Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2022:1396-1 Moderate: 12 Issues Fixed In Manager Tools

suse
Calendar Grey April 25, 2022
Dist Suse Esm H88
This patch addresses 15 concerns linked to SUSE Manager Server Utilities, incorporates security improvements and updates to newer versions.
An update that fixes 12 vulnerabilities, contains three features is now available

Summary

This update fixes the following issues: grafana: - Update from version 7.5.12 to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422) + Security: * Fixes XSS vulnerability in handling data sources (bsc#1195726, CVE-2022-21702) * Fixes cross-origin request forgery vulnerability (bsc#1195727, CVE-2022-21703) * Fixes Insecure Direct Object Reference vulnerability in Teams API (bsc#1195728, CVE-2022-21713) - Update to Go 1.17. - Add build-time dependency on `wire`. - Update license to GNU Affero General Public License v3.0. - Update to version 8.3.4 * GetUserInfo: return an error if no user was found (bsc#1194873, CVE-2022-21673) + Features and enhancements: * Alerting: Allow configuration of non-ready alertmanagers. * Alerting: Allow customization of Google chat message.

Topics%20covered

Topics Covered

security advisory XSS system hardening update instructions cross-origin SUSE Manager client tools

References

#1181400 #1194363 #1194873 #1194909 #1195726

#1195727 #1195728 #1197579 SLE-23051 SLE-23422

SLE-23439

Cross- CVE-2021-36222 CVE-2021-3711 CVE-2021-39226

CVE-2021-41174 CVE-2021-41244 CVE-2021-43798

CVE-2021-43813 CVE-2021-43815 CVE-2022-21673

CVE-2022-21702 CVE-2022-21703 CVE-2022-21713

CVSS scores:

CVE-2021-36222 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-36222 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-3711 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2021-3711 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2021-39226 (NVD) : 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVE-2021-39226 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Announcement ID: SUSE-SU-2022:1396-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory XSS system hardening update instructions cross-origin SUSE Manager client tools

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here