Explore top 10 tips to secure your open-source projects now. Read More
×* bsc#1227577 * bsc#1246277 * bsc#1246439 * bsc#1250911 * jsc#MSQA-1026 . # Security update 4.3.16.1 SUSE Manager Server and Proxy 4.3 LTS Announcement ID: SUSE-SU-2025:3826-1 Release Date: 2025-10-28T07:26:47Z Rating: important References: * bsc#1227577 * bsc#1246277 * bsc#1246439 * bsc#1250911 * jsc#MSQA-1026 Cross-References: * CVE-2025-53880 * CVE-2025-53883 CVSS scores: * CVE-2025-53880 ( SUSE ): 8.7 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-53880 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 LTS * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 LTS An update that solves two vulnerabilities, contains one feature and has two security fixes can now be installed. ## Security update 4.3.16.1 for SUSE Manager Proxy and Retail Branch 4.3 LTS ### Description: This update fixes the following issues: susemanager-build-keys: * Update SUSE GPG key and make it available for Salt (bsc#1250911) susemanager-tftpsync-recv: * Version 4.3.11-0 with security fix: * CVE-2025-53880: Sanitize path in sync-proxy script (bsc#1246277) rhnlib: * Version 4.3.7-0: * Use more secure defusedxml parser (bsc#1227577) spacewalk-backend: * Version 4.3.34-0: * Use more secure defusedxml parser (bsc#1227577) spacewalk-web: * Version 4.3.46-0: * Bumped the WebUI version to 4.3.16.1 proxy-helm, proxy-httpd-image, proxy-salt-broker-image, proxy-squid-image, proxy-ssh-image, proxy-tftpd-image: * Images rebuilt to the newest version with updated dependencies How to apply this update: 1. Log in as root user to the SUSE Multi-Linux Manager Proxy or Retail Branch Server. 2. Stop the proxy service: `spacewalk-proxy stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-proxy start` ## Security update 4.3.16.1 for SUSEManager Server 4.3 LTS ### Description: This update fixes the following issues: susemanager-build-keys: * Update SUSE GPG key and make it available for Salt (bsc#1250911) susemanager-sls: * Version 4.3.50-0 * Fix OS Family grain name (bsc#1250911) * Version 4.3.49-0 * Fixed syntax error in Salt state * Version 4.3.48-0 * Automatically deploy the SUSE GPG key (bsc#1250911) spacewalk-java: * Version 4.3.88-0 with security fix: * CVE-2025-53883: Escape input strings in system search form (bsc#1246439) rhnlib: * Version 4.3.7-0: * Use more secure defusedxml parser (bsc#1227577) spacewalk-backend: * Version 4.3.34-0: * Use more secure defusedxml parser (bsc#1227577) spacewalk-web: * Version 4.3.46-0: * Bumped the WebUI version to 4.3.16.1 How to apply this update: 1. Log in as root user to the Multi-Linux Manager Server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Proxy 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-3826=1 * SUSE Manager Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-3826=1 ## Package List: * SUSE Manager Proxy 4.3 LTS (noarch) * susemanager-build-keys-15.4.11-150400.3.38.1 * spacewalk-base-minimal-config-4.3.46-150400.3.63.5 * python3-rhnlib-4.3.7-150400.3.9.4 * spacewalk-backend-4.3.34-150400.3.58.6 * susemanager-tftpsync-recv-4.3.11-150400.3.15.3 * susemanager-build-keys-web-15.4.11-150400.3.38.1 * spacewalk-base-minimal-4.3.46-150400.3.63.5 * SUSE Manager Server 4.3 LTS (noarch) * spacewalk-backend-xmlrpc-4.3.34-150400.3.58.6 * spacewalk-base-4.3.46-150400.3.63.5 * spacewalk-html-4.3.46-150400.3.63.5 * spacewalk-base-minimal-config-4.3.46-150400.3.63.5 * spacewalk-backend-sql-4.3.34-150400.3.58.6 * spacewalk-java-lib-4.3.88-150400.3.113.5 * spacewalk-backend-app-4.3.34-150400.3.58.6 * spacewalk-backend-sql-postgresql-4.3.34-150400.3.58.6 * spacewalk-taskomatic-4.3.88-150400.3.113.5 * spacewalk-java-config-4.3.88-150400.3.113.5 * susemanager-sls-4.3.50-150400.3.68.1 * spacewalk-backend-iss-4.3.34-150400.3.58.6 * python3-rhnlib-4.3.7-150400.3.9.4 * spacewalk-backend-applet-4.3.34-150400.3.58.6 * spacewalk-java-postgresql-4.3.88-150400.3.113.5 * spacewalk-backend-xml-export-libs-4.3.34-150400.3.58.6 * spacewalk-backend-config-files-common-4.3.34-150400.3.58.6 * spacewalk-backend-tools-4.3.34-150400.3.58.6 * spacewalk-backend-iss-export-4.3.34-150400.3.58.6 * uyuni-config-modules-4.3.50-150400.3.68.1 * spacewalk-backend-config-files-tool-4.3.34-150400.3.58.6 * spacewalk-backend-config-files-4.3.34-150400.3.58.6 * spacewalk-backend-package-push-server-4.3.34-150400.3.58.6 * spacewalk-backend-server-4.3.34-150400.3.58.6 * susemanager-build-keys-15.4.11-150400.3.38.1 * spacewalk-backend-4.3.34-150400.3.58.6 * susemanager-build-keys-web-15.4.11-150400.3.38.1 * spacewalk-base-minimal-4.3.46-150400.3.63.5 * spacewalk-java-4.3.88-150400.3.113.5 ## References: * https://www.suse.com/security/cve/CVE-2025-53880.html * https://www.suse.com/security/cve/CVE-2025-53883.html * https://bugzilla.suse.com/show_bug.cgi?id=1227577 * https://bugzilla.suse.com/show_bug.cgi?id=1246277 * https://bugzilla.suse.com/show_bug.cgi?id=1246439 * https://bugzilla.suse.com/show_bug.cgi?id=1250911 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FMSQA-1026&page_caps=&user_role= . Update released for SUSE Manager Proxy and Server 4.3 LTS to address key issues and improve security functionalities.. SUSE Manager Proxy Update, SUSE Security Fix, SUSEManager Server, Important Security Advisory. . Severity: Important. LinuxSecurity.com Team
* bsc#1211649 * bsc#1211888 * bsc#1216850 * bsc#1218482 * bsc#1219001 . # Security update for SUSE Manager Client Tools Announcement ID: SUSE-SU-202404:15254-1 Rating: moderate References: * bsc#1211649 * bsc#1211888 * bsc#1216850 * bsc#1218482 * bsc#1219001 * bsc#1219430 * bsc#1219431 * jsc#ECO-3319 * jsc#MSQA-760 Cross-References: * CVE-2024-22231 * CVE-2024-22232 CVSS scores: * CVE-2024-22231 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N * CVE-2024-22232 ( SUSE ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: * SUSE Manager Client Tools for Ubuntu 20.04 2004 An update that solves two vulnerabilities, contains two features and has five security fixes can now be installed. ## Description: This update fixes the following issues: salt: * Prevent directory traversal when creating syndic cache directory on the master (CVE-2024-22231, bsc#1219430) * Prevent directory traversal attacks in the master's serve_file method (CVE-2024-22232, bsc#1219431) * Convert oscap output to UTF-8 * Make Salt compatible with Python 3.11 * Ignore non-ascii chars in oscap output (bsc#1219001) * Fix detected issues in Salt tests when running on VMs * Make importing seco.range thread safe (bsc#1211649) * Fix problematic tests and allow smooth tests executions on containers * Discover Ansible playbook files as " _.yml " or "_.yaml" files (bsc#1211888) * Provide user(salt)/group(salt) capabilities for RPM 4.19 * Extend dependencies for python3-salt-testsuite and python3-salt packages * Improve Salt and testsuite packages multibuild * Enable multibuild and create test flavor * Additionally we require python-mock just for older Python versions. * Prevent exceptions with fileserver.update when called via state (bsc#1218482) * Improve pip target override condition with VENV_PIP_TARGET environment variable (bsc#1216850) * Fixed KeyError in logs when running a state thatfails scap-security-guide: * Updated to 0.1.71 (jsc#ECO-3319) * Add RHEL 9 STIG * Add support for Debian 12 * Update PCI-DSS profile for RHEL * lots of bugfixes and improvements for SLE spacecmd: * Version 4.3.27-0 * Update translation strings ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Ubuntu 20.04 2004 zypper in -t patch suse-ubu204ct-client-tools-202404-15254=1 ## Package List: * SUSE Manager Client Tools for Ubuntu 20.04 2004 (all) * salt-common-3006.0+ds-1+2.122.2 * salt-minion-3006.0+ds-1+2.122.2 * scap-security-guide-ubuntu-0.1.71-2.41.2 * spacecmd-4.3.27-2.81.2 ## References: * https://www.suse.com/security/cve/CVE-2024-22231.html * https://www.suse.com/security/cve/CVE-2024-22232.html * https://bugzilla.suse.com/show_bug.cgi?id=1211649 * https://bugzilla.suse.com/show_bug.cgi?id=1211888 * https://bugzilla.suse.com/show_bug.cgi?id=1216850 * https://bugzilla.suse.com/show_bug.cgi?id=1218482 * https://bugzilla.suse.com/show_bug.cgi?id=1219001 * https://bugzilla.suse.com/show_bug.cgi?id=1219430 * https://bugzilla.suse.com/show_bug.cgi?id=1219431 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FECO-3319&page_caps=&user_role= * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FMSQA-760&page_caps=&user_role= . SUSE Manager Client Tools enhancement tackles vulnerabilities in directory traversal with crucial improvements. Prioritize security and knowledge!. SUSE Manager, Client Tools, Security Update, Directory Traversal, System Administration. . LinuxSecurity.com Team
