Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2022:3747-1 Moderate: Denial of Service and Cross Site Scripting

suse
Calendar Grey October 26, 2022
Dist Suse Esm H88
Crucial announcement regarding SUSE Manager Client Tools tackles moderate security flaws. Step-by-step installation instructions included.
An update that solves three vulnerabilities, contains 6 features and has two fixes is now available

Summary

This update fixes the following issues: golang-github-lusitaniae-apache_exporter: - Update to upstream release 0.11.0 (jsc#SLE-24791) * Add TLS support * Switch to logger, please check --log.level and --log.format flags - Update to version 0.10.1 * Bugfix: Reset ProxyBalancer metrics on each scrape to remove stale data - Update to version 0.10.0 * Add Apache Proxy and other metrics - Update to version 0.8.0 * Change commandline flags * Add metrics: Apache version, request duration total - Adapted to build on Enterprise Linux 8 - Require building with Go 1.15 - Add %license macro for LICENSE file golang-github-prometheus-alertmanager: - Do not include sources (bsc#1200725) golang-github-prometheus-node_exporter: - CVE-2022-21698: Denial of service using InstrumentHandlerCounter.

Topics%20covered

Topics Covered

security advisory moderate update Denial of Service Cross Site Scripting SUSE Manager Account Takeover

References

#1196338 #1198903 #1200725 #1201535 #1201539

SLE-23422 SLE-23439 SLE-24243 SLE-24565 SLE-24791

SUMA-114

Cross- CVE-2022-21698 CVE-2022-31097 CVE-2022-31107

CVSS scores:

CVE-2022-21698 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-21698 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-31097 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVE-2022-31097 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

CVE-2022-31107 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-31107 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

Affected Products:

SUSE Linux Enterprise Server 12-SP3-BCL

SUSE Linux Enterprise Server 12-SP4-LTSS

SUSE Linux Enterprise Server 12-SP5

Announcement ID: SUSE-SU-2022:3747-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate update Denial of Service Cross Site Scripting SUSE Manager Account Takeover

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here