# Security update for SUSE Manager Server 4.2

Announcement ID: SUSE-SU-2023:2594-1  
Rating: important  
References:

  * bsc#1179747
  * bsc#1186011
  * bsc#1203599
  * bsc#1205600
  * bsc#1206423
  * bsc#1207550
  * bsc#1207814
  * bsc#1207941
  * bsc#1208046
  * bsc#1208984
  * bsc#1209220
  * bsc#1209231
  * bsc#1209277
  * bsc#1209386
  * bsc#1209434
  * bsc#1209508
  * bsc#1209877
  * bsc#1209915
  * bsc#1209926
  * bsc#1210011
  * bsc#1210086
  * bsc#1210101
  * bsc#1210107
  * bsc#1210154
  * bsc#1210162
  * bsc#1210232
  * bsc#1210311
  * bsc#1210406
  * bsc#1210437
  * bsc#1210458
  * bsc#1210659
  * bsc#1210835
  * bsc#1210957
  * bsc#1211330
  * bsc#1212096
  * bsc#1212363
  * bsc#1212517
  * jsc#MSQA-674

  
Cross-References:

  * CVE-2022-46146
  * CVE-2023-22644

  
CVSS scores:

  * CVE-2022-46146 ( SUSE ):  8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2022-46146 ( NVD ):  8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-22644 ( NVD ):  3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

  
Affected Products:

  * openSUSE Leap 15.3
  * SUSE Manager Proxy 4.2
  * SUSE Manager Retail Branch Server 4.2
  * SUSE Manager Server 4.2

  
  
An update that solves two vulnerabilities, contains one feature and has 35
security fixes can now be installed.

## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.2

### Description:

This update fixes the following issues:

release-notes-susemanager-proxy:

  * Update to 4.2.13
  * Bugs mentioned: bsc#1179747, bsc#1207814, bsc#1209231, bsc#1210437,
    bsc#1210458

## Security update for SUSE Manager Server 4.2

### Description:

This update fixes the following issues:

release-notes-susemanager:

  * Update to 4.2.13
  * Salt has been upgraded to 3006.0
  * SUSE Linux Enterprise Server 15 SP5 Family support has been added
  * openSUSE Leap 15.5 support has been added
  * Automatic migration from Salt 3000 to Salt bundle
  * Grafana upgraded to 9.5.1
  * Node exporter upgraded to 1.5.0
  * Prometheus upgraded to 2.37.6
  * Postgres exporter upgraded to 0.10.1
  * CVEs fixed: CVE-2023-22644, CVE-2022-46146
  * Bugs mentioned: bsc#1179747, bsc#1186011, bsc#1203599, bsc#1205600,
    bsc#1206423 bsc#1207550, bsc#1207814, bsc#1207941, bsc#1208984, bsc#1209220
    bsc#1209231, bsc#1209277, bsc#1209386, bsc#1209434, bsc#1209508 bsc#1209877,
    bsc#1209915, bsc#1209926, bsc#1210011, bsc#1210086 bsc#1210101, bsc#1210107,
    bsc#1210154, bsc#1210162, bsc#1210232 bsc#1210311, bsc#1210406, bsc#1210437,
    bsc#1210458, bsc#1210659 bsc#1210835, bsc#1210957, bsc#1211330, bsc#1208046,
    bsc#1212517 bsc#1212096

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Manager Retail Branch Server 4.2  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.2-2023-2594=1

  * SUSE Manager Server 4.2  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2594=1

  * openSUSE Leap 15.3  
    zypper in -t patch SUSE-2023-2594=1

  * SUSE Manager Proxy 4.2  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2594=1

## Package List:

  * SUSE Manager Retail Branch Server 4.2 (noarch)
    * release-notes-susemanager-proxy-4.2.13-150300.3.64.2
  * SUSE Manager Server 4.2 (noarch)
    * release-notes-susemanager-4.2.13-150300.3.81.1
  * openSUSE Leap 15.3 (noarch)
    * release-notes-susemanager-4.2.13-150300.3.81.1
    * release-notes-susemanager-proxy-4.2.13-150300.3.64.2
  * SUSE Manager Proxy 4.2 (noarch)
    * release-notes-susemanager-proxy-4.2.13-150300.3.64.2

