Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseSUSE-SU-2022:3751-1
HistoryOct 26, 2022 - 12:00 a.m.

Security update for SUSE Manager Client Tools (moderate)

2022-10-2600:00:00
lists.opensuse.org
21

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

JSON

An update that solves two vulnerabilities, contains four
features and has one errata is now available.

Description:

This update fixes the following issues:

dracut-saltboot:

  • Update to version 0.1.1661440542.6cbe0da
    • Use standard susemanager.conf
    • Move image services to dracut-saltboot package
    • Use salt bundle

golang-github-lusitaniae-apache_exporter:

  • Update to upstream release 0.11.0 (jsc#SLE-24791)
    • Add TLS support
    • Switch to logger, please check --log.level and --log.format flags
  • Update to version 0.10.1
    • Bugfix: Reset ProxyBalancer metrics on each scrape to remove stale data
  • Update to version 0.10.0
    • Add Apache Proxy and other metrics
  • Update to version 0.8.0
    • Change commandline flags
    • Add metrics: Apache version, request duration total
  • Adapted to build on Enterprise Linux 8
  • Require building with Go 1.15
  • Add %license macro for LICENSE file

grafana:

  • Update to version 8.3.10
    • Security:
      • CVE-2022-31097: Cross Site Scripting vulnerability in the Unified
        Alerting (bsc#1201535)
      • CVE-2022-31107: Fixes OAuth account takeover vulnerability
        (bsc#1201539)
  • Update to version 8.3.9
    • Bug fixes:
      • Geomap: Display legend
      • Prometheus: Fix timestamp truncation
  • Update to version 8.3.7
    • Bug fix:
      • Provisioning: Ensure that the default value for orgID is set when
        provisioning datasources to be deleted.
  • Update to version 8.3.6
    • Features and enhancements:
      • Cloud Monitoring: Reduce request size when listing labels.
      • Explore: Show scalar data result in a table instead of graph.
      • Snapshots: Updates the default external snapshot server URL.
      • Table: Makes footer not overlap table content.
      • Tempo: Add request histogram to service graph datalink.
      • Tempo: Add time range to tempo search query behind a feature flag.
      • Tempo: Auto-clear results when changing query type.
      • Tempo: Display start time in search results as relative time.
      • CloudMonitoring: Fix resource labels in query editor.
      • Cursor sync: Apply the settings without saving the dashboard.
      • LibraryPanels: Fix for Error while cleaning library panels.
      • Logs Panel: Fix timestamp parsing for string dates without timezone.
      • Prometheus: Fix some of the alerting queries that use reduce/math
        operation.
      • TablePanel: Fix ad-hoc variables not working on default datasources.
      • Text Panel: Fix alignment of elements.
      • Variables: Fix for constant variables in self referencing links.
  • Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422, jsc#SLE-24565)

mgr-daemon:

  • Version 4.3.6-1
    • Update translation strings

spacecmd:

  • Version 4.3.15-1
    • Process date values in spacecmd api calls (bsc#1198903)

spacewalk-client-tools:

  • Version 4.3.12-1
    • Update translation strings

uyuni-common-libs:

  • Version 4.3.6-1
    • Do not allow creating path if nonexistent user or group in fileutils.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.4:

    zypper in -t patch openSUSE-SLE-15.4-2022-3751=1

  • openSUSE Leap 15.3:

    zypper in -t patch openSUSE-SLE-15.3-2022-3751=1

  • SUSE Manager Tools 15:

    zypper in -t patch SUSE-SLE-Manager-Tools-15-2022-3751=1

  • SUSE Linux Enterprise Server for SAP 15:

    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3751=1

  • SUSE Linux Enterprise Server 15-LTSS:

    zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3751=1

  • SUSE Linux Enterprise Module for SUSE Manager Server 4.3:

    zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3751=1

  • SUSE Linux Enterprise Module for SUSE Manager Server 4.2:

    zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3751=1

  • SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3:

    zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-3751=1

  • SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2:

    zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-3751=1

  • SUSE Linux Enterprise High Performance Computing 15-LTSS:

    zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3751=1

  • SUSE Linux Enterprise High Performance Computing 15-ESPOS:

    zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3751=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.4aarch64< - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):.aarch64.rpm
openSUSE Leap15.4ppc64le< - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm
openSUSE Leap15.4s390x< - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):.s390x.rpm
openSUSE Leap15.4x86_64< - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):.x86_64.rpm
openSUSE Leap15.4noarch< - openSUSE Leap 15.4 (noarch):- openSUSE Leap 15.4 (noarch):.noarch.rpm
openSUSE Leap15.3aarch64< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.aarch64.rpm
openSUSE Leap15.3ppc64le< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm
openSUSE Leap15.3s390x< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.s390x.rpm
openSUSE Leap15.3x86_64< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.x86_64.rpm
openSUSE Leap15.3noarch< - openSUSE Leap 15.3 (noarch):- openSUSE Leap 15.3 (noarch):.noarch.rpm
Rows per page:
1-10 of 391

