Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

SUSE: 2024:3267-1 Important: Two Security Fixes for Client Tools

suse
Calendar Grey September 17, 2024
Dist Suse Esm H88
This bulletin details essential updates for SUSE Manager Client Tools, focusing on two critical issues along with various security enhancements.
* bsc#1220136 * bsc#1224349 * bsc#1225349 * bsc#1226191 * bsc#1226284

Summary

## This update fixes the following issues: golang-github-prometheus-prometheus: * Security issues fixed: * CVE-2024-6104: Update go-retryablehttp to version 0.7.7 (bsc#1227038) * CVE-2023-45142: Updated otelhttp to version 0.46.1 (bsc#1228556) * Require Go > 1.20 for building * Migrate from `disabled` to `manual` service mode * Update to 2.45.6 (jsc#PED-3577): * Security fixes in dependencies * Update to 2.45.5: * [BUGFIX] tsdb/agent: ensure that new series get written to WAL on rollback. * [BUGFIX] Remote write: Avoid a race condition when applying configuration. * Update to 2.45.4: * [BUGFIX] Remote read: Release querier resources before encoding the results. * Update to 2.45.3: * [BUGFIX] TSDB: Remove double memory snapshot on shutdown. * Update to 2.45.2:

Topics%20covered

Topics Covered

security advisory security fix important SUSE updates CVE reference client tools

References

* bsc#1220136

* bsc#1224349

* bsc#1225349

* bsc#1226191

* bsc#1226284

* bsc#1226437

* bsc#1226759

* bsc#1226793

* bsc#1226847

* bsc#1226914

* bsc#1227038

* bsc#1227195

* bsc#1227244

* bsc#1227245

* bsc#1227505

* bsc#1227584

* bsc#1227586

* bsc#1227588

* bsc#1227718

* bsc#1227951

* bsc#1228026

* bsc#1228183

* bsc#1228198

* bsc#1228556

* jsc#MSQA-848

* jsc#PED-3577

Cross-

* CVE-2023-45142

* CVE-2024-6104

CVSS scores:

* CVE-2023-45142 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-45142 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-6104 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

* CVE-2024-6104 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.3

* openSUSE Leap 15.4

* openSUSE Leap 15.5

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:3267-1
Rating: important

Topics%20covered

Topics Covered

security advisory security fix important SUSE updates CVE reference client tools

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here