Security update for SUSE Manager Server 4.3 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:1532-1 Final 1 1 2024-05-06T09:55:29Z current 2024-05-06T09:55:29Z 2024-05-06T09:55:29Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for SUSE Manager Server 4.3 This update fixes the following issues: release-notes-susemanager: - Update to SUSE Manager 4.3.12 * Monitoring: Node exporter upgraded to 1.7.0 * Automatic migration from Salt 3000 to the Salt Bundle * New update-salt recurring state * uyuni-proxy-systemd-services package has been added to proxy channel * New Errata getRelevantErrata API endpoint * CVEs fixed: 2023-51775 * Bugs mentioned: bsc#1170848, bsc#1208572, bsc#1214340, bsc#1214387, bsc#1216085 bsc#1217204, bsc#1217874, bsc#1218764, bsc#1218805, bsc#1218931 bsc#1218957, bsc#1219061, bsc#1219233, bsc#1219634, bsc#1219875 bsc#1220101, bsc#1220169, bsc#1220194, bsc#1220221, bsc#1220376 bsc#1220705, bsc#1220726, bsc#1220903, bsc#1220980, bsc#1221111 bsc#1221182, bsc#1221279, bsc#1221465, bsc#1221571, bsc#1221784 bsc#1221922, bsc#1222110, bsc#1222347 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/manager/4.3/proxy-httpd:latest-2024-1532,Image SLES15-SP4-Manager-Proxy-4-3-BYOS-2024-1532,Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure-2024-1532,Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2-2024-1532,Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE-2024-1532,Image SLES15-SP4-Manager-Server-4-3-2024-1532,Image SLES15-SP4-Manager-Server-4-3-Azure-llc-2024-1532,Image SLES15-SP4-Manager-Server-4-3-Azure-ltd-2024-1532,Image SLES15-SP4-Manager-Server-4-3-BYOS-2024-1532,Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure-2024-1532,Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2-2024-1532,Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE-2024-1532,Image SLES15-SP4-Manager-Server-4-3-EC2-llc-2024-1532,Image SLES15-SP4-Manager-Server-4-3-EC2-ltd-2024-1532,SUSE-2024-1532,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-1532,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1532 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20241532-1/ Link for SUSE-SU-2024:1532-1 https://lists.suse.com/pipermail/sle-security-updates/2024-May/018453.html E-Mail link for SUSE-SU-2024:1532-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1170848 SUSE Bug 1170848 https://bugzilla.suse.com/1208572 SUSE Bug 1208572 https://bugzilla.suse.com/1214340 SUSE Bug 1214340 https://bugzilla.suse.com/1214387 SUSE Bug 1214387 https://bugzilla.suse.com/1216085 SUSE Bug 1216085 https://bugzilla.suse.com/1217204 SUSE Bug 1217204 https://bugzilla.suse.com/1217874 SUSE Bug 1217874 https://bugzilla.suse.com/1218764 SUSE Bug 1218764 https://bugzilla.suse.com/1218805 SUSE Bug 1218805 https://bugzilla.suse.com/1218931 SUSE Bug 1218931 https://bugzilla.suse.com/1218957 SUSE Bug 1218957 https://bugzilla.suse.com/1219061 SUSE Bug 1219061 https://bugzilla.suse.com/1219233 SUSE Bug 1219233 https://bugzilla.suse.com/1219634 SUSE Bug 1219634 https://bugzilla.suse.com/1219875 SUSE Bug 1219875 https://bugzilla.suse.com/1220101 SUSE Bug 1220101 https://bugzilla.suse.com/1220169 SUSE Bug 1220169 https://bugzilla.suse.com/1220194 SUSE Bug 1220194 https://bugzilla.suse.com/1220221 SUSE Bug 1220221 https://bugzilla.suse.com/1220376 SUSE Bug 1220376 https://bugzilla.suse.com/1220705 SUSE Bug 1220705 https://bugzilla.suse.com/1220726 SUSE Bug 1220726 https://bugzilla.suse.com/1220903 SUSE Bug 1220903 https://bugzilla.suse.com/1220980 SUSE Bug 1220980 https://bugzilla.suse.com/1221111 SUSE Bug 1221111 https://bugzilla.suse.com/1221182 SUSE Bug 1221182 https://bugzilla.suse.com/1221279 SUSE Bug 1221279 https://bugzilla.suse.com/1221465 SUSE Bug 1221465 https://bugzilla.suse.com/1221571 SUSE Bug 1221571 https://bugzilla.suse.com/1221784 SUSE Bug 1221784 https://bugzilla.suse.com/1221922 SUSE Bug 1221922 https://bugzilla.suse.com/1222110 SUSE Bug 1222110 https://bugzilla.suse.com/1222347 SUSE Bug 1222347 https://www.suse.com/security/cve/CVE-2023-51775/ SUSE CVE CVE-2023-51775 page Container suse/manager/4.3/proxy-httpd:latest