SUSE: 2022:2145-1 important: SUSE Manager Server 4.1
Summary
This update fixes the following issues: golang-github-QubitProducts-exporter_exporter: - Adapted to build on Enterprise Linux. - Fix build for RedHat 7 - Require Go >= 1.14 also for CentOS - Add support for CentOS - Replace %{?systemd_requires} with %{?systemd_ordering} golang-github-lusitaniae-apache_exporter: - Require building with Go 1.15 - Add %license macro for LICENSE file golang-github-prometheus-node_exporter: - CVE-2022-21698: Update vendor tarball with prometheus/client_golang 1.11.1 (bsc#1196338, jsc#SLE-24238, jsc#SLE-24239) - Update to 1.3.0 * [CHANGE] Add path label to rapl collector #2146 * [CHANGE] Exclude filesystems under /run/credentials #2157 * [CHANGE] Add TCPTimeouts to netstat default filter #2189 * [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771 * [FEATURE] Add darwin powersupply collector #1777 * [FEATURE] Add support for monitoring GPUs on Linux #1998 * [FEATURE] Add Darwin thermal collector #2032 * [FEATURE] Add os release collector #2094 * [FEATURE] Add netdev.address-info collector #2105 * [FEATURE] Add clocksource metrics to time collector #2197 * [ENHANCEMENT] Support glob textfile collector directories #1985 * [ENHANCEMENT] ethtool: Expose node_ethtool_info metric #2080 * [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165 * [ENHANCEMENT] Add flag to disable guest CPU metrics #2123 * [ENHANCEMENT] Add DMI collector #2131 * [ENHANCEMENT] Add threads metrics to processes collector #2164 * [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector #2169 * [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189 * [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208 * [BUGFIX] ethtool: Sanitize metric names #2093 * [BUGFIX] Fix ethtool collector for multiple interfaces #2126 * [BUGFIX] Fix possible panic on macOS #2133 * [BUGFIX] Collect flag_info and bug_info only for one core #2156 * [BUGFIX] Prevent duplicate ethtool metric names #2187 - Update to 1.2.2 * Bug fixes Fix processes collector long int parsing #2112 - Update to 1.2.1 * Removed Remove obsolete capture permission denied error patch already included upstream Fix zoneinfo parsing prometheus/procfs#386 Fix nvme collector log noise #2091 Fix rapl collector log noise #2092 - Update to 1.2.0 * Changes Rename filesystem collector flags to match other collectors #2012 Make node_exporter print usage to STDOUT #203 * Features Add conntrack statistics metrics #1155 Add ethtool stats collector #1832 Add flag to ignore network speed if it is unknown #1989 Add tapestats collector for Linux #2044 Add nvme collector #2062 * Enhancements Add ErrorLog plumbing to promhttp #1887 Add more Infiniband counters #2019 netclass: retrieve interface names and filter before parsing #2033 Add time zone offset metric #2060 Handle errors from disabled PSI subsystem #1983 Fix panic when using backwards compatible flags #2000 Fix wrong value for OpenBSD memory buffer cache #2015 Only initiate collectors once #2048 Handle small backwards jumps in CPU idle #2067 - Capture permission denied error for "energy_uj" file (bsc#1190535) patterns-suse-manager: - Golang-github-wrouesnel-postgres_exporter was renamed to prometheus-postgres_exporter postgresql-jdbc: - CVE-2022-26520: Address Arbitrary File Write Vulnerability (bsc#1197356) - CVE-2022-21724: Address unchecked class instantiation when loading plugins based on class names (bsc#1195561) prometheus-exporters-formula: - Version 0.9.5 * Postgres exporter package was renamed for Red Hat - Version 0.9.4 * Postgres exporter package was renamed for SUSE Linux Enterprise Server and openSUSE prometheus-formula: - Version 0.3.7 * Allow prometheus-formula only for SUSE systems (bsc#1199149) py27-compat-salt: - Remove redundant overrides causing confusing DEBUG logging (bsc#1189501) spacecmd: - Version 4.1.18-1 * implement system.bootstrap (bsc#1194909) spacewalk-backend: - Version 4.1.31-1 * Fix traceback on calling spacewalk-repo-sync --show-packages (bsc#1193238) * Fix virt_notify SQL syntax error (bsc#1199528) * Do not raise error on file:// based DEB repo when looking for alternative Release files (bsc#1199142) * Improve parsing deb packages dependencies (bsc#1194594) * Fix reposync update notice formatting and date parsing (bsc#1194447) * implement more decompression algorithms for reposync (bsc#1196704) spacewalk-java: - Version 4.1.46-1 * Fix changelog to include the reference to CVE-2022-31248 - Version 4.1.45-1 * CVE-2022-31248: User enumeration via weak error message (bsc#1199629) * CVE-2022-21952: Unauthenticated remote Denial of Service via resource exhaustion. (bsc#1199512) * During