suse-su-2024:0513-1
Vulnerability from csaf_suse
Published
2024-02-15 13:43
Modified
2024-02-15 13:43
Summary
Security update for SUSE Manager Server 4.3
Notes
Title of the patch
Security update for SUSE Manager Server 4.3
Description of the patch
This update fixes the following issues:
release-notes-susemanager:
- Update to SUSE Manager 4.3.11
* Migrate from RHEL and its clones to SUSE Liberty Linux
* Reboot required indication for non-SUSE distributions
* SSH key rotation for enhanced security
* Configure remote command execution
* End of Debian 10 support
* CVEs fixed:
CVE-2023-32189, CVE-2024-22231, CVE-2024-22232
* Bugs mentioned:
bsc#1170848, bsc#1210911, bsc#1211254, bsc#1211560, bsc#1211912
bsc#1213079, bsc#1213507, bsc#1213738, bsc#1213981, bsc#1214077
bsc#1214791, bsc#1215166, bsc#1215514, bsc#1215769, bsc#1215810
bsc#1215813, bsc#1215982, bsc#1216114, bsc#1216394, bsc#1216437
bsc#1216550, bsc#1216657, bsc#1216753, bsc#1216781, bsc#1216988
bsc#1217069, bsc#1217209, bsc#1217588, bsc#1217784, bsc#1217869
bsc#1218019, bsc#1218074, bsc#1218075, bsc#1218089, bsc#1218094
bsc#1218490, bsc#1218615, bsc#1218669, bsc#1218849, bsc#1219577
bsc#1219850, bsc#1218146
Patchnames
SUSE-2024-513,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-513,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-513
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SUSE Manager Server 4.3",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update fixes the following issues:\n\nrelease-notes-susemanager:\n\n- Update to SUSE Manager 4.3.11\n * Migrate from RHEL and its clones to SUSE Liberty Linux\n * Reboot required indication for non-SUSE distributions\n * SSH key rotation for enhanced security\n * Configure remote command execution\n * End of Debian 10 support\n * CVEs fixed: \n CVE-2023-32189, CVE-2024-22231, CVE-2024-22232\n * Bugs mentioned: \n bsc#1170848, bsc#1210911, bsc#1211254, bsc#1211560, bsc#1211912\n bsc#1213079, bsc#1213507, bsc#1213738, bsc#1213981, bsc#1214077\n bsc#1214791, bsc#1215166, bsc#1215514, bsc#1215769, bsc#1215810\n bsc#1215813, bsc#1215982, bsc#1216114, bsc#1216394, bsc#1216437\n bsc#1216550, bsc#1216657, bsc#1216753, bsc#1216781, bsc#1216988\n bsc#1217069, bsc#1217209, bsc#1217588, bsc#1217784, bsc#1217869\n bsc#1218019, bsc#1218074, bsc#1218075, bsc#1218089, bsc#1218094\n bsc#1218490, bsc#1218615, bsc#1218669, bsc#1218849, bsc#1219577\n bsc#1219850, bsc#1218146\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-513,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-513,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-513",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_0513-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:0513-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20240513-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:0513-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017924.html"
},
{
"category": "self",
"summary": "SUSE Bug 1170848",
"url": "https://bugzilla.suse.com/1170848"
},
{
"category": "self",
"summary": "SUSE Bug 1210911",
"url": "https://bugzilla.suse.com/1210911"
},
{
"category": "self",
"summary": "SUSE Bug 1211254",
"url": "https://bugzilla.suse.com/1211254"
},
{
"category": "self",
"summary": "SUSE Bug 1211560",
"url": "https://bugzilla.suse.com/1211560"
},
{
"category": "self",
"summary": "SUSE Bug 1211912",
"url": "https://bugzilla.suse.com/1211912"
},
{
"category": "self",
"summary": "SUSE Bug 1213079",
"url": "https://bugzilla.suse.com/1213079"
},
{
"category": "self",
"summary": "SUSE Bug 1213507",
"url": "https://bugzilla.suse.com/1213507"
},
{
"category": "self",
"summary": "SUSE Bug 1213738",
"url": "https://bugzilla.suse.com/1213738"
},
{
"category": "self",
"summary": "SUSE Bug 1213981",
"url": "https://bugzilla.suse.com/1213981"
},
{
"category": "self",
"summary": "SUSE Bug 1214077",
"url": "https://bugzilla.suse.com/1214077"
},
{
"category": "self",
"summary": "SUSE Bug 1214791",
"url": "https://bugzilla.suse.com/1214791"
},
{
"category": "self",
"summary": "SUSE Bug 1215166",
