Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

SUSE: 2024:3266-1 Important: Client Tools Security Advisory Updates

suse
Calendar Grey September 17, 2024
Scroller Suse
Essential revisions for SUSE Manager Client Utilities tackling urgent concerns and improvements accompanied by significant security patches.
* bsc#1220136 * bsc#1224349 * bsc#1225349 * bsc#1226191 * bsc#1226284

Summary

## This update fixes the following issues: golang-github-prometheus-prometheus: * Security issues fixed: * CVE-2024-6104: Update go-retryablehttp to version 0.7.7 (bsc#1227038) * CVE-2023-45142: Updated otelhttp to version 0.46.1 (bsc#1228556) * Require Go > 1.20 for building * Migrate from `disabled` to `manual` service mode * Update to 2.45.6 (jsc#PED-3577): * Security fixes in dependencies * Update to 2.45.5: * [BUGFIX] tsdb/agent: ensure that new series get written to WAL on rollback. * [BUGFIX] Remote write: Avoid a race condition when applying configuration. * Update to 2.45.4: * [BUGFIX] Remote read: Release querier resources before encoding the results. * Update to 2.45.3: * [BUGFIX] TSDB: Remove double memory snapshot on shutdown. * Update to 2.45.2:

References

* bsc#1220136

* bsc#1224349

* bsc#1225349

* bsc#1226191

* bsc#1226284

* bsc#1226437

* bsc#1226759

* bsc#1226793

* bsc#1226847

* bsc#1226914

* bsc#1227038

* bsc#1227195

* bsc#1227244

* bsc#1227245

* bsc#1227505

* bsc#1227584

* bsc#1227586

* bsc#1227588

* bsc#1227718

* bsc#1227951

* bsc#1228026

* bsc#1228183

* bsc#1228198

* bsc#1228556

* jsc#MSQA-848

* jsc#PED-3577

Cross-

* CVE-2023-45142

* CVE-2024-6104

CVSS scores:

* CVE-2023-45142 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-45142 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-6104 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

* CVE-2024-6104 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* SUSE Linux Enterprise Desktop 12

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:3266-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.