re-activation, recalculate grains if contact method has been changed (bsc#1199677) * autoinstallation: missing whitespace after install URL (bsc#1199888) * Change system details lock tab name to lock/unlock (bsc#1193032) * Set profile tag has no-mandatory in XCCDF result (bsc#1194262) * Added a notification to inform the administrators about the product end-of-life * provisioning thought proxy should use proxy for self_update (bsc#1199036) * Allow removing duplicated packages names in the same Salt action (bsc#1198686) * Fix ACL rules for config diff download for SLS files (bsc#1198914) * fix invalid link to action schedule * Redesign the auto errata task to schedule combined actions (bsc#1197429) * detect free products in Alpha and Beta stage and prevent checks on openSUSE products (bsc#1197488) * Optimize adding new products function (bsc#1193707) * change directory owner and permissions only when needed * Fixed broken help link for system overview * Finding empty profiles by mac address must be case insensitive (bsc#1196407) * generate the system ssh key when bootstrapping a salt-ssh client (bsc#1194909) spacewalk-setup: - Version 4.1.11-1 * spacewalk-setup-cobbler assumes /etc/apache2/conf.d now as a default instead of /etc/httpd/conf.d (bsc#1198356) spacewalk-utils: - Version 4.1.20-1 * spacewalk-hostname-rename now correctly replaces the hostname for the mgr-sync configuration file (bsc#1198356) * spacewalk-hostname-rename now utilizes the "--apache2-conf-dir" flag for spacewalk-setup-cobbler (bsc#1198356) spacewalk-web: - Version 4.1.34-1 * Update Web UI version to 4.1.15 - Version 4.1.33-1 * Added support for end of life notifications subscription-matcher: - Version 0.28 * Support both antlr3-java and antlr3-runtime as dependencies * Make it obvious that log4j12 is used susemanager: - version 4.1.36-1 * Add python3-contextvars and python3-immutables to missing bootstrap repos (bsc#1200606) - version 4.1.35-1 * Add python3-gnupg to bootstrap repo definition for Ubuntu 20.04 (bsc#1200212) - Version 4.1.34-1 * mgr-sync: Raise a proper exception when duplicated lines exist in a config file (bsc#1182742) * fix SLE15 bootstrap repo definition (bsc#1197438) * Add SLES15SP4 and SUMA Proxy 4.3 to bootstrap repo definitions (bsc#1196702) * Add missing dependencies for Salt 3004 into bootstrap repository for SLE15 family (bsc#1198221) susemanager-doc-indexes: - The Large deployments Guide now includes a mention of the proxy (bsc#1199577) - In the Administration Guide, documented that monitoring tools are now available on SUSE Linux Enterprise 12, 15 and openSUSE Leap 15, however, Grafana is not available on Proxy (bsc#1191143) - In the Administration Guide, renamed the golang-github-wrouesnel-postgres_exporter to prometheus-postgres_exporter - In the Client Configuration and Retail Guides clarified that mandatory channels are automatically checked (bsc#1173527) - In the Client Configuration Guide, marked Yomi as unsupported on SUSE Linux Enterprise Server 11 and 12 - Clarified channel label name in Registering Clients with RHUI section of the Client Configuration Guide (bsc#1196067) susemanager-docs_en: - The Large deployments Guide now includes a mention of the proxy (bsc#1199577) - In the Administration Guide, documented that monitoring tools are now available on SUSE Linux Enterprise 12, 15 and openSUSE Leap 15, however, Grafana is not available on Proxy (bsc#1191143) - In the Administration Guide, renamed the golang-github-wrouesnel-postgres_exporter to prometheus-postgres_exporter - In the Client Configuration and Retail Guides clarified that mandatory channels are automatically checked (bsc#1173527) - In the Client Configuration Guide, marked Yomi as unsupported on SUSE Linux Enterprise Server 11 and 12 - Clarified channel label name in Registering Clients with RHUI section of the Client Configuration Guide (bsc#1196067) susemanager-schema: - Version 4.1.26-1 * add schema update directory from 4.1.25 to 4.1.26 susemanager-sls: - version 4.1.36-1 * Prevent possible tracebacks on calling module.run from mgrcompat by setting proper globals with using LazyLoader - Version 4.1.35-1 * Add support to packages.pkgremove to deal with duplicated pkg names (bsc#1198686) * Fix bootstrap repository path resolution for Oracle Linux * Fix deprecated warning when getting pillar data (bsc#1192850) * fixing how the return code is returned in mgrutil runner (bsc#1194909) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-2145=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (ppc64le s390x x86_64): golang-github-QubitProducts-exporter_exporter-0.4.0-150200.6.12.2 golang-github-lusitaniae-apache_exporter-0.7.0-150200.2.6.2 golang-github-lusitaniae-apache_exporter-debuginfo-0.7.0-150200.2.6.2 golang-github-prometheus-node_exporter-1.3.0-150200.3.9.3 patterns-suma_retail-4.1-150200.6.12.2 patterns-suma_server-4.1-150200.6.12.2 susemanager-4.1.36-150200.3.52.1 susemanager-tools-4.1.36-150200.3.52.