"url": "https://bugzilla.suse.com/1215166"
},
{
"category": "self",
"summary": "SUSE Bug 1215514",
"url": "https://bugzilla.suse.com/1215514"
},
{
"category": "self",
"summary": "SUSE Bug 1215769",
"url": "https://bugzilla.suse.com/1215769"
},
{
"category": "self",
"summary": "SUSE Bug 1215810",
"url": "https://bugzilla.suse.com/1215810"
},
{
"category": "self",
"summary": "SUSE Bug 1215813",
"url": "https://bugzilla.suse.com/1215813"
},
{
"category": "self",
"summary": "SUSE Bug 1215982",
"url": "https://bugzilla.suse.com/1215982"
},
{
"category": "self",
"summary": "SUSE Bug 1216114",
"url": "https://bugzilla.suse.com/1216114"
},
{
"category": "self",
"summary": "SUSE Bug 1216394",
"url": "https://bugzilla.suse.com/1216394"
},
{
"category": "self",
"summary": "SUSE Bug 1216437",
"url": "https://bugzilla.suse.com/1216437"
},
{
"category": "self",
"summary": "SUSE Bug 1216550",
"url": "https://bugzilla.suse.com/1216550"
},
{
"category": "self",
"summary": "SUSE Bug 1216657",
"url": "https://bugzilla.suse.com/1216657"
},
{
"category": "self",
"summary": "SUSE Bug 1216753",
"url": "https://bugzilla.suse.com/1216753"
},
{
"category": "self",
"summary": "SUSE Bug 1216781",
"url": "https://bugzilla.suse.com/1216781"
},
{
"category": "self",
"summary": "SUSE Bug 1216988",
"url": "https://bugzilla.suse.com/1216988"
},
{
"category": "self",
"summary": "SUSE Bug 1217069",
"url": "https://bugzilla.suse.com/1217069"
},
{
"category": "self",
"summary": "SUSE Bug 1217209",
"url": "https://bugzilla.suse.com/1217209"
},
{
"category": "self",
"summary": "SUSE Bug 1217588",
"url": "https://bugzilla.suse.com/1217588"
},
{
"category": "self",
"summary": "SUSE Bug 1217784",
"url": "https://bugzilla.suse.com/1217784"
},
{
"category": "self",
"summary": "SUSE Bug 1217869",
"url": "https://bugzilla.suse.com/1217869"
},
{
"category": "self",
"summary": "SUSE Bug 1218019",
"url": "https://bugzilla.suse.com/1218019"
},
{
"category": "self",
"summary": "SUSE Bug 1218074",
"url": "https://bugzilla.suse.com/1218074"
},
{
"category": "self",
"summary": "SUSE Bug 1218075",
"url": "https://bugzilla.suse.com/1218075"
},
{
"category": "self",
"summary": "SUSE Bug 1218089",
"url": "https://bugzilla.suse.com/1218089"
},
{
"category": "self",
"summary": "SUSE Bug 1218094",
"url": "https://bugzilla.suse.com/1218094"
},
{
"category": "self",
"summary": "SUSE Bug 1218146",
"url": "https://bugzilla.suse.com/1218146"
},
{
"category": "self",
"summary": "SUSE Bug 1218490",
"url": "https://bugzilla.suse.com/1218490"
},
{
"category": "self",
"summary": "SUSE Bug 1218615",
"url": "https://bugzilla.suse.com/1218615"
},
{
"category": "self",
"summary": "SUSE Bug 1218669",
"url": "https://bugzilla.suse.com/1218669"
},
{
"category": "self",
"summary": "SUSE Bug 1218849",
"url": "https://bugzilla.suse.com/1218849"
},
{
"category": "self",
"summary": "SUSE Bug 1219577",
"url": "https://bugzilla.suse.com/1219577"
},
{
"category": "self",
"summary": "SUSE Bug 1219850",
"url": "https://bugzilla.suse.com/1219850"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-32189 page",
"url": "https://www.suse.com/security/cve/CVE-2023-32189/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-22231 page",
"url": "https://www.suse.com/security/cve/CVE-2024-22231/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-22232 page",
"url": "https://www.suse.com/security/cve/CVE-2024-22232/"
}
],
"title": "Security update for SUSE Manager Server 4.3",
"tracking": {
"current_release_date": "2024-02-15T13:43:22Z",
"generator": {
"date": "2024-02-15T13:43:22Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:0513-1",
"initial_release_date": "2024-02-15T13:43:22Z",
"revision_history": [
{
"date": "2024-02-15T13:43:22Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "release-notes-susemanager-4.3.11-150400.3.100.1.noarch",
"product": {
"name": "release-notes-susemanager-4.3.11-150400.3.100.1.noarch",
"product_id": "release-notes-susemanager-4.3.11-150400.3.100.1.noarch"
}
},
{
"category": "product_version",
