Security update for SUSE Manager Client Tools SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:4019-1 Final 1 1 2024-11-18T13:24:46Z current 2024-11-18T13:24:46Z 2024-11-18T13:24:46Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for SUSE Manager Client Tools This update fixes the following issues: golang-github-lusitaniae-apache_exporter was updated from version 1.0.1 to 1.0.8: - Security issues fixed: * CVE-2023-3978: Fixed security bug in x/net dependency in version 1.0.2 (bsc#1213933) - Bugs fixed: * Require Go 1.20 when building for RedHat derivatives * Version 1.0.8 (bsc#1227341): + Update prometheus/client_golang to version 1.19.1 + Update x/net to version 0.23.0 * Version 1.0.7: + Update protobuf to version 1.33.0 + Update prometheus/client_golang to version 1.19.0 + Update prometheus/common to version 0.46.0 + Standardize landing page * Version 1.0.6: + Update prometheus/exporter-toolkit to version 0.11.0 + Update prometheus/client_golang to version 1.18.0 + Added User-Agent header * Version 1.0.4: + Update x/crypto to version 0.17.0 + Update alecthomas/kingpin/v2 to version 2.4.0 + Update prometheus/common to version 0.45.0 * Version 1.0.3: + Update prometheus/client_golang to version 1.17.0 + Update x/net 0.17.0 * Version 1.0.1: + Update prometheus/exporter-toolkit to version 0.10.0 + Update prometheus/common to version 0.44.0 + Update prometheus/client_golang to version 1.16.0 scap-security-guide was updated from version 0.1.73 to 0.1.74: - Version 0.1.74 (jsc#ECO-3319): * Added Amazon Linux 2023 product * Introduce new remediation type Kickstart * Make PAM macros more flexible to variables * Remove Debian 10 Product * Remove Red Hat Enterprise Linux 7 product * Update CIS RHEL9 control file to v2.0.0 spacecmd was updated from version 5.0.9-0 to 5.0.10-0: - Version 5.0.10-0: * Speed up softwarechannel_removepackages (bsc#1227606) * Fixed error in 'kickstart_delete' when using wildcards (bsc#1227578) * Spacecmd bootstrap now works with specified port (bsc#1229437) * Fixed sls backup creation as directory with spacecmd (bsc#1230745) uyuni-tools was updated from version 0.1.21-0 to 0.1.23-0: - Version 0.1.23-0: * Ensure namespace is defined in all kubernetes commands * Use SCC credentials to authenticate against registry.suse.com for kubernetes (bsc#1231157) * Fixed namespace usage on mgrctl cp command - Version 0.1.22-0: * Set projectId also for test packages/images * mgradm migration should not pull Confidential Computing and Hub image is replicas == 0 (bsc#1229432, bsc#1230136) * Do not allow SUSE Manager downgrade * Prevent completion issue when /var/log/uyuni-tools.log is missing * Fixed proxy shared volume flag * During migration, exclude mgr-sync configuration file (bsc#1228685) * Migrate from PostgreSQL 14 to PostgreSQL 16 pg_hba.conf and postgresql.conf files (bsc#1231206) * During migration, handle empty autoinstallation path (bsc#1230285) * During migration, handle symlinks (bsc#1230288) * During migration, trust the remote sender's file list (bsc#1228424) * Use SCC flags during podman pull * Restore SELinux permission after migration (bsc#1229501) * Share volumes between containers (bsc#1223142) * Save supportconfig in current directory (bsc#1226759) * Fixed error code handling on reinstallation (bsc#1230139) * Fixed creation of first user and organization * Added missing variable quotes for install vars (bsc#1229108) * Added API login and logout calls to allow persistent login The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-4019,SUSE-EL-9-CLIENT-TOOLS-2024-4019 