tools:

• Version 0.1.21-0
• mgrpxy: Fix typo on Systemd template
• Version 0.1.20-0
• Update the push tag to 5.0.1
• mgrpxy: expose port on IPv6 network (bsc#1227951)
• Version 0.1.19-0
• Skip updating Tomcat remote debug if conf file is not present
• Version 0.1.18-0
• Setup Confidential Computing container during migration (bsc#1227588)
• Add the /etc/uyuni/uyuni-tools.yaml path to the config help
• Split systemd config files to not loose configuration at upgrade (bsc#1227718)
• Use the same logic for image computation in mgradm and mgrpxy (bsc#1228026)
• Allow building with different Helm and container default registry paths (bsc#1226191)
• Fix recursion in mgradm upgrade podman list --help
• Setup hub xmlrpc API service in migration to Podman (bsc#1227588)
• Setup disabled hub xmlrpc API service in all cases (bsc#1227584)
• Clean the inspection code to make it faster
• Properly detect IPv6 enabled on Podman network (bsc#1224349)
• Fix the log file path generation
• Write scripts output to uyuni-tools.log file
• Add uyuni-hubxml-rpc to the list of values in mgradm scale --help
• Use path in mgradm support sql file input (bsc#1227505)
• On Ubuntu build with go1.21 instead of go1.20
• Enforce Cobbler setup (bsc#1226847)
• Expose port on IPv6 network (bsc#1227951)
• show output of podman image search --list-tags command
• Implement mgrpxy support config command
• During migration, ignore /etc/sysconfig/tomcat and /etc/tomcat/tomcat.conf (bsc#1228183)
• During migration, remove java.annotation,com.sun.xml.bind and UseConcMarkSweepGC settings
• Disable node exporter port for Kubernetes
• Fix start, stop and restart in Kubernetes
• Increase start timeout in Kubernetes
• Fix traefik query
• Fix password entry usability (bsc#1226437)
• Add --prepare option to migrate command
• Fix random error during installation of CA certificate (bsc#1227245)
• Clarify and fix distro name guessing when not provided (bsc#1226284)
• Replace not working Fatal error by plain error return (bsc#1220136)
• Allow server installation with preexisting storage volumes
• Do not report error when purging mounted volume (bsc#1225349)
• Preserve PAGER settings from the host for interactive sql usage (bsc#1226914)
• Add mgrpxy command to clear the Squid cache
• Use local images for Confidential Computing and Hub containers (bsc#1227586)
• Version 0.1.17-0
• Allow GPG files to be loaded from the local file (bsc#1227195)
• Version 0.1.16-0
• Prefer local images in all migration steps (bsc#1227244)
• Version 0.1.15-0
• Define --registry flag behaviour (bsc#1226793)
• Version 0.1.14-0
• Do not rely on hardcoded registry, remove any FQDN
• Version 0.1.13-0
• Fix mgradm support config tarball creation (bsc#1226759)
• Version 0.1.12-0
• Detection of k8s on Proxy was wrongly influenced by Server setting

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Manager Client Tools for SLE 12
  zypper in -t patch SUSE-SLE-Manager-Tools-12-2024-3266=1

Package List:

• SUSE Manager Client Tools for SLE 12 (aarch64 ppc64le s390x x86_64)
  • golang-github-prometheus-prometheus-2.45.6-1.53.1
  • mgrctl-debuginfo-0.1.21-1.8.1
  • mgrctl-0.1.21-1.8.1
• SUSE Manager Client Tools for SLE 12 (noarch)
  • python2-rhnlib-5.0.4-21.52.1
  • mgrctl-bash-completion-0.1.21-1.8.1
  • mgrctl-zsh-completion-0.1.21-1.8.1
  • spacecmd-5.0.9-38.147.1

References:

• https://www.suse.com/security/cve/CVE-2023-45142.html
• https://www.suse.com/security/cve/CVE-2024-6104.html
• https://bugzilla.suse.com/show_bug.cgi?id=1220136
• https://bugzilla.suse.com/show_bug.cgi?id=1224349
• https://bugzilla.suse.com/show_bug.cgi?id=1225349
• https://bugzilla.suse.com/show_bug.cgi?id=1226191
• https://bugzilla.suse.com/show_bug.cgi?id=1226284
• https://bugzilla.suse.com/show_bug.cgi?id=1226437
• https://bugzilla.suse.com/show_bug.cgi?id=1226759
• https://bugzilla.suse.com/show_bug.cgi?id=1226793
• https://bugzilla.suse.com/show_bug.cgi?id=1226847
• https://bugzilla.suse.com/show_bug.cgi?id=1226914
• https://bugzilla.suse.com/show_bug.cgi?id=1227038
• https://bugzilla.suse.com/show_bug.cgi?id=1227195
• https://bugzilla.suse.com/show_bug.cgi?id=1227244
• https://bugzilla.suse.com/show_bug.cgi?id=1227245
• https://bugzilla.suse.com/show_bug.cgi?id=1227505
• https://bugzilla.suse.com/show_bug.cgi?id=1227584
• https://bugzilla.suse.com/show_bug.cgi?id=1227586
• https://bugzilla.suse.com/show_bug.cgi?id=1227588
• https://bugzilla.suse.com/show_bug.cgi?id=1227718
• https://bugzilla.suse.com/show_bug.cgi?id=1227951
• https://bugzilla.suse.com/show_bug.cgi?id=1228026
• https://bugzilla.suse.com/show_bug.cgi?id=1228183
• https://bugzilla.suse.com/show_bug.cgi?id=1228198
• https://bugzilla.suse.com/show_bug.cgi?id=1228556
• https://jira.suse.com/browse/MSQA-848
• https://jira.suse.com/browse/PED-3577