* bsc#1211649 * bsc#1211888 * bsc#1216850 * bsc#1218482 * bsc#1219001 . # Security update for SUSE Manager Salt Bundle Announcement ID: SUSE-SU-202404:15258-1 Rating: moderate References: * bsc#1211649 * bsc#1211888 * bsc#1216850 * bsc#1218482 * bsc#1219001 * bsc#1219430 * bsc#1219431 * jsc#MSQA-760 Cross-References: * CVE-2024-22231 * CVE-2024-22232 CVSS scores: * CVE-2024-22231 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N * CVE-2024-22232 ( SUSE ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: * SUSE Manager Client Tools for Ubuntu 22.04 2204 An update that solves two vulnerabilities, contains one feature and has five security fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master (bsc#1219430) * CVE-2024-22232: Prevent directory traversal attacks in the master's serve_file method (bsc#1219431) * Convert oscap output to UTF-8 * Make Salt compatible with Python 3.11 * Ignore non-ascii chars in oscap output (bsc#1219001) * Fix detected issues in Salt tests when running on VMs * Make importing seco.range thread safe (bsc#1211649) * Fix problematic tests and allow smooth tests executions on containers * Discover Ansible playbook files as " _.yml " or "_.yaml" files (bsc#1211888) * Prevent exceptions with fileserver.update when called via state (bsc#1218482) * Improve pip target override condition with VENV_PIP_TARGET environment variable (bsc#1216850) * Fixed KeyError in logs when running a state that fails ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Ubuntu 22.04 2204 zypper in -t patchsuse-ubu224ct-client-tools-202404-15258=1 ## Package List: * SUSE Manager Client Tools for Ubuntu 22.04 2204 (amd64) * venv-salt-minion-3006.0-2.43.3 ## References: * https://www.suse.com/security/cve/CVE-2024-22231.html * https://www.suse.com/security/cve/CVE-2024-22232.html * https://bugzilla.suse.com/show_bug.cgi?id=1211649 * https://bugzilla.suse.com/show_bug.cgi?id=1211888 * https://bugzilla.suse.com/show_bug.cgi?id=1216850 * https://bugzilla.suse.com/show_bug.cgi?id=1218482 * https://bugzilla.suse.com/show_bug.cgi?id=1219001 * https://bugzilla.suse.com/show_bug.cgi?id=1219430 * https://bugzilla.suse.com/show_bug.cgi?id=1219431 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FMSQA-760&page_caps=&user_role= . SUSE Manager Salt Bundle vulnerability notification delivering essential security patches and updates focused on medium-level risks for Ubuntu 22.04.. SUSE Manager, Salt Bundle, Directory Traversal, Security Fixes, Ubuntu 22.04. . LinuxSecurity.com Team
An update that solves three vulnerabilities, contains one feature and has 39 security fixes can now be installed.. # Security update for SUSE Manager 4.3.11 Release Notes Announcement ID: SUSE-SU-2024:0513-1 Rating: important References: * bsc#1170848 * bsc#1210911 * bsc#1211254 * bsc#1211560 * bsc#1211912 * bsc#1213079 * bsc#1213507 * bsc#1213738 * bsc#1213981 * bsc#1214077 * bsc#1214791 * bsc#1215166 * bsc#1215514 * bsc#1215769 * bsc#1215810 * bsc#1215813 * bsc#1215982 * bsc#1216114 * bsc#1216394 * bsc#1216437 * bsc#1216550 * bsc#1216657 * bsc#1216753 * bsc#1216781 * bsc#1216988 * bsc#1217069 * bsc#1217209 * bsc#1217588 * bsc#1217784 * bsc#1217869 * bsc#1218019 * bsc#1218074 * bsc#1218075 * bsc#1218089 * bsc#1218094 * bsc#1218146 * bsc#1218490 * bsc#1218615 * bsc#1218669 * bsc#1218849 * bsc#1219577 * bsc#1219850 * jsc#MSQA-719 Cross-References: * CVE-2023-32189 * CVE-2024-22231 * CVE-2024-22232 CVSS scores: * CVE-2024-22231 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N * CVE-2024-22232 ( SUSE ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves three vulnerabilities, contains one feature and has 39 security fixes can now be installed. ## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.3 ### Description: This update fixes the following issues: release-notes-susemanager-proxy: * Update to SUSE Manager 4.3.11 * Bugs mentioned: bsc#1213738, bsc#1216657, bsc#1216781, bsc#1217209, bsc#1217588 bsc#1218615, bsc#1218849, bsc#1219577, bsc#1219850 ## Security update for SUSE Manager Server 4.3 ### Description: This update fixes the following issues: release-notes-susemanager: * Update to SUSE Manager 4.3.11 * Migrate from RHEL and its clones to SUSE Liberty Linux * Rebootrequired indication for non-SUSE distributions * SSH key rotation for enhanced security * Configure remote command execution * End of Debian 10 support * CVEs fixed: CVE-2023-32189, CVE-2024-22231, CVE-2024-22232 * Bugs mentioned: bsc#1170848, bsc#1210911, bsc#1211254, bsc#1211560, bsc#1211912 bsc#1213079, bsc#1213507, bsc#1213738, bsc#1213981, bsc#1214077 bsc#1214791, bsc#1215166, bsc#1215514, bsc#1215769, bsc#1215810 bsc#1215813, bsc#1215982, bsc#1216114, bsc#1216394, bsc#1216437 bsc#1216550, bsc#1216657, bsc#1216753, bsc#1216781, bsc#1216988 bsc#1217069, bsc#1217209, bsc#1217588, bsc#1217784, bsc#1217869 bsc#1218019, bsc#1218074, bsc#1218075, bsc#1218089, bsc#1218094 bsc#1218490, bsc#1218615, bsc#1218669, bsc#1218849, bsc#1219577 bsc#1219850, bsc#1218146 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-513=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-513=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-513=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-513=1 ## Package List: * openSUSE Leap 15.4 (noarch) * release-notes-susemanager-proxy-4.3.11-150400.3.79.1 * release-notes-susemanager-4.3.11-150400.3.100.1 * SUSE Manager Proxy 4.3 (noarch) * release-notes-susemanager-proxy-4.3.11-150400.3.79.