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): postgresql-jdbc-42.2.10-150200.3.8.2 prometheus-exporters-formula-0.9.5-150200.3.31.2 prometheus-formula-0.3.7-150200.3.21.2 py27-compat-salt-3000.3-150200.6.24.2 spacecmd-4.1.18-150200.4.39.3 spacewalk-backend-4.1.31-150200.4.50.4 spacewalk-backend-app-4.1.31-150200.4.50.4 spacewalk-backend-applet-4.1.31-150200.4.50.4 spacewalk-backend-config-files-4.1.31-150200.4.50.4 spacewalk-backend-config-files-common-4.1.31-150200.4.50.4 spacewalk-backend-config-files-tool-4.1.31-150200.4.50.4 spacewalk-backend-iss-4.1.31-150200.4.50.4 spacewalk-backend-iss-export-4.1.31-150200.4.50.4 spacewalk-backend-package-push-server-4.1.31-150200.4.50.4 spacewalk-backend-server-4.1.31-150200.4.50.4 spacewalk-backend-sql-4.1.31-150200.4.50.4 spacewalk-backend-sql-postgresql-4.1.31-150200.4.50.4 spacewalk-backend-tools-4.1.31-150200.4.50.4 spacewalk-backend-xml-export-libs-4.1.31-150200.4.50.4 spacewalk-backend-xmlrpc-4.1.31-150200.4.50.4 spacewalk-base-4.1.34-150200.3.47.6 spacewalk-base-minimal-4.1.34-150200.3.47.6 spacewalk-base-minimal-config-4.1.34-150200.3.47.6 spacewalk-html-4.1.34-150200.3.47.6 spacewalk-java-4.1.46-150200.3.71.5 spacewalk-java-config-4.1.46-150200.3.71.5 spacewalk-java-lib-4.1.46-150200.3.71.5 spacewalk-java-postgresql-4.1.46-150200.3.71.5 spacewalk-setup-4.1.11-150200.3.18.2 spacewalk-taskomatic-4.1.46-150200.3.71.5 spacewalk-utils-4.1.20-150200.3.30.2 spacewalk-utils-extras-4.1.20-150200.3.30.2 subscription-matcher-0.28-150200.3.15.2 susemanager-doc-indexes-4.1-150200.11.55.4 susemanager-docs_en-4.1-150200.11.55.2 susemanager-docs_en-pdf-4.1-150200.11.55.2 susemanager-schema-4.1.26-150200.3.45.4 susemanager-sls-4.1.36-150200.3.64.2 susemanager-web-libs-4.1.34-150200.3.47.6 uyuni-config-modules-4.1.36-150200.3.64.2
References
#1173527 #1182742 #1189501 #1190535 #1191143
#1192850 #1193032 #1193238 #1193707 #1194262
#1194447 #1194594 #1194909 #1195561 #1196067
#1196338 #1196407 #1196702 #1196704 #1197356
#1197429 #1197438 #1197488 #1198221 #1198356
#1198686 #1198914 #1199036 #1199142 #1199149
#1199512 #1199528 #1199577 #1199629 #1199677
#1199888 #1200212 #1200606 SLE-24238 SLE-24239
Cross- CVE-2022-21698 CVE-2022-21724 CVE-2022-21952
CVE-2022-26520 CVE-2022-31248
CVSS scores:
CVE-2022-21698 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21698 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21724 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-21724 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CVE-2022-26520 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26520 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CVE-2022-31248 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Server 4.1
SUSE Manager Server 4.1
https://www.suse.com/security/cve/CVE-2022-21698.html
https://www.suse.com/security/cve/CVE-2022-21724.html
https://www.suse.com/security/cve/CVE-2022-21952.html
https://www.suse.com/security/cve/CVE-2022-26520.html
https://www.suse.com/security/cve/CVE-2022-31248.html
https://bugzilla.suse.com/1173527
https://bugzilla.suse.com/1182742
https://bugzilla.suse.com/1189501
https://bugzilla.suse.com/1190535
https://bugzilla.suse.com/1191143
https://bugzilla.suse.com/1192850
https://bugzilla.suse.com/1193032
https://bugzilla.suse.com/1193238
https://bugzilla.suse.com/1193707
https://bugzilla.suse.com/1194262
https://bugzilla.suse.com/1194447
https://bugzilla.suse.com/1194594
https://bugzilla.suse.com/1194909
https://bugzilla.suse.com/1195561
https://bugzilla.suse.com/1196067
https://bugzilla.suse.com/1196338
https://bugzilla.suse.com/1196407
https://bugzilla.suse.com/1196702
https://bugzilla.suse.com/1196704
https://bugzilla.suse.com/1197356
https://bugzilla.suse.com/1197429
https://bugzilla.suse.com/1197438
https://bugzilla.suse.com/1197488
https://bugzilla.suse.com/1198221
https://bugzilla.suse.com/1198356
https://bugzilla.suse.com/1198686
https://bugzilla.suse.com/1198914
https://bugzilla.suse.com/1199036
https://bugzilla.suse.com/1199142
https://bugzilla.suse.com/1199149
https://bugzilla.suse.com/1199512
https://bugzilla.suse.com/1199528
https://bugzilla.suse.com/1199577
https://bugzilla.suse.com/1199629
https://bugzilla.suse.com/1199677
https://bugzilla.suse.com/1199888
https://bugzilla.suse.com/1200212
https://bugzilla.suse.com/1200606