"name": "release-notes-susemanager-proxy-4.3.11-150400.3.79.1.noarch",
"product": {
"name": "release-notes-susemanager-proxy-4.3.11-150400.3.79.1.noarch",
"product_id": "release-notes-susemanager-proxy-4.3.11-150400.3.79.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.3",
"product": {
"name": "SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-susemanager-proxy-4.3.11-150400.3.79.1.noarch as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.11-150400.3.79.1.noarch"
},
"product_reference": "release-notes-susemanager-proxy-4.3.11-150400.3.79.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-susemanager-4.3.11-150400.3.100.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:release-notes-susemanager-4.3.11-150400.3.100.1.noarch"
},
"product_reference": "release-notes-susemanager-4.3.11-150400.3.100.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-32189",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-32189"
}
],
"notes": [
{
"category": "general",
"text": "Insecure handling of ssh keys used to bootstrap clients allows local attackers to potentially gain access to the keys",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.11-150400.3.79.1.noarch",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.11-150400.3.100.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-32189",
"url": "https://www.suse.com/security/cve/CVE-2023-32189"
},
{
"category": "external",
"summary": "SUSE Bug 1170848 for CVE-2023-32189",
"url": "https://bugzilla.suse.com/1170848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.11-150400.3.79.1.noarch",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.11-150400.3.100.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.11-150400.3.79.1.noarch",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.11-150400.3.100.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-02-15T13:43:22Z",
"details": "moderate"
}
],
"title": "CVE-2023-32189"
},
{
"cve": "CVE-2024-22231",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-22231"
}
],
"notes": [
{
"category": "general",
"text": "Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.11-150400.3.79.1.noarch",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.11-150400.3.100.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-22231",
"url": "https://www.suse.com/security/cve/CVE-2024-22231"
},
{
"category": "external",
"summary": "SUSE Bug 1219430 for CVE-2024-22231",
"url": "https://bugzilla.suse.com/1219430"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.11-150400.3.79.1.noarch",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.11-150400.3.100.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.11-150400.3.79.1.noarch",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.11-150400.3.100.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-02-15T13:43:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-22231"
},
{
"cve": "CVE-2024-22232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-22232"
}
],
"notes": [
{
"category": "general",
"text": "A specially crafted url can be created which leads to a directory traversal in the salt file server.\nA malicious user can read an arbitrary file from a Salt master\u0027s filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.11-150400.3.79.1.noarch",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.11-150400.3.100.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-22232",
"url": "https://www.suse.com/security/cve/CVE-2024-22232"
},
{
"category": "external",
"summary": "SUSE Bug 1219431 for CVE-2024-22232",
"url": "https://bugzilla.suse.com/1219431"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.11-150400.3.79.1.noarch",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.11-150400.3.100.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.11-150400.3.79.1.noarch",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.11-150400.3.100.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-02-15T13:43:22Z",
"details": "important"
}
],
"title": "CVE-2024-22232"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…