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * release-notes-susemanager-proxy-4.3.11-150400.3.79.1 * SUSE Manager Server 4.3 (noarch) * release-notes-susemanager-4.3.11-150400.3.100.1 ## References: * https://www.suse.com/security/cve/CVE-2023-32189.html * https://www.suse.com/security/cve/CVE-2024-22231.html *https://www.suse.com/security/cve/CVE-2024-22232.html * https://bugzilla.suse.com/show_bug.cgi?id=1170848 * https://bugzilla.suse.com/show_bug.cgi?id=1210911 * https://bugzilla.suse.com/show_bug.cgi?id=1211254 * https://bugzilla.suse.com/show_bug.cgi?id=1211560 * https://bugzilla.suse.com/show_bug.cgi?id=1211912 * https://bugzilla.suse.com/show_bug.cgi?id=1213079 * https://bugzilla.suse.com/show_bug.cgi?id=1213507 * https://bugzilla.suse.com/show_bug.cgi?id=1213738 * https://bugzilla.suse.com/show_bug.cgi?id=1213981 * https://bugzilla.suse.com/show_bug.cgi?id=1214077 * https://bugzilla.suse.com/show_bug.cgi?id=1214791 * https://bugzilla.suse.com/show_bug.cgi?id=1215166 * https://bugzilla.suse.com/show_bug.cgi?id=1215514 * https://bugzilla.suse.com/show_bug.cgi?id=1215769 * https://bugzilla.suse.com/show_bug.cgi?id=1215810 * https://bugzilla.suse.com/show_bug.cgi?id=1215813 * https://bugzilla.suse.com/show_bug.cgi?id=1215982 * https://bugzilla.suse.com/show_bug.cgi?id=1216114 * https://bugzilla.suse.com/show_bug.cgi?id=1216394 * https://bugzilla.suse.com/show_bug.cgi?id=1216437 * https://bugzilla.suse.com/show_bug.cgi?id=1216550 * https://bugzilla.suse.com/show_bug.cgi?id=1216657 * https://bugzilla.suse.com/show_bug.cgi?id=1216753 * https://bugzilla.suse.com/show_bug.cgi?id=1216781 * https://bugzilla.suse.com/show_bug.cgi?id=1216988 * https://bugzilla.suse.com/show_bug.cgi?id=1217069 * https://bugzilla.suse.com/show_bug.cgi?id=1217209 * https://bugzilla.suse.com/show_bug.cgi?id=1217588 * https://bugzilla.suse.com/show_bug.cgi?id=1217784 * https://bugzilla.suse.com/show_bug.cgi?id=1217869 * https://bugzilla.suse.com/show_bug.cgi?id=1218019 * https://bugzilla.suse.com/show_bug.cgi?id=1218074 * https://bugzilla.suse.com/show_bug.cgi?id=1218075 * https://bugzilla.suse.com/show_bug.cgi?id=1218089 * https://bugzilla.suse.com/show_bug.cgi?id=1218094 * https://bugzilla.suse.com/show_bug.cgi?id=1218146 *https://bugzilla.suse.com/show_bug.cgi?id=1218490 * https://bugzilla.suse.com/show_bug.cgi?id=1218615 * https://bugzilla.suse.com/show_bug.cgi?id=1218669 * https://bugzilla.suse.com/show_bug.cgi?id=1218849 * https://bugzilla.suse.com/show_bug.cgi?id=1219577 * https://bugzilla.suse.com/show_bug.cgi?id=1219850 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FMSQA-719&page_caps=&user_role= . SUSE Manager 4.3.11 has been released to mitigate security vulnerabilities and implement critical updates across multiple impacted software offerings.. SUSE Manager,SUSE Leap,Security Update,Software Patch. . Severity: Critical. LinuxSecurity.com Team
The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4227-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.10 , suse/manager/4.3/proxy-httpd:4.3.10.9.43.6 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.10 , suse/manager/4.3/proxy-httpd:susemanager-4.3.10.9.43.6 Container Release : 9.43.6 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated . SUSE Container Notification for suse/manager/4.3/proxy-httpd addressing critical security flaws.. SUSE Container, Proxy-Httpd, Nginx, Security Update. . LinuxSecurity.com Team
The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4184-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.10 , suse/manager/4.3/proxy-httpd:4.3.10.9.43.4 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.10 , suse/manager/4.3/proxy-httpd:susemanager-4.3.10.9.43.4 Container Release : 9.43.4 Severity : moderate Type : security References : 1217592 CVE-2023-49083 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4843-1 Released: Thu Dec 14 12:22:44 2023 Summary: Security update for python3-cryptography Type: security Severity: moderate References: 1217592,CVE-2023-49083 This update for python3-cryptography fixes the following issues: - CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592). The following package changes have been done: - python3-cryptography-3.3.2-150400.23.1 updated . SUSE updates the suse/manager/4.3/proxy-httpd container, addressing issues and improving security measures.. SUSE Container Update, Proxy-Httpd Security Fix, Python3-Cryptography Update. . LinuxSecurity.com Team
