suse-su-2023:0373-1
Vulnerability from csaf_suse
Published
2023-02-10 14:19
Modified
2023-02-10 14:19
Summary
Security update for SUSE Manager Server 4.3

Notes

Title of the patch
Security update for SUSE Manager Server 4.3
Description of the patch
This update fixes the following issues: release-notes-susemanager: - Update to SUSE Manager 4.3.4 * SUSE Liberty Linux 9 support as client * SUSE Linux Enterprise Micro support as client * Indications for systems requiring reboot or with a scheduled reboot * Notification messages via email * Grafana update to 8.5.15 * Subscription warning notification * Changelogs at repositories metadata has been limited the last 20 entries * Drop legacy way to prevent disabling local repositories * CVEs fixed CVE-2022-1415 * Bugs mentioned bsc#1172110, bsc#1195979, bsc#1200801, bsc#1202150, bsc#1203478 bsc#1203532, bsc#1203826, bsc#1204032, bsc#1204126, bsc#1204186 bsc#1204235, bsc#1204270, bsc#1204330, bsc#1204712, bsc#1204715 bsc#1204879, bsc#1204932, bsc#1205012, bsc#1205040, bsc#1205207 bsc#1205255, bsc#1205350, bsc#1205489, bsc#1205523, bsc#1205644 bsc#1205663, bsc#1205749, bsc#1205754, bsc#1205890, bsc#1205919 bsc#1205943, bsc#1206055, bsc#1206160, bsc#1206168, bsc#1206186 bsc#1206249, bsc#1206276, bsc#1206294, bsc#1206336, bsc#1206375 bsc#1206470, bsc#1206613, bsc#1206666, bsc#1206799, bsc#1207136
Patchnames
SUSE-2023-373,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2023-373
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).


To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for SUSE Manager Server 4.3",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThis update fixes the following issues:\n\nrelease-notes-susemanager:\n\n- Update to SUSE Manager 4.3.4\n  * SUSE Liberty Linux 9 support as client\n  * SUSE Linux Enterprise Micro support as client\n  * Indications for systems requiring reboot or with a scheduled reboot\n  * Notification messages via email\n  * Grafana update to 8.5.15\n  * Subscription warning notification\n  * Changelogs at repositories metadata has been limited the last 20 entries\n  * Drop legacy way to prevent disabling local repositories\n  * CVEs fixed\n    CVE-2022-1415\n  * Bugs mentioned\n    bsc#1172110, bsc#1195979, bsc#1200801, bsc#1202150, bsc#1203478 \n    bsc#1203532, bsc#1203826, bsc#1204032, bsc#1204126, bsc#1204186\n    bsc#1204235, bsc#1204270, bsc#1204330, bsc#1204712, bsc#1204715\n    bsc#1204879, bsc#1204932, bsc#1205012, bsc#1205040, bsc#1205207\n    bsc#1205255, bsc#1205350, bsc#1205489, bsc#1205523, bsc#1205644\n    bsc#1205663, bsc#1205749, bsc#1205754, bsc#1205890, bsc#1205919\n    bsc#1205943, bsc#1206055, bsc#1206160, bsc#1206168, bsc#1206186\n    bsc#1206249, bsc#1206276, bsc#1206294, bsc#1206336, bsc#1206375\n    bsc#1206470, bsc#1206613, bsc#1206666, bsc#1206799, bsc#1207136\n\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2023-373,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2023-373",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_0373-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2023:0373-1",
        "url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230373-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2023:0373-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-February/013728.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1172110",
        "url": "https://bugzilla.suse.com/1172110"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1195979",
        "url": "https://bugzilla.suse.com/1195979"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1200801",
        "url": "https://bugzilla.suse.com/1200801"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1202150",
        "url": "https://bugzilla.suse.com/1202150"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203478",
        "url": "https://bugzilla.suse.com/1203478"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203532",
        "url": "https://bugzilla.suse.com/1203532"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203826",
        "url": "https://bugzilla.suse.com/1203826"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1204032",
        "url": "https://bugzilla.suse.com/1204032"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1204126",
        "url": "https://bugzilla.suse.com/1204126"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1204186",
        "url": "https://bugzilla.suse.com/1204186"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1204235",
        "url": "https://bugzilla.suse.com/1204235"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1204270",
        "url": "https://bugzilla.suse.com/1204270"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1204330",
        "url": "https://bugzilla.suse.com/1204330"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1204712",
        "url": "https://bugzilla.suse.com/1204712"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1204715",