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20244019-1/ Link for SUSE-SU-2024:4019-1 https://lists.suse.com/pipermail/sle-security-updates/2024-November/019832.html E-Mail link for SUSE-SU-2024:4019-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1213933 SUSE Bug 1213933 https://bugzilla.suse.com/1223142 SUSE Bug 1223142 https://bugzilla.suse.com/1226759 SUSE Bug 1226759 https://bugzilla.suse.com/1227341 SUSE Bug 1227341 https://bugzilla.suse.com/1227578 SUSE Bug 1227578 https://bugzilla.suse.com/1227606 SUSE Bug 1227606 https://bugzilla.suse.com/1228424 SUSE Bug 1228424 https://bugzilla.suse.com/1228685 SUSE Bug 1228685 https://bugzilla.suse.com/1229108 SUSE Bug 1229108 https://bugzilla.suse.com/1229432 SUSE Bug 1229432 https://bugzilla.suse.com/1229437 SUSE Bug 1229437 https://bugzilla.suse.com/1229501 SUSE Bug 1229501 https://bugzilla.suse.com/1230136 SUSE Bug 1230136 https://bugzilla.suse.com/1230139 SUSE Bug 1230139 https://bugzilla.suse.com/1230285 SUSE Bug 1230285 https://bugzilla.suse.com/1230288 SUSE Bug 1230288 https://bugzilla.suse.com/1230745 SUSE Bug 1230745 https://bugzilla.suse.com/1231157 SUSE Bug 1231157 https://bugzilla.suse.com/1231206 SUSE Bug 1231206 https://www.suse.com/security/cve/CVE-2023-3978/ SUSE CVE CVE-2023-3978 page SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS SUSE:EL-9:Update:Products:ManagerTools:Update golang-1.20.12-1.3.1 golang-bin-1.20.12-1.3.1 golang-docs-1.20.12-1.3.1 golang-github-lusitaniae-apache_exporter-1.0.8-1.14.1 golang-misc-1.20.12-1.3.1 golang-src-1.20.12-1.3.1 golang-tests-1.20.12-1.3.1 mgradm-0.1.23-1.11.1 mgradm-bash-completion-0.1.23-1.11.1 mgradm-zsh-completion-0.1.23-1.11.1 mgrctl-0.1.23-1.11.1 mgrctl-bash-completion-0.1.23-1.11.1 mgrctl-zsh-completion-0.1.23-1.11.1 mgrpxy-0.1.23-1.11.1 mgrpxy-bash-completion-0.1.23-1.11.1 mgrpxy-zsh-completion-0.1.23-1.11.1 scap-security-guide-0.1.74-1.29.1 scap-security-guide-debian-0.1.74-1.29.1 scap-security-guide-redhat-0.1.74-1.29.1 scap-security-guide-ubuntu-0.1.74-1.29.1 spacecmd-5.0.10-1.41.1 golang-github-lusitaniae-apache_exporter-1.0.8-1.14.1 as a component of SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS mgrctl-0.1.23-1.11.1 as a component of SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS mgrctl-bash-completion-0.1.23-1.11.1 as a component of SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS mgrctl-zsh-completion-0.1.23-1.11.1 as a component of SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS scap-security-guide-redhat-0.1.74-1.29.1 as a component of SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS spacecmd-5.0.10-1.41.1 as a component of SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS golang-1.20.12-1.3.1 as a component of SUSE:EL-9:Update:Products:ManagerTools:Update golang-bin-1.20.12-1.3.1 as a component of SUSE:EL-9:Update:Products:ManagerTools:Update golang-docs-1.20.12-1.3.1 as a component of SUSE:EL-9:Update:Products:ManagerTools:Update golang-github-lusitaniae-apache_exporter-1.0.8-1.14.1 as a component of SUSE:EL-9:Update:Products:ManagerTools:Update golang-misc-1.20.12-1.3.1 as a component of SUSE:EL-9:Update:Products:ManagerTools:Update golang-src-1.20.12-1.3.1 as a component of SUSE:EL-9:Update:Products:ManagerTools:Update golang-tests-1.20.12-1.3.1 as a component of SUSE:EL-9:Update:Products:ManagerTools:Update mgradm-0.1.23-1.11.1 as a component of SUSE:EL-9:Update:Products:ManagerTools:Update mgradm-bash-completion-0.1.23-1.11.1 as a component of SUSE:EL-9:Update:Products:ManagerTools:Update mgradm-zsh-completion-0.1.23-1.11.1 as a component of SUSE:EL-9:Update:Products:ManagerTools:Update mgrctl-0.1.23-1.11.1 as a component of SUSE:EL-9:Update:Products:ManagerTools:Update mgrctl-bash-completion-0.1.23-1.11.1 as a component of SUSE:EL-9:Update:Products:ManagerTools:Update mgrctl-zsh-completion-0.1.23-1.11.1 as a component of SUSE:EL-9:Update:Products:ManagerTools:Update mgrpxy-0.1.23-1.11.1 as a component of SUSE:EL-9:Update:Products:ManagerTools:Update mgrpxy-bash-completion-0.1.23-1.11.1 as a component of SUSE:EL-9:Update:Products:ManagerTools:Update mgrpxy-zsh-completion-0.1.23-1.11.1 as a component of SUSE:EL-9:Update:Products:ManagerTools:Update scap-security-guide-0.1.74-1.29.1 as a component of SUSE:EL-9:Update:Products:ManagerTools:Update scap-security-guide-debian-0.1.74-1.29.1 as a component of SUSE:EL-9:Update:Products:ManagerTools:Update scap-security-guide-redhat-0.1.74-1.29.1 as a component of SUSE:EL-9:Update:Products:ManagerTools:Update scap-security-guide-ubuntu-0.1.74-1.29.1 as a component of SUSE:EL-9:Update:Products:ManagerTools:Update spacecmd-5.0.10-1.41.1 as a component of SUSE:EL-9:Update:Products:ManagerTools:Update Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack. CVE-2023-3978 SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:golang-github-lusitaniae-apache_exporter-1.0.8-1.14.1 SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:mgrctl-0.1.23-1.11.1 SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:mgrctl-bash-completion-0.1.23-1.11.1 SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:mgrctl-zsh-completion-0.1.23-1.11.1 SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:scap-security-guide-redhat-0.1.74-1.29.1 SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:spacecmd-5.0.10-1.41.1 SUSE:EL-9:Update:Products:ManagerTools:Update:golang-1.20.12-1.3.1 SUSE:EL-9:Update:Products:ManagerTools:Update:golang-bin-1.20.12-1.3.1 SUSE:EL-9:Update:Products:ManagerTools:Update:golang-docs-1.20.12-1.3.1 SUSE:EL-9:Update:Products:ManagerTools:Update:golang-github-lusitaniae-apache_exporter-1.0.8-1.14.1 SUSE:EL-9:Update:Products:ManagerTools:Update:golang-misc-1.20.12-1.3.1 SUSE:EL-9:Update:Products:ManagerTools:Update:golang-src-1.20.12-1.3.1 SUSE:EL-9:Update:Products:ManagerTools:Update:golang-tests-1.20.12-1.3.1 SUSE:EL-9:Update:Products:ManagerTools:Update:mgradm-0.1.23-1.11.1 SUSE:EL-9:Update:Products:ManagerTools:Update:mgradm-bash-completion-0.1.23-1.11.1 SUSE:EL-9:Update:Products:ManagerTools:Update:mgradm-zsh-completion-0.1.23-1.11.1 SUSE:EL-9:Update:Products:ManagerTools:Update:mgrctl-0.1.23-1.11.1 SUSE:EL-9:Update:Products:ManagerTools:Update:mgrctl-bash-completion-0.1.23-1.11.1 SUSE:EL-9:Update:Products:ManagerTools:Update:mgrctl-zsh-completion-0.1.23-1.11.1 SUSE:EL-9:Update:Products:ManagerTools:Update:mgrpxy-0.1.23-1.11.1 SUSE:EL-9:Update:Products:ManagerTools:Update:mgrpxy-bash-completion-0.1.23-1.11.1 SUSE:EL-9:Update:Products:ManagerTools:Update:mgrpxy-zsh-completion-0.1.23-1.11.1 SUSE:EL-9:Update:Products:ManagerTools:Update:scap-security-guide-0.1.74-1.29.1 SUSE:EL-9:Update:Products:ManagerTools:Update:scap-security-guide-debian-0.1.74-1.29.1 SUSE:EL-9:Update:Products:ManagerTools:Update:scap-security-guide-redhat-0.1.74-1.29.1 SUSE:EL-9:Update:Products:ManagerTools:Update:scap-security-guide-ubuntu-0.1.74-1.29.1 SUSE:EL-9:Update:Products:ManagerTools:Update:spacecmd-5.0.10-1.41.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20244019-1/ https://www.suse.com/security/cve/CVE-2023-3978.html CVE-2023-3978 https://bugzilla.suse.com/1213933 SUSE Bug 1213933