* bsc#1191143 * bsc#1204235 * bsc#1207012 * bsc#1207532 * bsc#1210928 . # Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server Announcement ID: SUSE-SU-2023:4737-1 Rating: important References: * bsc#1191143 * bsc#1204235 * bsc#1207012 * bsc#1207532 * bsc#1210928 * bsc#1210930 * bsc#1211355 * bsc#1211560 * bsc#1211649 * bsc#1212695 * bsc#1212904 * bsc#1213469 * bsc#1214186 * bsc#1214471 * bsc#1214601 * bsc#1214759 * bsc#1215209 * bsc#1215514 * bsc#1215949 * bsc#1216030 * bsc#1216041 * bsc#1216085 * bsc#1216128 * bsc#1216380 * bsc#1216506 * bsc#1216555 * bsc#1216690 * bsc#1216754 * bsc#1217038 * bsc#1217223 * bsc#1217224 * jsc#MSQA-708 * jsc#SUMA-282 Cross-References: * CVE-2023-22644 CVSS scores: * CVE-2023-22644 ( NVD ): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 Module 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that solves one vulnerability, contains two features and has 30 security fixes can now be installed. ## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.3 ### Description: This update fixes the following issues: spacecmd: * Version 4.3.25-1 * Update translation strings spacewalk-backend: * Version 4.3.25-1 * Use the new apache2-mod_wsgi package name * Set stricter file permissions for config file * Add table statistics and options to the support config database output * Add CLM data collection tospacewalk-debug spacewalk-client-tools: * Version 4.3.17-1 * Update translation strings spacewalk-proxy: * Version 4.3.17-1 * Use the new apache2-mod_wsgi package name spacewalk-web: * Version 4.3.36-1 * Safeguard request URLs against tempering (bsc#1216754) * Improve datetimepicker input formatting * Improve logging to better capture third-party library issues * Simplify and modernize password generation logic * Update webpack to 5.88.2 * Handle new message from subscription-matcher (bsc#1216506) * Add sanity checks for FQDNs in proxy configuration dialog * Add option to filter packages by build time in CLM (jsc#SUMA-282) susemanager-tftpsync-recv: * Version 4.3.9-1 * Use the new apache2-mod_wsgi package name * Build with Python 3 and clean up references to Python 2 How to apply this update: 1. Log in as root user to the SUSE Manager Proxy or Retail Branch Server. 2. Stop the proxy service: `spacewalk-proxy stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-proxy start` ## Security update for SUSE Manager Server 4.3 ### Description: This update fixes the following issues: billing-data-service: * Version 4.3.2-1 * Relax dependency to csp-billing-adapter-service inter-server-sync: * Version 0.3.1 * Require at least Go 1.20 for building SUSE packages spacecmd: * Version 4.3.25-1 * Update translation strings spacewalk-backend: * Version 4.3.25-1 * Use the new apache2-mod_wsgi package name * Set stricter file permissions for config file * Add table statistics and options to the support config database output * Add CLM data collection to spacewalk-debug spacewalk-client-tools: * Version 4.3.17-1 * Update translation strings spacewalk-java: * Version 4.3.69-1 * Security fixes: * CVE-2023-22644: Sanitize token before logging it (bsc#1210930) * CVE-2023-22644: Fix permissions for logfiles (bsc#1210928) * CVE-2023-22644: Log potential sensitive information only in debug mode (bsc#1210928) *Non security fixes: * Include in API response reboot_suggested and restart_suggested booleans * Fix filter ID comparison when attaching filters to a CLM project (bsc#1215949) * Fix validation of lists with empty defaults in formulas (bsc#1216555) * Safeguard request URLs against tempering (bsc#1216754) * Improve logging to better capture third-party library issues * Fix issue of non-installed package listed as errata package update candidates (bsc#1212904) * Fix issue with reporting database query pagination * Update tomcat jars to version greater than 9.0.75 * Fix notification messages email content (bsc#1216041) * Look for the PAYG CA certificate location in different order to find and import the correct one (bsc#1214759) * Add salt-api socket timeout to abort stuck