        "url": "https://bugzilla.suse.com/1204715"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1204879",
        "url": "https://bugzilla.suse.com/1204879"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1204932",
        "url": "https://bugzilla.suse.com/1204932"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1205012",
        "url": "https://bugzilla.suse.com/1205012"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1205040",
        "url": "https://bugzilla.suse.com/1205040"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1205207",
        "url": "https://bugzilla.suse.com/1205207"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1205255",
        "url": "https://bugzilla.suse.com/1205255"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1205350",
        "url": "https://bugzilla.suse.com/1205350"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1205489",
        "url": "https://bugzilla.suse.com/1205489"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1205523",
        "url": "https://bugzilla.suse.com/1205523"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1205644",
        "url": "https://bugzilla.suse.com/1205644"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1205663",
        "url": "https://bugzilla.suse.com/1205663"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1205749",
        "url": "https://bugzilla.suse.com/1205749"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1205754",
        "url": "https://bugzilla.suse.com/1205754"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1205890",
        "url": "https://bugzilla.suse.com/1205890"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1205919",
        "url": "https://bugzilla.suse.com/1205919"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1205943",
        "url": "https://bugzilla.suse.com/1205943"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1206055",
        "url": "https://bugzilla.suse.com/1206055"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1206160",
        "url": "https://bugzilla.suse.com/1206160"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1206168",
        "url": "https://bugzilla.suse.com/1206168"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1206186",
        "url": "https://bugzilla.suse.com/1206186"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1206249",
        "url": "https://bugzilla.suse.com/1206249"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1206276",
        "url": "https://bugzilla.suse.com/1206276"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1206294",
        "url": "https://bugzilla.suse.com/1206294"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1206336",
        "url": "https://bugzilla.suse.com/1206336"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1206375",
        "url": "https://bugzilla.suse.com/1206375"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1206470",
        "url": "https://bugzilla.suse.com/1206470"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1206613",
        "url": "https://bugzilla.suse.com/1206613"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1206666",
        "url": "https://bugzilla.suse.com/1206666"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1206799",
        "url": "https://bugzilla.suse.com/1206799"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1207136",
        "url": "https://bugzilla.suse.com/1207136"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-1415 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-1415/"
      }
    ],
    "title": "Security update for SUSE Manager Server 4.3",
    "tracking": {
      "current_release_date": "2023-02-10T14:19:35Z",
      "generator": {
        "date": "2023-02-10T14:19:35Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2023:0373-1",
      "initial_release_date": "2023-02-10T14:19:35Z",
      "revision_history": [
        {
          "date": "2023-02-10T14:19:35Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "release-notes-susemanager-4.3.4-150400.3.43.1.aarch64",
                "product": {
                  "name": "release-notes-susemanager-4.3.4-150400.3.43.1.aarch64",
                  "product_id": "release-notes-susemanager-4.3.4-150400.3.43.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "release-notes-susemanager-proxy-4.3.4-150400.3.43.1.aarch64",
                "product": {
                  "name": "release-notes-susemanager-proxy-4.3.4-150400.3.43.1.aarch64",
                  "product_id": "release-notes-susemanager-proxy-4.3.4-150400.3.43.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "release-notes-susemanager-4.3.4-150400.3.43.1.i586",
                "product": {
                  "name": "release-notes-susemanager-4.3.4-150400.3.43.1.i586",
                  "product_id": "release-notes-susemanager-4.3.4-150400.3.43.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "release-notes-susemanager-proxy-4.3.4-150400.3.43.1.i586",
