suse-su-2022:2567-1
Vulnerability from csaf_suse
Published
2022-07-27 13:42
Modified
2022-07-27 13:42
Summary
Important update for SUSE Manager 4.2.8 Release Notes
Notes
Title of the patch
Important update for SUSE Manager 4.2.8 Release Notes
Description of the patch
This update for SUSE Manager 4.2.8 Release Notes provides the following additions:
Release notes for SUSE Manager:
- Update to 4.2.8
* Notification about SUSE Manager end-of-life has been added
* CVEs fixed
CVE-2022-31248
* Bugs mentioned
bsc#1179962, bsc#1182742, bsc#1189501, bsc#1192850, bsc#1193032
bsc#1193238, bsc#1194262, bsc#1196977, bsc#1197429, bsc#1197507
bsc#1198191, bsc#1198356, bsc#1198358, bsc#1198429, bsc#1198646
bsc#1198686, bsc#1198914, bsc#1198944, bsc#1198999, bsc#1199019
bsc#1199036, bsc#1199049, bsc#1199438, bsc#1199466, bsc#1199523
bsc#1199528, bsc#1199577, bsc#1199596, bsc#1199629, bsc#1199646
bsc#1199656, bsc#1199677, bsc#1199679, bsc#1199727, bsc#1199874
bsc#1199888, bsc#1200087, bsc#1200703, bsc#1200707, bsc#1200863
bsc#1194394, bsc#1201842, bsc#1201782
Release notes for SUSE Manager Proxy:
- Update to 4.2.8
* Bugs mentioned
bsc#1193238, bsc#1197507, bsc#1199019, bsc#1199401, bsc#1199528
bsc#1199679, bsc#1200087
Patchnames
SUSE-2022-2567,SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2022-2567,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2022-2567,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2022-2567
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Important update for SUSE Manager 4.2.8 Release Notes",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for SUSE Manager 4.2.8 Release Notes provides the following additions:\n\nRelease notes for SUSE Manager:\n\n- Update to 4.2.8\n * Notification about SUSE Manager end-of-life has been added\n * CVEs fixed\n CVE-2022-31248\n * Bugs mentioned\n bsc#1179962, bsc#1182742, bsc#1189501, bsc#1192850, bsc#1193032\n bsc#1193238, bsc#1194262, bsc#1196977, bsc#1197429, bsc#1197507\n bsc#1198191, bsc#1198356, bsc#1198358, bsc#1198429, bsc#1198646\n bsc#1198686, bsc#1198914, bsc#1198944, bsc#1198999, bsc#1199019\n bsc#1199036, bsc#1199049, bsc#1199438, bsc#1199466, bsc#1199523\n bsc#1199528, bsc#1199577, bsc#1199596, bsc#1199629, bsc#1199646\n bsc#1199656, bsc#1199677, bsc#1199679, bsc#1199727, bsc#1199874\n bsc#1199888, bsc#1200087, bsc#1200703, bsc#1200707, bsc#1200863\n bsc#1194394, bsc#1201842, bsc#1201782\n\nRelease notes for SUSE Manager Proxy:\n\n- Update to 4.2.8\n * Bugs mentioned\n bsc#1193238, bsc#1197507, bsc#1199019, bsc#1199401, bsc#1199528\n bsc#1199679, bsc#1200087\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-2567,SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2022-2567,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2022-2567,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2022-2567",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_2567-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:2567-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20222567-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:2567-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-July/011683.html"
},
{
"category": "self",
"summary": "SUSE Bug 1179962",
"url": "https://bugzilla.suse.com/1179962"
},
{
"category": "self",
"summary": "SUSE Bug 1182742",
"url": "https://bugzilla.suse.com/1182742"
},
{
"category": "self",
"summary": "SUSE Bug 1189501",
"url": "https://bugzilla.suse.com/1189501"
},
{
"category": "self",
"summary": "SUSE Bug 1192850",
"url": "https://bugzilla.suse.com/1192850"
},
{
"category": "self",
"summary": "SUSE Bug 1193032",
"url": "https://bugzilla.suse.com/1193032"
},
{
"category": "self",
"summary": "SUSE Bug 1193238",
"url": "https://bugzilla.suse.com/1193238"
},
{
"category": "self",
"summary": "SUSE Bug 1194262",
"url": "https://bugzilla.suse.com/1194262"
},
{
"category": "self",
"summary": "SUSE Bug 1194394",
"url": "https://bugzilla.suse.com/1194394"
},
{
"category": "self",
"summary": "SUSE Bug 1196977",
"url": "https://bugzilla.suse.com/1196977"
},
{
"category": "self",
"summary": "SUSE Bug 1197429",
"url": "https://bugzilla.suse.com/1197429"
},
{
"category": "self",
"summary": "SUSE Bug 1197507",
"url": "https://bugzilla.suse.com/1197507"
},
{
"category": "self",
"summary": "SUSE Bug 1198191",
"url": "https://bugzilla.suse.com/1198191"
},
{
"category": "self",
"summary": "SUSE Bug 1198356",
"url": "https://bugzilla.suse.com/1198356"
},
{
"category": "self",
"summary": "SUSE Bug 1198358",
"url": "https://bugzilla.suse.com/1198358"
},
{
"category": "self",
"summary": "SUSE Bug 1198429",
"url": "https://bugzilla.suse.com/1198429"
},
{
"category": "self",
"summary": "SUSE Bug 1198646",
"url": "https://bugzilla.suse.com/1198646"
},
{
"category": "self",
