SUSE: 2024:3266-1 Important: Client Tools Security Advisory Updates

suse

September 17, 2024

* bsc#1220136 * bsc#1224349 * bsc#1225349 * bsc#1226191 * bsc#1226284

Summary

## This update fixes the following issues: golang-github-prometheus-prometheus: * Security issues fixed: * CVE-2024-6104: Update go-retryablehttp to version 0.7.7 (bsc#1227038) * CVE-2023-45142: Updated otelhttp to version 0.46.1 (bsc#1228556) * Require Go > 1.20 for building * Migrate from `disabled` to `manual` service mode * Update to 2.45.6 (jsc#PED-3577): * Security fixes in dependencies * Update to 2.45.5: * [BUGFIX] tsdb/agent: ensure that new series get written to WAL on rollback. * [BUGFIX] Remote write: Avoid a race condition when applying configuration. * Update to 2.45.4: * [BUGFIX] Remote read: Release querier resources before encoding the results. * Update to 2.45.3: * [BUGFIX] TSDB: Remove double memory snapshot on shutdown. * Update to 2.45.2:

Topics Covered

security advisory security update important SUSE Linux Enterprise client tools CVE-2023-45142 CVE-2024-6104

References

* bsc#1220136

* bsc#1224349

* bsc#1225349

* bsc#1226191

* bsc#1226284

* bsc#1226437

* bsc#1226759

* bsc#1226793

* bsc#1226847

* bsc#1226914

* bsc#1227038

* bsc#1227195

* bsc#1227244

* bsc#1227245

* bsc#1227505

* bsc#1227584

* bsc#1227586

* bsc#1227588

* bsc#1227718

* bsc#1227951

* bsc#1228026

* bsc#1228183

* bsc#1228198

* bsc#1228556

* jsc#MSQA-848

* jsc#PED-3577

Cross-

* CVE-2023-45142

* CVE-2024-6104

CVSS scores:

* CVE-2023-45142 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-45142 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-6104 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

* CVE-2024-6104 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* SUSE Linux Enterprise Desktop 12

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2024:3266-1

Rating: important

Topics Covered

security advisory security update important SUSE Linux Enterprise client tools CVE-2023-45142 CVE-2024-6104

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2024:3266-1 Important: Client Tools Security Advisory Updates

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2024:3266-1 Important: Client Tools Security Advisory Updates

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!