                "product": {
                  "name": "release-notes-susemanager-proxy-4.3.4-150400.3.43.1.i586",
                  "product_id": "release-notes-susemanager-proxy-4.3.4-150400.3.43.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "release-notes-susemanager-4.3.4-150400.3.43.1.ppc64le",
                "product": {
                  "name": "release-notes-susemanager-4.3.4-150400.3.43.1.ppc64le",
                  "product_id": "release-notes-susemanager-4.3.4-150400.3.43.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "release-notes-susemanager-proxy-4.3.4-150400.3.43.1.ppc64le",
                "product": {
                  "name": "release-notes-susemanager-proxy-4.3.4-150400.3.43.1.ppc64le",
                  "product_id": "release-notes-susemanager-proxy-4.3.4-150400.3.43.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "release-notes-susemanager-4.3.4-150400.3.43.1.s390x",
                "product": {
                  "name": "release-notes-susemanager-4.3.4-150400.3.43.1.s390x",
                  "product_id": "release-notes-susemanager-4.3.4-150400.3.43.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "release-notes-susemanager-proxy-4.3.4-150400.3.43.1.s390x",
                "product": {
                  "name": "release-notes-susemanager-proxy-4.3.4-150400.3.43.1.s390x",
                  "product_id": "release-notes-susemanager-proxy-4.3.4-150400.3.43.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "release-notes-susemanager-4.3.4-150400.3.43.1.x86_64",
                "product": {
                  "name": "release-notes-susemanager-4.3.4-150400.3.43.1.x86_64",
                  "product_id": "release-notes-susemanager-4.3.4-150400.3.43.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "release-notes-susemanager-proxy-4.3.4-150400.3.43.1.x86_64",
                "product": {
                  "name": "release-notes-susemanager-proxy-4.3.4-150400.3.43.1.x86_64",
                  "product_id": "release-notes-susemanager-proxy-4.3.4-150400.3.43.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Manager Server 4.3",
                "product": {
                  "name": "SUSE Manager Server 4.3",
                  "product_id": "SUSE Manager Server 4.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-manager-server:4.3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "release-notes-susemanager-4.3.4-150400.3.43.1.ppc64le as component of SUSE Manager Server 4.3",
          "product_id": "SUSE Manager Server 4.3:release-notes-susemanager-4.3.4-150400.3.43.1.ppc64le"
        },
        "product_reference": "release-notes-susemanager-4.3.4-150400.3.43.1.ppc64le",
        "relates_to_product_reference": "SUSE Manager Server 4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "release-notes-susemanager-4.3.4-150400.3.43.1.s390x as component of SUSE Manager Server 4.3",
          "product_id": "SUSE Manager Server 4.3:release-notes-susemanager-4.3.4-150400.3.43.1.s390x"
        },
        "product_reference": "release-notes-susemanager-4.3.4-150400.3.43.1.s390x",
        "relates_to_product_reference": "SUSE Manager Server 4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "release-notes-susemanager-4.3.4-150400.3.43.1.x86_64 as component of SUSE Manager Server 4.3",
          "product_id": "SUSE Manager Server 4.3:release-notes-susemanager-4.3.4-150400.3.43.1.x86_64"
        },
        "product_reference": "release-notes-susemanager-4.3.4-150400.3.43.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Server 4.3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-1415",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-1415"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Manager Server 4.3:release-notes-susemanager-4.3.4-150400.3.43.1.ppc64le",
          "SUSE Manager Server 4.3:release-notes-susemanager-4.3.4-150400.3.43.1.s390x",
          "SUSE Manager Server 4.3:release-notes-susemanager-4.3.4-150400.3.43.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-1415",
          "url": "https://www.suse.com/security/cve/CVE-2022-1415"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204879 for CVE-2022-1415",
          "url": "https://bugzilla.suse.com/1204879"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.4-150400.3.43.1.ppc64le",
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.4-150400.3.43.1.s390x",
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.4-150400.3.43.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.4-150400.3.43.1.ppc64le",
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.4-150400.3.43.1.s390x",
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.4-150400.3.43.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-02-10T14:19:35Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-1415"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.