taskomatic jobs (bsc#1211649) * Fix SUSE Linux Enterprise Micro PAYG detection * Wait for lock to execute SCC sync task (bsc#1216030) * Fix url pointing to SCC (bsc#1216690) * Prevent download when a PAYG Server is not compliant * Fix system.provisionSystem xmlrpc endpoint to calculate host properly (bsc#1215209) * Include "uuid" as system search xmlrpc results (bsc#1216380) * Prevent losing Remote Command action result if returned JSON cannot be parsed * Add PAYG info to UI and rest API * Add management restrictions to SUMA PAYG when dealing with BYOS instances when no SCC credentials are set * Fix issue where bad SCC credentials were preventing other credentials to refresh (bsc#1211355) * Fix conversion to string if branchid is numeric in PXEEvent * Fix token validation for shared (public) child channels (bsc#1216128) * Prevent NullPointerException in updateSystemInfo (bsc#1217224) * Update SCC REST call to register systems in bulk * Enhance hardware data sent to SCC by memory * Fix FQDN machine name mapping on proxy configuration * Fix NullPointerException when creating PXE config for an unmanaged profile (bsc#1217223) * Add option to filter packages by build time in CLM (jsc#SUMA-282) * Consider server id whenremoving invalid erratas from rhnSet (bsc#1204235,bsc#1207012,bsc#1211560) * Fix createSystemRecord XML-RPC API call so the Cobbler UID is persisted (bsc#1207532) spacewalk-search: * Version 4.3.10-1 * Include "uuid" as system search result attribute (bsc#1216380) spacewalk-web: * Version 4.3.36-1 * Safeguard request URLs against tempering (bsc#1216754) * Improve datetimepicker input formatting * Improve logging to better capture third-party library issues * Simplify and modernize password generation logic * Update webpack to 5.88.2 * Handle new message from subscription-matcher (bsc#1216506) * Add sanity checks for FQDNs in proxy configuration dialog * Add option to filter packages by build time in CLM (jsc#SUMA-282) subscription-matcher: * Version 0.33 * Added missing part numbers (bsc#1216506) * Ignore subscriptions without any associated products (bsc#1216506) * Update Guava to version 32.0 susemanager: * Version 4.3.33-1 * Add bootstrap repository data for SUSE Linux Enterprise Micro 5.5 (bsc#1217038) susemanager-docs_en: * Add SUSE Liberty Linux versions 7 and 8 to the supported features matrix in the Client Configuration Guide * Add support for SUSE Linux Enterprise Micro 5.5 and openSUSE Leap Micro 5.5 clients to the Installation and Upgrade Guide, and to the Client Configuration Guide * Update Twitter handle reference in documentation user interface * Update feature table and add legend in the Configuration Management section of the Client Configuration Guide * Fix parameter name in the Register clients section of the Client Configuration Guide * Fix links to HTML output of SUSE Linux Enterprise Server 15 SP4 documentation * Add note about using short hostname in the Quick Start: SAP guide (bsc#1212695) * Mention the option to install Prometheus on Retail branch servers (bsc#1191143) * Fix link loop and clarify some server upgrade description details in the Installation and Upgrade Guide (bsc#1214471) * SUSE Manager 4.3 is based on SUSE Linux Enterprise 15SP4; update the installation procedure (bsc#1213469) susemanager-schema: * Version 4.3.22-1 * Drop special versioned schema files * Add unique index for rhnpackagechangelogdata table susemanager-sls: * Version 4.3.37-1 * Disable dnf_rhui_plugin as it breaks our susemanagerplugin (bsc#1214601) * Fix susemanagerplugin to not overwrite header fields set by other plugins * Let the DNF plugin log when a token was set * Retry loading of pillars from DB on connection error (bsc#1214186) * Recognize squashfs build results from KIWI (bsc#1216085) susemanager-sync-data: * Version 4.3.14-1 * SUSE Linux Enterprise 15 SP4 Long Term Service Pack Support (LTSS) * Extended Service Pack Overlay Support (ESPOS) for High Performance Computing 15 SP5 * Long Term Service Pack Support (LTSS) for High Performance Computing 15 SP5 * Update Open Enterprise Server to 2023.4 (bsc#1215514) uyuni-reportdb-schema: * Version 4.3.8-1 * Provide reportdb upgrade schema path structure How to apply this update: 1. Log in as root user to the SUSE Manager Server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` ## Recommended update for apache2-mod_wsgi ### Description: This update fixes the following issues: apache2-mod_wsgi: * Ensure the binaries are included in SUSE Manager Server ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4737=1 