Related

nessus 19
openvas 7
freebsd 2
osv 8
cve 2
checkpoint_advisories 1
veracode 3
prion 2
ibm 3
suse 1
oraclelinux 2
rocky 2
alpinelinux 2
redhatcve 2
cgr 1
redhat 7
almalinux 2
altlinux 1
redos 1
nessus
nessus
SUSE SLES15 Security Update : SUSE Manager Client Tools (SUSE-SU-2022:3751-1)
2022-10-27 00:00:00
SUSE SLES12 Security Update : SUSE Manager Client Tools (SUSE-SU-2022:3747-1)
2022-10-27 00:00:00
SUSE SLED15 / SLES15 Security Update : grafana (SUSE-SU-2022:3765-1)
2022-10-27 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:3751-1)
2022-10-27 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3747-1)
2022-10-27 00:00:00
Grafana XSS Vulnerability (GHSA-vw7q-p2qg-4m5f)
2022-07-18 00:00:00
freebsd
freebsd
Grafana -- Stored XSS
2022-06-19 00:00:00
Grafana -- OAuth Account Takeover
2022-06-27 00:00:00
osv
osv
BIT-grafana-2022-31097
2024-03-06 10:56:47
CVE-2022-31097
2022-07-15 12:15:08
Important: grafana security update
2022-07-26 13:54:29
cve
cve
CVE-2022-31097
2022-07-15 12:15:00
CVE-2022-31107
2022-07-15 13:15:00
checkpoint_advisories
checkpoint_advisories
Grafana Cross-Site Scripting (CVE-2022-31097)
2022-11-27 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2022-07-18 12:12:46
Stored Cross-Site Scripting (XSS)
2022-07-18 13:05:26
Privilege Escalation
2022-07-18 07:51:04
prion
prion
Cross site scripting
2022-07-15 12:15:00
Authorization
2022-07-15 13:15:00
ibm
ibm
Security Bulletin: IBM Storage Ceph is vulnerable to cross-site scripting due to Grafana (CVE-2022-31097)
2023-11-01 19:37:45
Security Bulletin: IBM Storage Ceph is vulnerable to an incorrect authorization vulnerablity in Grafana.
2023-11-01 19:48:20
Security Bulletin: Watson Machine Learning Accelerator on Cloud Pak for Data is affected by multiple vulnerabilities in Grafana
2023-11-17 16:01:52
suse
suse
Security update for grafana (important)
2022-10-26 00:00:00
oraclelinux
oraclelinux
grafana security update
2022-07-26 00:00:00
grafana security update
2022-07-27 00:00:00
rocky
rocky
grafana security update
2022-07-26 13:54:29
grafana security update
2022-07-26 13:52:05
alpinelinux
alpinelinux
CVE-2022-31097
2022-07-15 12:15:00
CVE-2022-31107
2022-07-15 13:15:00
redhatcve
redhatcve
CVE-2022-31097
2022-07-15 04:07:20
CVE-2022-31107
2022-07-15 04:07:29
cgr
cgr
CVE-2022-31107 vulnerabilities
2024-04-26 03:19:48
redhat
redhat
(RHSA-2022:5716) Important: grafana security update
2022-07-26 13:52:05
(RHSA-2022:5717) Important: grafana security update
2022-07-26 13:54:29
(RHSA-2022:5720) Important: grafana security update
2022-07-26 14:02:39
almalinux
almalinux
Important: grafana security update
2022-07-26 00:00:00
Important: grafana security update
2022-07-26 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package grafana version 8.5.20-alt1
2023-01-31 00:00:00
redos
redos
ROS-20240403-01
2024-04-03 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

JSON
Related for SUSE-SU-2022:3751-1
nessus19openvas7freebsd2osv8cve2checkpoint_advisories1veracode3prion2ibm3suse1oraclelinux2rocky2alpinelinux2redhatcve2cgr1redhat7almalinux2altlinux1redos1