"summary": "SUSE Bug 1198686",
"url": "https://bugzilla.suse.com/1198686"
},
{
"category": "self",
"summary": "SUSE Bug 1198914",
"url": "https://bugzilla.suse.com/1198914"
},
{
"category": "self",
"summary": "SUSE Bug 1198944",
"url": "https://bugzilla.suse.com/1198944"
},
{
"category": "self",
"summary": "SUSE Bug 1198999",
"url": "https://bugzilla.suse.com/1198999"
},
{
"category": "self",
"summary": "SUSE Bug 1199019",
"url": "https://bugzilla.suse.com/1199019"
},
{
"category": "self",
"summary": "SUSE Bug 1199036",
"url": "https://bugzilla.suse.com/1199036"
},
{
"category": "self",
"summary": "SUSE Bug 1199049",
"url": "https://bugzilla.suse.com/1199049"
},
{
"category": "self",
"summary": "SUSE Bug 1199401",
"url": "https://bugzilla.suse.com/1199401"
},
{
"category": "self",
"summary": "SUSE Bug 1199438",
"url": "https://bugzilla.suse.com/1199438"
},
{
"category": "self",
"summary": "SUSE Bug 1199466",
"url": "https://bugzilla.suse.com/1199466"
},
{
"category": "self",
"summary": "SUSE Bug 1199523",
"url": "https://bugzilla.suse.com/1199523"
},
{
"category": "self",
"summary": "SUSE Bug 1199528",
"url": "https://bugzilla.suse.com/1199528"
},
{
"category": "self",
"summary": "SUSE Bug 1199577",
"url": "https://bugzilla.suse.com/1199577"
},
{
"category": "self",
"summary": "SUSE Bug 1199596",
"url": "https://bugzilla.suse.com/1199596"
},
{
"category": "self",
"summary": "SUSE Bug 1199629",
"url": "https://bugzilla.suse.com/1199629"
},
{
"category": "self",
"summary": "SUSE Bug 1199646",
"url": "https://bugzilla.suse.com/1199646"
},
{
"category": "self",
"summary": "SUSE Bug 1199656",
"url": "https://bugzilla.suse.com/1199656"
},
{
"category": "self",
"summary": "SUSE Bug 1199677",
"url": "https://bugzilla.suse.com/1199677"
},
{
"category": "self",
"summary": "SUSE Bug 1199679",
"url": "https://bugzilla.suse.com/1199679"
},
{
"category": "self",
"summary": "SUSE Bug 1199727",
"url": "https://bugzilla.suse.com/1199727"
},
{
"category": "self",
"summary": "SUSE Bug 1199874",
"url": "https://bugzilla.suse.com/1199874"
},
{
"category": "self",
"summary": "SUSE Bug 1199888",
"url": "https://bugzilla.suse.com/1199888"
},
{
"category": "self",
"summary": "SUSE Bug 1200087",
"url": "https://bugzilla.suse.com/1200087"
},
{
"category": "self",
"summary": "SUSE Bug 1200703",
"url": "https://bugzilla.suse.com/1200703"
},
{
"category": "self",
"summary": "SUSE Bug 1200707",
"url": "https://bugzilla.suse.com/1200707"
},
{
"category": "self",
"summary": "SUSE Bug 1200863",
"url": "https://bugzilla.suse.com/1200863"
},
{
"category": "self",
"summary": "SUSE Bug 1201782",
"url": "https://bugzilla.suse.com/1201782"
},
{
"category": "self",
"summary": "SUSE Bug 1201842",
"url": "https://bugzilla.suse.com/1201842"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-31248 page",
"url": "https://www.suse.com/security/cve/CVE-2022-31248/"
}
],
"title": "Important update for SUSE Manager 4.2.8 Release Notes",
"tracking": {
"current_release_date": "2022-07-27T13:42:03Z",
"generator": {
"date": "2022-07-27T13:42:03Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:2567-1",
"initial_release_date": "2022-07-27T13:42:03Z",
"revision_history": [
{
"date": "2022-07-27T13:42:03Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "release-notes-susemanager-4.2.8-150300.3.51.2.aarch64",
"product": {
"name": "release-notes-susemanager-4.2.8-150300.3.51.2.aarch64",
"product_id": "release-notes-susemanager-4.2.8-150300.3.51.2.aarch64"
}
},
{
"category": "product_version",
"name": "release-notes-susemanager-proxy-4.2.8-150300.3.40.2.aarch64",
"product": {
"name": "release-notes-susemanager-proxy-4.2.8-150300.3.40.2.aarch64",
"product_id": "release-notes-susemanager-proxy-4.2.8-150300.3.40.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "release-notes-susemanager-4.2.8-150300.3.51.2.i586",
"product": {
"name": "release-notes-susemanager-4.2.8-150300.3.51.2.i586",
"product_id": "release-notes-susemanager-4.2.8-150300.3.51.2.i586"
}
},
{
"category": "product_version",
"name": "release-notes-susemanager-proxy-4.2.8-150300.3.40.2.i586",
"product": {
"name": "release-notes-susemanager-proxy-4.2.8-150300.3.40.2.i586",
"product_id": "release-notes-susemanager-proxy-4.2.8-150300.3.40.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "release-notes-susemanager-4.2.8-150300.3.51.2.ppc64le",
"product": {
"name": "release-notes-susemanager-4.2.8-150300.3.51.2.ppc64le",
"product_id": "release-notes-susemanager-4.2.8-150300.3.51.2.ppc64le"
}
},
{
"category": "product_version",
"name": "release-notes-susemanager-proxy-4.2.8-150300.3.40.2.ppc64le",
"product": {
"name": "release-notes-susemanager-proxy-4.2.8-150300.3.40.2.ppc64le",