openSUSE-SLE-15.4-2023-4737=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4737=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4737=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-4737=1 * SUSE Manager Proxy 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-4737=1 * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-4737=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * apache2-mod_wsgi-debugsource-4.7.1-150400.3.9.4 * apache2-mod_wsgi-4.7.1-150400.3.9.4 * apache2-mod_wsgi-debuginfo-4.7.1-150400.3.9.4 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * apache2-mod_wsgi-debugsource-4.7.1-150400.3.9.4 * apache2-mod_wsgi-4.7.1-150400.3.9.4 * apache2-mod_wsgi-debuginfo-4.7.1-150400.3.9.4 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * apache2-mod_wsgi-debugsource-4.7.1-150400.3.9.4 * apache2-mod_wsgi-4.7.1-150400.3.9.4 * apache2-mod_wsgi-debuginfo-4.7.1-150400.3.9.4 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * apache2-mod_wsgi-debugsource-4.7.1-150400.3.9.4 * apache2-mod_wsgi-4.7.1-150400.3.9.4 * apache2-mod_wsgi-debuginfo-4.7.1-150400.3.9.4 * SUSE Manager Proxy 4.3 Module 4.3 (x86_64) * apache2-mod_wsgi-debugsource-4.7.1-150400.3.9.4 * apache2-mod_wsgi-4.7.1-150400.3.9.4 * apache2-mod_wsgi-debuginfo-4.7.1-150400.3.9.4 * SUSE Manager Proxy 4.3 Module 4.3 (noarch) * spacecmd-4.3.25-150400.3.30.5 * python3-spacewalk-client-tools-4.3.17-150400.3.21.6 * spacewalk-proxy-redirect-4.3.17-150400.3.23.5 * spacewalk-client-setup-4.3.17-150400.3.21.6 * python3-spacewalk-check-4.3.17-150400.3.21.6 * spacewalk-proxy-broker-4.3.17-150400.3.23.5 * spacewalk-proxy-common-4.3.17-150400.3.23.5 * spacewalk-backend-4.3.25-150400.3.33.7 * spacewalk-proxy-salt-4.3.17-150400.3.23.5 * spacewalk-check-4.3.17-150400.3.21.6 * spacewalk-proxy-management-4.3.17-150400.3.23.5 * spacewalk-proxy-package-manager-4.3.17-150400.3.23.5 * python3-spacewalk-client-setup-4.3.17-150400.3.21.6 * spacewalk-client-tools-4.3.17-150400.3.21.6 * spacewalk-base-minimal-4.3.36-150400.3.36.7 * susemanager-tftpsync-recv-4.3.9-150400.3.9.5 * spacewalk-base-minimal-config-4.3.36-150400.3.36.7 * SUSE ManagerServer 4.3 Module 4.3 (ppc64le s390x x86_64) * apache2-mod_wsgi-debugsource-4.7.1-150400.3.9.4 * apache2-mod_wsgi-debuginfo-4.7.1-150400.3.9.4 * inter-server-sync-0.3.1-150400.3.24.5 * susemanager-tools-4.3.33-150400.3.42.4 * susemanager-4.3.33-150400.3.42.4 * apache2-mod_wsgi-4.7.1-150400.3.9.4 * inter-server-sync-debuginfo-0.3.1-150400.3.24.5 * SUSE Manager Server 4.3 Module 4.3 (noarch) * spacewalk-backend-config-files-tool-4.3.25-150400.3.33.7 * spacewalk-search-4.3.10-150400.3.15.4 * python3-spacewalk-client-tools-4.3.17-150400.3.21.6 * susemanager-sync-data-4.3.14-150400.3.17.5 * spacewalk-backend-config-files-common-4.3.25-150400.3.33.7 * susemanager-docs_en-pdf-4.3-150400.9.50.5 * spacewalk-backend-sql-postgresql-4.3.25-150400.3.33.7 * spacewalk-base-4.3.36-150400.3.36.7 * susemanager-schema-4.3.22-150400.3.30.5 * spacewalk-backend-iss-4.3.25-150400.3.33.7 * spacewalk-taskomatic-4.3.69-150400.3.69.5 * susemanager-docs_en-4.3-150400.9.50.5 * susemanager-sls-4.3.37-150400.3.37.5 * spacewalk-client-tools-4.3.17-150400.3.21.6 * spacecmd-4.3.25-150400.3.30.5 * spacewalk-html-4.3.36-150400.3.36.7 * spacewalk-backend-xmlrpc-4.3.25-150400.3.33.7 * susemanager-schema-utility-4.3.22-150400.3.30.5 * spacewalk-backend-iss-export-4.3.25-150400.3.33.7 * spacewalk-base-minimal-config-4.3.36-150400.3.36.7 * spacewalk-backend-xml-export-libs-4.3.25-150400.3.33.7 * spacewalk-java-config-4.3.69-150400.3.69.5 * spacewalk-backend-config-files-4.3.25-150400.3.33.7 * spacewalk-backend-sql-4.3.25-150400.3.33.7 * uyuni-reportdb-schema-4.3.8-150400.3.9.6 * spacewalk-java-4.3.69-150400.3.69.5 * spacewalk-backend-server-4.3.25-150400.3.33.7 * subscription-matcher-0.33-150400.3.16.3 * spacewalk-java-lib-4.3.69-150400.3.69.5 * spacewalk-base-minimal-4.3.36-150400.3.36.7 * spacewalk-java-postgresql-4.3.69-150400.3.69.5 * billing-data-service-4.3.2-150400.10.12.5 * spacewalk-backend-tools-4.3.25-150400.3.33.7 * spacewalk-backend-applet-4.3.25-150400.3.33.7 *spacewalk-backend-4.3.25-150400.3.33.7 * uyuni-config-modules-4.3.37-150400.3.37.5 * spacewalk-backend-package-push-server-4.3.25-150400.3.33.7 * spacewalk-backend-app-4.3.25-150400.3.33.7 ## References: * https://www.suse.com/security/cve/CVE-2023-22644.html * https://bugzilla.suse.com/show_bug.cgi?id=1191143 * https://bugzilla.suse.com/show_bug.cgi?id=1204235 * https://bugzilla.suse.com/show_bug.cgi?id=1207012 * https://bugzilla.suse.com/show_bug.cgi?id=1207532 * https://bugzilla.suse.com/show_bug.cgi?id=1210928 * https://bugzilla.suse.com/show_bug.cgi?id=1210930 * https://bugzilla.suse.com/show_bug.cgi?id=1211355 * https://bugzilla.suse.com/show_bug.cgi?id=1211560 * https://bugzilla.suse.com/show_bug.cgi?id=1211649 * https://bugzilla.suse.com/show_bug.cgi?id=1212695 * https://bugzilla.suse.com/show_bug.cgi?id=1212904 * https://bugzilla.suse.com/show_bug.cgi?id=1213469 * https://bugzilla.suse.com/show_bug.cgi?id=1214186 * https://bugzilla.suse.com/show_bug.cgi?id=1214471 * https://bugzilla.suse.com/show_bug.cgi?id=1214601 * https://bugzilla.suse.com/show_bug.cgi?id=1214759 * https://bugzilla.suse.com/show_bug.cgi?id=1215209 * https://bugzilla.suse.com/show_bug.cgi?id=1215514 * https://bugzilla.suse.com/show_bug.cgi?id=1215949 * https://bugzilla.suse.com/show_bug.cgi?id=1216030 * https://bugzilla.suse.com/show_bug.cgi?id=1216041 * https://bugzilla.suse.com/show_bug.cgi?id=1216085 * https://bugzilla.suse.com/show_bug.cgi?id=1216128 * https://bugzilla.suse.com/show_bug.cgi?id=1216380 * https://bugzilla.suse.com/show_bug.cgi?id=1216506 * https://bugzilla.suse.com/show_bug.cgi?id=1216555 * https://bugzilla.suse.com/show_bug.cgi?id=1216690 * https://bugzilla.suse.com/show_bug.cgi?id=1216754 * https://bugzilla.suse.com/show_bug.cgi?id=1217038 * https://bugzilla.suse.com/show_bug.cgi?id=1217223 * https://bugzilla.suse.com/show_bug.cgi?id=1217224 * * . Critical upkeep instructions for SUSE Manager 4.3 targeting diverse issues and bolstering security across solutions.. SUSEManager, Security Update, Maintenance Release, SUSE Linux, Patch Instructions. . Severity: Important. LinuxSecurity.com Team
The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4169-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.10 , suse/manager/4.3/proxy-httpd:4.3.10.9.43.2 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.10 , suse/manager/4.3/proxy-httpd:susemanager-4.3.10.9.43.2 Container Release : 9.43.2 Severity : important Type : security References : 1191143 1191143 1204235 1204235 1207012 1207012 1207532 1207532 1210928 1210928 1210930 1210930 1211355 1211355 1211560 1211560 1211649 1211649 1212695 1212695 1212904 1212904 1213469 1213469 1214186 1214186 1214471 1214471 1214601 1214601 1214759 1214759 1215209 1215209 1215514 1215514 1215949 1215949 1216030 1216030 1216041 1216041 1216085 1216085 1216128 1216128 1216380 1216380 1216506 1216506 1216555 1216555 1216690 1216690 1216754 1216754 1217038 1217038 1217223 1217223 1217224 1217224 CVE-2023-22644 CVE-2023-22644 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4737-1 Released: Wed Dec 13 10:20:03 2023 Summary: Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server Type: security Severity: important References: 1191143,1204235,1207012,1207532,1210928,1210930,1211355,1211560,1211649,1212695,1212904,1213469,1214186,1214471,1214601,1214759,1215209,1215514,1215949,1216030,1216041,1216085,1216128,1216380,1216506,1216555,1216690,1216754,1217038,1217223,1217224,CVE-2023-22644 Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server This is a codestream only update ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4758-1 Released: Wed Dec 13 10:33:58 2023 Summary: Security update for SUSE Manager 4.3.10 Release Notes Type: security Severity: important References: 1191143,1204235,1207012,1207532,1210928,1210930,1211355,1211560,1211649,1212695,1212904,1213469,1214186,1214471,1214601,1214759,1215209,1215514,1215949,1216030,1216041,1216085,1216128,1216380,1216506,1216555,1216690,1216754,1217038,1217223,1217224,CVE-2023-22644 Security update for SUSE Manager 4.3.10 Release Notes: - This is a codestream only update The following package changes have been done: - release-notes-susemanager-proxy-4.3.10-150400.3.72.1 updated - apache2-mod_wsgi-4.7.1-150400.3.9.4 updated - spacewalk-backend-4.3.25-150400.3.33.7 updated - python3-spacewalk-client-tools-4.3.17-150400.3.21.6 updated - spacewalk-client-tools-4.3.17-150400.3.21.6 updated - spacewalk-proxy-package-manager-4.3.17-150400.3.23.5 updated - spacewalk-proxy-common-4.3.17-150400.3.23.5 updated - spacewalk-proxy-broker-4.3.17-150400.3.23.5 updated - susemanager-tftpsync-recv-4.3.9-150400.3.9.5 updated - spacewalk-proxy-redirect-4.3.17-150400.3.23.5 updated . The Red Hat Security Bulletin for nginx in Red Hat Satellite 6.9 brings essential patches to address security flaws.. SUSE Manager, Container Security, HTTPD Update. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.