Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

SUSE: 2023:1831-1 Important: Update for SUSE Manager Server 4.2

suse
Calendar Grey February 27, 2024
Dist Suse Esm H88
Uncover the essential upgrade for SUSE Manager 4.2 that addresses multiple software bugs and strengthens security enhancements.
* bsc#1179926 * bsc#1197027 * bsc#1206562 * bsc#1206973 * bsc#1207063

Summary

### This update fixes the following issues: cobbler: * CVE-2022-0860: Unbreak PAM authentication due to missing encode of user input in the PAM auth module of Cobbler (bsc#1197027) * Fix S390X auto-installation for cases where kernel options are longer than 79 characters (bsc#1207308) * Switch packaging from patch based to Git tree based development * All patches that are being removed in this revision are contained in the new Git tree. guava: * Upgrade to guava 30.1.1 * CVE-2020-8908: temp directory creation vulnerability in Guava versions prior to 30.0. (bsc#1179926) * Remove parent reference from ALL distributed pom files * Avoid version-less dependencies that can cause problems with some tools * Build the package with ant in order to prevent build cycles using a generated and customized ant build system

Topics%20covered

Topics Covered

security advisory software patch security fix critical update SUSE Manager maintenance update SUSE Server

References

* bsc#1179926

* bsc#1197027

* bsc#1206562

* bsc#1206973

* bsc#1207063

* bsc#1207308

* bsc#1207352

* bsc#1207490

* bsc#1207799

* bsc#1207829

* bsc#1207830

* bsc#1207838

* bsc#1207883

* bsc#1208288

* bsc#1208321

* bsc#1208325

* bsc#1208586

* bsc#1208687

* bsc#1208719

* bsc#1208772

* bsc#1208908

* bsc#1209369

* bsc#1209386

* bsc#1209434

* bsc#1209703

* jsc#PED-2777

Cross-

* CVE-2020-8908

* CVE-2022-0860

* CVE-2023-22644

CVSS scores:

* CVE-2020-8908 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

* CVE-2020-8908 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

* CVE-2022-0860 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

* CVE-2022-0860 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2023:1831-1
Rating: important

Topics%20covered

Topics Covered

security advisory software patch security fix critical update SUSE Manager maintenance update SUSE Server

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here