"product_id": "release-notes-susemanager-proxy-4.2.8-150300.3.40.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "release-notes-susemanager-4.2.8-150300.3.51.2.s390x",
"product": {
"name": "release-notes-susemanager-4.2.8-150300.3.51.2.s390x",
"product_id": "release-notes-susemanager-4.2.8-150300.3.51.2.s390x"
}
},
{
"category": "product_version",
"name": "release-notes-susemanager-proxy-4.2.8-150300.3.40.2.s390x",
"product": {
"name": "release-notes-susemanager-proxy-4.2.8-150300.3.40.2.s390x",
"product_id": "release-notes-susemanager-proxy-4.2.8-150300.3.40.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "release-notes-susemanager-4.2.8-150300.3.51.2.x86_64",
"product": {
"name": "release-notes-susemanager-4.2.8-150300.3.51.2.x86_64",
"product_id": "release-notes-susemanager-4.2.8-150300.3.51.2.x86_64"
}
},
{
"category": "product_version",
"name": "release-notes-susemanager-proxy-4.2.8-150300.3.40.2.x86_64",
"product": {
"name": "release-notes-susemanager-proxy-4.2.8-150300.3.40.2.x86_64",
"product_id": "release-notes-susemanager-proxy-4.2.8-150300.3.40.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.2",
"product": {
"name": "SUSE Manager Proxy 4.2",
"product_id": "SUSE Manager Proxy 4.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Retail Branch Server 4.2",
"product": {
"name": "SUSE Manager Retail Branch Server 4.2",
"product_id": "SUSE Manager Retail Branch Server 4.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-retail-branch-server:4.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.2",
"product": {
"name": "SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-susemanager-proxy-4.2.8-150300.3.40.2.x86_64 as component of SUSE Manager Proxy 4.2",
"product_id": "SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.8-150300.3.40.2.x86_64"
},
"product_reference": "release-notes-susemanager-proxy-4.2.8-150300.3.40.2.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-susemanager-proxy-4.2.8-150300.3.40.2.x86_64 as component of SUSE Manager Retail Branch Server 4.2",
"product_id": "SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.8-150300.3.40.2.x86_64"
},
"product_reference": "release-notes-susemanager-proxy-4.2.8-150300.3.40.2.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-susemanager-4.2.8-150300.3.51.2.ppc64le as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:release-notes-susemanager-4.2.8-150300.3.51.2.ppc64le"
},
"product_reference": "release-notes-susemanager-4.2.8-150300.3.51.2.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-susemanager-4.2.8-150300.3.51.2.s390x as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:release-notes-susemanager-4.2.8-150300.3.51.2.s390x"
},
"product_reference": "release-notes-susemanager-4.2.8-150300.3.51.2.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-susemanager-4.2.8-150300.3.51.2.x86_64 as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:release-notes-susemanager-4.2.8-150300.3.51.2.x86_64"
},
"product_reference": "release-notes-susemanager-4.2.8-150300.3.51.2.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-31248",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-31248"
}
],
"notes": [
{
"category": "general",
"text": "A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37-1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.8-150300.3.40.2.x86_64",
"SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.8-150300.3.40.2.x86_64",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.8-150300.3.51.2.ppc64le",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.8-150300.3.51.2.s390x",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.8-150300.3.51.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-31248",
"url": "https://www.suse.com/security/cve/CVE-2022-31248"
},
{
"category": "external",
"summary": "SUSE Bug 1199629 for CVE-2022-31248",
"url": "https://bugzilla.suse.com/1199629"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.8-150300.3.40.2.x86_64",
"SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.8-150300.3.40.2.x86_64",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.8-150300.3.51.2.ppc64le",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.8-150300.3.51.2.s390x",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.8-150300.3.51.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.8-150300.3.40.2.x86_64",
"SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.8-150300.3.40.2.x86_64",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.8-150300.3.51.2.ppc64le",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.8-150300.3.51.2.s390x",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.8-150300.3.51.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-27T13:42:03Z",
"details": "moderate"
}
],
"title": "CVE-2022-31248"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…