## References:

  * https://www.suse.com/security/cve/CVE-2022-46146.html
  * https://www.suse.com/security/cve/CVE-2023-22644.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1179747
  * https://bugzilla.suse.com/show_bug.cgi?id=1186011
  * https://bugzilla.suse.com/show_bug.cgi?id=1203599
  * https://bugzilla.suse.com/show_bug.cgi?id=1205600
  * https://bugzilla.suse.com/show_bug.cgi?id=1206423
  * https://bugzilla.suse.com/show_bug.cgi?id=1207550
  * https://bugzilla.suse.com/show_bug.cgi?id=1207814
  * https://bugzilla.suse.com/show_bug.cgi?id=1207941
  * https://bugzilla.suse.com/show_bug.cgi?id=1208046
  * https://bugzilla.suse.com/show_bug.cgi?id=1208984
  * https://bugzilla.suse.com/show_bug.cgi?id=1209220
  * https://bugzilla.suse.com/show_bug.cgi?id=1209231
  * https://bugzilla.suse.com/show_bug.cgi?id=1209277
  * https://bugzilla.suse.com/show_bug.cgi?id=1209386
  * https://bugzilla.suse.com/show_bug.cgi?id=1209434
  * https://bugzilla.suse.com/show_bug.cgi?id=1209508
  * https://bugzilla.suse.com/show_bug.cgi?id=1209877
  * https://bugzilla.suse.com/show_bug.cgi?id=1209915
  * https://bugzilla.suse.com/show_bug.cgi?id=1209926
  * https://bugzilla.suse.com/show_bug.cgi?id=1210011
  * https://bugzilla.suse.com/show_bug.cgi?id=1210086
  * https://bugzilla.suse.com/show_bug.cgi?id=1210101
  * https://bugzilla.suse.com/show_bug.cgi?id=1210107
  * https://bugzilla.suse.com/show_bug.cgi?id=1210154
  * https://bugzilla.suse.com/show_bug.cgi?id=1210162
  * https://bugzilla.suse.com/show_bug.cgi?id=1210232
  * https://bugzilla.suse.com/show_bug.cgi?id=1210311
  * https://bugzilla.suse.com/show_bug.cgi?id=1210406
  * https://bugzilla.suse.com/show_bug.cgi?id=1210437
  * https://bugzilla.suse.com/show_bug.cgi?id=1210458
  * https://bugzilla.suse.com/show_bug.cgi?id=1210659
  * https://bugzilla.suse.com/show_bug.cgi?id=1210835
  * https://bugzilla.suse.com/show_bug.cgi?id=1210957
  * https://bugzilla.suse.com/show_bug.cgi?id=1211330
  * https://bugzilla.suse.com/show_bug.cgi?id=1212096
  * https://bugzilla.suse.com/show_bug.cgi?id=1212363
  * https://bugzilla.suse.com/show_bug.cgi?id=1212517
  * https://jira.suse.com/browse/MSQA-674

openSUSE: 2023:2594-1: important: SUSE Manager Server 4.2 Security Advisory Update

February 27, 2024

Description

This update fixes the following issues: release-notes-susemanager-proxy: * Update to 4.2.13 * Bugs mentioned: bsc#1179747, bsc#1207814, bsc#1209231, bsc#1210437, bsc#1210458 ## Security update for SUSE Manager Server 4.2 ### Description: This update fixes the following issues: release-notes-susemanager: * Update to 4.2.13 * Salt has been upgraded to 3006.0 * SUSE Linux Enterprise Server 15 SP5 Family support has been added * openSUSE Leap 15.5 support has been added * Automatic migration from Salt 3000 to Salt bundle * Grafana upgraded to 9.5.1 * Node exporter upgraded to 1.5.0 * Prometheus upgraded to 2.37.6 * Postgres exporter upgraded to 0.10.1 * CVEs fixed: CVE-2023-22644, CVE-2022-46146 * Bugs mentioned: bsc#1179747, bsc#1186011, bsc#1203599, bsc#1205600, bsc#1206423 bsc#1207550, bsc#1207814, bsc#1207941, bsc#1208984, bsc#1209220 bsc#1209231, bsc#1209277, bsc#1209386, bsc#1209434, bsc#1209508 bsc#1209877, bsc#1209915, bsc#1209926, bsc#1210011, bsc#1210086 bsc#1210101, bsc#1210107, bsc#1210154, bsc#1210162, bsc#1210232 bsc#1210311, bsc#1210406, bsc#1210437, bsc#1210458, bsc#1210659 bsc#1210835, bsc#1210957, bsc#1211330, bsc#1208046, bsc#1212517 bsc#1212096

 

Patch

## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2594=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2594=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-2594=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2594=1


Package List

* SUSE Manager Retail Branch Server 4.2 (noarch) * release-notes-susemanager-proxy-4.2.13-150300.3.64.2 * SUSE Manager Server 4.2 (noarch) * release-notes-susemanager-4.2.13-150300.3.81.1 * openSUSE Leap 15.3 (noarch) * release-notes-susemanager-4.2.13-150300.3.81.1 * release-notes-susemanager-proxy-4.2.13-150300.3.64.2 * SUSE Manager Proxy 4.2 (noarch) * release-notes-susemanager-proxy-4.2.13-150300.3.64.2


