GoogleOSV:SUSE-SU-2024:3267-1Security update for SUSE Manager Client Tools
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
This update fixes the following issues:
golang-github-prometheus-prometheus:
-
Security issues fixed:
- CVE-2024-6104: Update go-retryablehttp to version 0.7.7 (bsc#1227038)
- CVE-2023-45142: Updated otelhttp to version 0.46.1 (bsc#1228556)
-
Require Go > 1.20 for building
-
Migrate from
disabledtomanualservice mode -
Update to 2.45.6 (jsc#PED-3577):
- Security fixes in dependencies
-
Update to 2.45.5:
- [BUGFIX] tsdb/agent: ensure that new series get written to WAL
on rollback. - [BUGFIX] Remote write: Avoid a race condition when applying
configuration.
- [BUGFIX] tsdb/agent: ensure that new series get written to WAL
-
Update to 2.45.4:
- [BUGFIX] Remote read: Release querier resources before encoding
the results.
- [BUGFIX] Remote read: Release querier resources before encoding
-
Update to 2.45.3:
- [BUGFIX] TSDB: Remove double memory snapshot on shutdown.
-
Update to 2.45.2:
- [BUGFIX] TSDB: Fix PostingsForMatchers race with creating new
series.
- [BUGFIX] TSDB: Fix PostingsForMatchers race with creating new
-
Update to 2.45.1:
- [ENHANCEMENT] Hetzner SD: Support larger ID’s that will be used
by Hetzner in September. - [BUGFIX] Linode SD: Cast InstanceSpec values to int64 to avoid
overflows on 386 architecture. - [BUGFIX] TSDB: Handle TOC parsing failures.
- [ENHANCEMENT] Hetzner SD: Support larger ID’s that will be used
rhnlib:
- Version 5.0.4-0
- Add the old TLS code for very old traditional clients still on
python 2.7 (bsc#1228198)
- Add the old TLS code for very old traditional clients still on
spacecmd:
- Version 5.0.9-0
- Update translation strings
uyuni-tools:
- Version 0.1.21-0
- mgrpxy: Fix typo on Systemd template
- Version 0.1.20-0
- Update the push tag to 5.0.1
- mgrpxy: expose port on IPv6 network (bsc#1227951)
- Version 0.1.19-0
- Skip updating Tomcat remote debug if conf file is not present
- Version 0.1.18-0
- Setup Confidential Computing container during migration
(bsc#1227588) - Add the /etc/uyuni/uyuni-tools.yaml path to the config help
- Split systemd config files to not loose configuration at upgrade
(bsc#1227718) - Use the same logic for image computation in mgradm and mgrpxy
(bsc#1228026) - Allow building with different Helm and container default
registry paths (bsc#1226191) - Fix recursion in mgradm upgrade podman list --help
- Setup hub xmlrpc API service in migration to Podman (bsc#1227588)
- Setup disabled hub xmlrpc API service in all cases (bsc#1227584)
- Clean the inspection code to make it faster
- Properly detect IPv6 enabled on Podman network (bsc#1224349)
- Fix the log file path generation
- Write scripts output to uyuni-tools.log file
- Add uyuni-hubxml-rpc to the list of values in
mgradm scale --help - Use path in mgradm support sql file input (bsc#1227505)
- On Ubuntu build with go1.21 instead of go1.20
- Enforce Cobbler setup (bsc#1226847)
- Expose port on IPv6 network (bsc#1227951)
- show output of podman image search --list-tags command
- Implement mgrpxy support config command
- During migration, ignore /etc/sysconfig/tomcat and
/etc/tomcat/tomcat.conf (bsc#1228183) - During migration, remove java.annotation,com.sun.xml.bind and
UseConcMarkSweepGC settings - Disable node exporter port for Kubernetes
- Fix start, stop and restart in Kubernetes
- Increase start timeout in Kubernetes
- Fix traefik query
- Fix password entry usability (bsc#1226437)
- Add --prepare option to migrate command
- Fix random error during installation of CA certificate
(bsc#1227245) - Clarify and fix distro name guessing when not provided
(bsc#1226284) - Replace not working Fatal error by plain error return
(bsc#1220136) - Allow server installation with preexisting storage volumes
- Do not report error when purging mounted volume (bsc#1225349)
- Preserve PAGER settings from the host for interactive sql
usage (bsc#1226914) - Add mgrpxy command to clear the Squid cache
- Use local images for Confidential Computing and
Hub containers (bsc#1227586)
- Setup Confidential Computing container during migration
- Version 0.1.17-0
- Allow GPG files to be loaded from the local file (bsc#1227195)
- Version 0.1.16-0
- Prefer local images in all migration steps (bsc#1227244)
- Version 0.1.15-0
- Define --registry flag behaviour (bsc#1226793)
- Version 0.1.14-0
- Do not rely on hardcoded registry, remove any FQDN
- Version 0.1.13-0
- Fix mgradm support config tarball creation (bsc#1226759)
- Version 0.1.12-0
- Detection of k8s on Proxy was wrongly influenced by Server
setting
- Detection of k8s on Proxy was wrongly influenced by Server
References
bugzilla.suse.com/1220136
bugzilla.suse.com/1224349
bugzilla.suse.com/1225349
bugzilla.suse.com/1226191
bugzilla.suse.com/1226284
bugzilla.suse.com/1226437
bugzilla.suse.com/1226759
bugzilla.suse.com/1226793
bugzilla.suse.com/1226847
bugzilla.suse.com/1226914
bugzilla.suse.com/1227038
bugzilla.suse.com/1227195
bugzilla.suse.com/1227244
bugzilla.suse.com/1227245
bugzilla.suse.com/1227505
bugzilla.suse.com/1227584
bugzilla.suse.com/1227586
bugzilla.suse.com/1227588
bugzilla.suse.com/1227718
bugzilla.suse.com/1227951
bugzilla.suse.com/1228026
bugzilla.suse.com/1228183
bugzilla.suse.com/1228198
bugzilla.suse.com/1228556
www.suse.com/security/cve/CVE-2023-45142
www.suse.com/security/cve/CVE-2024-6104
www.suse.com/support/update/announcement/2024/suse-su-20243267-1/
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High