Image SLES15-SP4-Manager-Proxy-4-3-BYOS Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE Image SLES15-SP4-Manager-Server-4-3 Image SLES15-SP4-Manager-Server-4-3-Azure-llc Image SLES15-SP4-Manager-Server-4-3-Azure-ltd Image SLES15-SP4-Manager-Server-4-3-BYOS Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE Image SLES15-SP4-Manager-Server-4-3-EC2-llc Image SLES15-SP4-Manager-Server-4-3-EC2-ltd SUSE Manager Proxy 4.3 SUSE Manager Server 4.3 release-notes-susemanager-proxy-4.3.12-150400.3.82.3 release-notes-susemanager-4.3.12-150400.3.108.2 release-notes-susemanager-proxy-4.3.12-150400.3.82.3 as a component of Container suse/manager/4.3/proxy-httpd:latest release-notes-susemanager-proxy-4.3.12-150400.3.82.3 as a component of Image SLES15-SP4-Manager-Proxy-4-3-BYOS release-notes-susemanager-proxy-4.3.12-150400.3.82.3 as a component of Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure release-notes-susemanager-proxy-4.3.12-150400.3.82.3 as a component of Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2 release-notes-susemanager-proxy-4.3.12-150400.3.82.3 as a component of Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE release-notes-susemanager-4.3.12-150400.3.108.2 as a component of Image SLES15-SP4-Manager-Server-4-3 release-notes-susemanager-4.3.12-150400.3.108.2 as a component of Image SLES15-SP4-Manager-Server-4-3-Azure-llc release-notes-susemanager-4.3.12-150400.3.108.2 as a component of Image SLES15-SP4-Manager-Server-4-3-Azure-ltd release-notes-susemanager-4.3.12-150400.3.108.2 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS release-notes-susemanager-4.3.12-150400.3.108.2 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure release-notes-susemanager-4.3.12-150400.3.108.2 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 release-notes-susemanager-4.3.12-150400.3.108.2 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE release-notes-susemanager-4.3.12-150400.3.108.2 as a component of Image SLES15-SP4-Manager-Server-4-3-EC2-llc release-notes-susemanager-4.3.12-150400.3.108.2 as a component of Image SLES15-SP4-Manager-Server-4-3-EC2-ltd release-notes-susemanager-proxy-4.3.12-150400.3.82.3 as a component of SUSE Manager Proxy 4.3 release-notes-susemanager-4.3.12-150400.3.108.2 as a component of SUSE Manager Server 4.3 The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value. CVE-2023-51775 Container suse/manager/4.3/proxy-httpd:latest:release-notes-susemanager-proxy-4.3.12-150400.3.82.3 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure:release-notes-susemanager-proxy-4.3.12-150400.3.82.3 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2:release-notes-susemanager-proxy-4.3.12-150400.3.82.3 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE:release-notes-susemanager-proxy-4.3.12-150400.3.82.3 Image SLES15-SP4-Manager-Proxy-4-3-BYOS:release-notes-susemanager-proxy-4.3.12-150400.3.82.3 Image SLES15-SP4-Manager-Server-4-3-Azure-llc:release-notes-susemanager-4.3.12-150400.3.108.2 Image SLES15-SP4-Manager-Server-4-3-Azure-ltd:release-notes-susemanager-4.3.12-150400.3.108.2 Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure:release-notes-susemanager-4.3.12-150400.3.108.2 Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2:release-notes-susemanager-4.3.12-150400.3.108.2 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE:release-notes-susemanager-4.3.12-150400.3.108.2 Image SLES15-SP4-Manager-Server-4-3-BYOS:release-notes-susemanager-4.3.12-150400.3.108.2 Image SLES15-SP4-Manager-Server-4-3-EC2-llc:release-notes-susemanager-4.3.12-150400.3.108.2 Image SLES15-SP4-Manager-Server-4-3-EC2-ltd:release-notes-susemanager-4.3.12-150400.3.108.2 Image SLES15-SP4-Manager-Server-4-3:release-notes-susemanager-4.3.12-150400.3.108.2 SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.12-150400.3.82.3 SUSE Manager Server 4.3:release-notes-susemanager-4.3.12-150400.3.108.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241532-1/ https://www.suse.com/security/cve/CVE-2023-51775.html CVE-2023-51775 https://bugzilla.suse.com/1220726 SUSE Bug 1220726