References

* bsc#1179747 * bsc#1186011 * bsc#1203599 * bsc#1205600 * bsc#1206423 * bsc#1207550 * bsc#1207814 * bsc#1207941 * bsc#1208046 * bsc#1208984 * bsc#1209220 * bsc#1209231 * bsc#1209277 * bsc#1209386 * bsc#1209434 * bsc#1209508 * bsc#1209877 * bsc#1209915 * bsc#1209926 * bsc#1210011 * bsc#1210086 * bsc#1210101 * bsc#1210107 * bsc#1210154 * bsc#1210162 * bsc#1210232 * bsc#1210311 * bsc#1210406 * bsc#1210437 * bsc#1210458 * bsc#1210659 * bsc#1210835 * bsc#1210957 * bsc#1211330 * bsc#1212096 * bsc#1212363 * bsc#1212517 * jsc#MSQA-674 ## References: * https://www.suse.com/security/cve/CVE-2022-46146.html * https://www.suse.com/security/cve/CVE-2023-22644.html * https://bugzilla.suse.com/show_bug.cgi?id=1179747 * https://bugzilla.suse.com/show_bug.cgi?id=1186011 * https://bugzilla.suse.com/show_bug.cgi?id=1203599 * https://bugzilla.suse.com/show_bug.cgi?id=1205600 * https://bugzilla.suse.com/show_bug.cgi?id=1206423 * https://bugzilla.suse.com/show_bug.cgi?id=1207550 * https://bugzilla.suse.com/show_bug.cgi?id=1207814 * https://bugzilla.suse.com/show_bug.cgi?id=1207941 * https://bugzilla.suse.com/show_bug.cgi?id=1208046 * https://bugzilla.suse.com/show_bug.cgi?id=1208984 * https://bugzilla.suse.com/show_bug.cgi?id=1209220 * https://bugzilla.suse.com/show_bug.cgi?id=1209231 * https://bugzilla.suse.com/show_bug.cgi?id=1209277 * https://bugzilla.suse.com/show_bug.cgi?id=1209386 * https://bugzilla.suse.com/show_bug.cgi?id=1209434 * https://bugzilla.suse.com/show_bug.cgi?id=1209508 * https://bugzilla.suse.com/show_bug.cgi?id=1209877 * https://bugzilla.suse.com/show_bug.cgi?id=1209915 * https://bugzilla.suse.com/show_bug.cgi?id=1209926 * https://bugzilla.suse.com/show_bug.cgi?id=1210011 * https://bugzilla.suse.com/show_bug.cgi?id=1210086 * https://bugzilla.suse.com/show_bug.cgi?id=1210101 * https://bugzilla.suse.com/show_bug.cgi?id=1210107 * https://bugzilla.suse.com/show_bug.cgi?id=1210154 * https://bugzilla.suse.com/show_bug.cgi?id=1210162 * https://bugzilla.suse.com/show_bug.cgi?id=1210232 * https://bugzilla.suse.com/show_bug.cgi?id=1210311 * https://bugzilla.suse.com/show_bug.cgi?id=1210406 * https://bugzilla.suse.com/show_bug.cgi?id=1210437 * https://bugzilla.suse.com/show_bug.cgi?id=1210458 * https://bugzilla.suse.com/show_bug.cgi?id=1210659 * https://bugzilla.suse.com/show_bug.cgi?id=1210835 * https://bugzilla.suse.com/show_bug.cgi?id=1210957 * https://bugzilla.suse.com/show_bug.cgi?id=1211330 * https://bugzilla.suse.com/show_bug.cgi?id=1212096 * https://bugzilla.suse.com/show_bug.cgi?id=1212363 * https://bugzilla.suse.com/show_bug.cgi?id=1212517 * https://jira.suse.com/browse/MSQA-674


Severity
Announcement ID: SUSE-SU-2023:2594-1
Rating: important
Affected Products: * openSUSE Leap 15.3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves two vulnerabilities, contains one feature and has 35 security fixes can now be installed. ## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.2

Related News

22.Lock ScreenEffect Esm H320
2 - 3 min read
Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to
8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
20.Lock AbstractDigital Circular Esm H320
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server. The vulnerabilities affected
1.Penguin Landscape Esm H320
1 - 2 min read
A critical vulnerability was discovered in the Linux kernel's netfilter subsystem, specifically within the nf_tables component, posing potential
19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved