Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

SUSE: 2022:3751-1 Moderate: Client Tools Cross Site Scripting and OAuth

suse
Calendar Grey October 26, 2022
Dist Suse Esm H88
Addresses dual vulnerabilities in SUSE Manager Client Tools through an update, rectifying both cross-site scripting and OAuth security flaws.
An update that solves two vulnerabilities, contains four features and has one errata is now available

Summary

This update fixes the following issues: dracut-saltboot: - Update to version 0.1.1661440542.6cbe0da * Use standard susemanager.conf * Move image services to dracut-saltboot package * Use salt bundle golang-github-lusitaniae-apache_exporter: - Update to upstream release 0.11.0 (jsc#SLE-24791) * Add TLS support * Switch to logger, please check --log.level and --log.format flags - Update to version 0.10.1 * Bugfix: Reset ProxyBalancer metrics on each scrape to remove stale data - Update to version 0.10.0 * Add Apache Proxy and other metrics - Update to version 0.8.0 * Change commandline flags * Add metrics: Apache version, request duration total - Adapted to build on Enterprise Linux 8 - Require building with Go 1.15 - Add %license macro for LICENSE file grafana: - Update to version 8.3.10 + Security:

Topics%20covered

Topics Covered

security advisory moderate update cross site scripting OAuth SUSE Linux Enterprise Client Tools

References

#1198903 #1201535 #1201539 SLE-23422 SLE-23439

SLE-24565 SLE-24791

Cross- CVE-2022-31097 CVE-2022-31107

CVSS scores:

CVE-2022-31097 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVE-2022-31097 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

CVE-2022-31107 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-31107 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

Affected Products:

SUSE Linux Enterprise High Performance Computing 15-ESPOS

SUSE Linux Enterprise High Performance Computing 15-LTSS

SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2

SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3

SUSE Linux Enterprise Module for SUSE Manager Server 4.2

SUSE Linux Enterprise Module for SUSE Manager Server 4.3

Announcement ID: SUSE-SU-2022:3751-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate update cross site scripting OAuth SUSE Linux Enterprise Client Tools

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here