Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2023:2181-1 Important: Authentication Bypass In Manager 4.3

suse
Calendar Grey February 27, 2024
Dist Suse Esm H88
A critical patch for SUSE Manager 4.3 mitigates authentication vulnerabilities and boosts security measures.
* bsc#1208060 * bsc#1208965 * jsc#MSQA-663 Cross-References:

Summary

### This update fixes the following issues: system-user-prometheus: * Provide system-user-prometheus to SUSE Manager Server repositories and resolve installation issues (no source changes) prometheus-postgres_exporter: * Security issues fixed: * CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208060) * Other non-security issues fixed: * Adapt the systemd service security configuration to be able to start it on for Red Hat Linux Enterprise systems and clones * Create the prometheus user for Red Hat Linux Enterprise systems and clones * Fix broken log-level for values other than debug (bsc#1208965) How to apply this update: 1. Log in as root user to the SUSE Manager Server. 2. Stop the Spacewalk service: `spacewalk-service stop`

Topics%20covered

Topics Covered

security advisory security update important authentication bypass SUSE Linux Enterprise SUSE Manager Server update

References

* bsc#1208060

* bsc#1208965

* jsc#MSQA-663

Cross-

* CVE-2022-46146

CVSS scores:

* CVE-2022-46146 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2022-46146 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3

* openSUSE Leap 15.4

* openSUSE Leap 15.5

* SUSE Linux Enterprise Desktop 15

* SUSE Linux Enterprise Desktop 15 SP1

* SUSE Linux Enterprise Desktop 15 SP2

* SUSE Linux Enterprise Desktop 15 SP3

* SUSE Linux Enterprise Desktop 15 SP4

* SUSE Linux Enterprise Desktop 15 SP5

* SUSE Linux Enterprise Desktop 15 SP6

* SUSE Linux Enterprise High Performance Computing 15

* SUSE Linux Enterprise High Performance Computing 15 SP1

* SUSE Linux Enterprise High Performance Computing 15 SP2

* SUSE Linux Enterprise High Performance Computing 15 SP3

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2023:2181-1
Rating: important

Topics%20covered

Topics Covered

security advisory security update important authentication bypass SUSE Linux Enterprise SUSE Manager Server update

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here