suse-su-2024:3266-1
Vulnerability from csaf_suse
Published
2024-09-17 07:42
Modified
2024-09-17 07:42
Summary
Security update for SUSE Manager Client Tools
Notes
Title of the patch
Security update for SUSE Manager Client Tools
Description of the patch
This update fixes the following issues:
golang-github-prometheus-prometheus:
- Security issues fixed:
* CVE-2024-6104: Update go-retryablehttp to version 0.7.7 (bsc#1227038)
* CVE-2023-45142: Updated otelhttp to version 0.46.1 (bsc#1228556)
- Require Go > 1.20 for building
- Migrate from `disabled` to `manual` service mode
- Update to 2.45.6 (jsc#PED-3577):
* Security fixes in dependencies
- Update to 2.45.5:
* [BUGFIX] tsdb/agent: ensure that new series get written to WAL
on rollback.
* [BUGFIX] Remote write: Avoid a race condition when applying
configuration.
- Update to 2.45.4:
* [BUGFIX] Remote read: Release querier resources before encoding
the results.
- Update to 2.45.3:
* [BUGFIX] TSDB: Remove double memory snapshot on shutdown.
- Update to 2.45.2:
* [BUGFIX] TSDB: Fix PostingsForMatchers race with creating new
series.
- Update to 2.45.1:
* [ENHANCEMENT] Hetzner SD: Support larger ID's that will be used
by Hetzner in September.
* [BUGFIX] Linode SD: Cast InstanceSpec values to int64 to avoid
overflows on 386 architecture.
* [BUGFIX] TSDB: Handle TOC parsing failures.
rhnlib:
- Version 5.0.4-0
* Add the old TLS code for very old traditional clients still on
python 2.7 (bsc#1228198)
spacecmd:
- Version 5.0.9-0
* Update translation strings
uyuni-tools:
- Version 0.1.21-0
* mgrpxy: Fix typo on Systemd template
- Version 0.1.20-0
* Update the push tag to 5.0.1
* mgrpxy: expose port on IPv6 network (bsc#1227951)
- Version 0.1.19-0
* Skip updating Tomcat remote debug if conf file is not present
- Version 0.1.18-0
* Setup Confidential Computing container during migration
(bsc#1227588)
* Add the /etc/uyuni/uyuni-tools.yaml path to the config help
* Split systemd config files to not loose configuration at upgrade
(bsc#1227718)
* Use the same logic for image computation in mgradm and mgrpxy
(bsc#1228026)
* Allow building with different Helm and container default
registry paths (bsc#1226191)
* Fix recursion in mgradm upgrade podman list --help
* Setup hub xmlrpc API service in migration to Podman (bsc#1227588)
* Setup disabled hub xmlrpc API service in all cases (bsc#1227584)
* Clean the inspection code to make it faster
* Properly detect IPv6 enabled on Podman network (bsc#1224349)
* Fix the log file path generation
* Write scripts output to uyuni-tools.log file
* Add uyuni-hubxml-rpc to the list of values in
mgradm scale --help
* Use path in mgradm support sql file input (bsc#1227505)
* On Ubuntu build with go1.21 instead of go1.20
* Enforce Cobbler setup (bsc#1226847)
* Expose port on IPv6 network (bsc#1227951)
* show output of podman image search --list-tags command
* Implement mgrpxy support config command
* During migration, ignore /etc/sysconfig/tomcat and
/etc/tomcat/tomcat.conf (bsc#1228183)
* During migration, remove java.annotation,com.sun.xml.bind and
UseConcMarkSweepGC settings
* Disable node exporter port for Kubernetes
* Fix start, stop and restart in Kubernetes
* Increase start timeout in Kubernetes
* Fix traefik query
* Fix password entry usability (bsc#1226437)
* Add --prepare option to migrate command
* Fix random error during installation of CA certificate
(bsc#1227245)
* Clarify and fix distro name guessing when not provided
(bsc#1226284)
* Replace not working Fatal error by plain error return
(bsc#1220136)
* Allow server installation with preexisting storage volumes
* Do not report error when purging mounted volume (bsc#1225349)
* Preserve PAGER settings from the host for interactive sql
usage (bsc#1226914)
* Add mgrpxy command to clear the Squid cache
* Use local images for Confidential Computing and
Hub containers (bsc#1227586)
- Version 0.1.17-0
* Allow GPG files to be loaded from the local file (bsc#1227195)
- Version 0.1.16-0
* Prefer local images in all migration steps (bsc#1227244)
- Version 0.1.15-0
* Define --registry flag behaviour (bsc#1226793)
- Version 0.1.14-0
* Do not rely on hardcoded registry, remove any FQDN
- Version 0.1.13-0
* Fix mgradm support config tarball creation (bsc#1226759)
- Version 0.1.12-0
* Detection of k8s on Proxy was wrongly influenced by Server
setting
Patchnames
SUSE-2024-3266,SUSE-SLE-Manager-Tools-12-2024-3266
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SUSE Manager Client Tools",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update fixes the following issues:\n\ngolang-github-prometheus-prometheus:\n\n- Security issues fixed:\n\n * CVE-2024-6104: Update go-retryablehttp to version 0.7.7 (bsc#1227038)\n * CVE-2023-45142: Updated otelhttp to version 0.46.1 (bsc#1228556)\n\n- Require Go \u003e 1.20 for building\n- Migrate from `disabled` to `manual` service mode\n- Update to 2.45.6 (jsc#PED-3577):\n * Security fixes in dependencies\n- Update to 2.45.5:\n * [BUGFIX] tsdb/agent: ensure that new series get written to WAL\n on rollback.\n * [BUGFIX] Remote write: Avoid a race condition when applying\n configuration.\n- Update to 2.45.4:\n * [BUGFIX] Remote read: Release querier resources before encoding\n the results.\n- Update to 2.45.3:\n * [BUGFIX] TSDB: Remove double memory snapshot on shutdown.\n- Update to 2.45.2:\n * [BUGFIX] TSDB: Fix PostingsForMatchers race with creating new\n series.\n- Update to 2.45.1:\n * [ENHANCEMENT] Hetzner SD: Support larger ID\u0027s that will be used\n by Hetzner in September.\n * [BUGFIX] Linode SD: Cast InstanceSpec values to int64 to avoid\n overflows on 386 architecture.\n * [BUGFIX] TSDB: Handle TOC parsing failures.\n\nrhnlib:\n \n- Version 5.0.4-0\n * Add the old TLS code for very old traditional clients still on\n python 2.7 (bsc#1228198)\n\nspacecmd:\n\n- Version 5.0.9-0\n * Update translation strings\n\nuyuni-tools:\n\n- Version 0.1.21-0\n * mgrpxy: Fix typo on Systemd template\n- Version 0.1.20-0\n * Update the push tag to 5.0.1\n * mgrpxy: expose port on IPv6 network (bsc#1227951)\n- Version 0.1.19-0\n * Skip updating Tomcat remote debug if conf file is not present\n- Version 0.1.18-0\n * Setup Confidential Computing container during migration\n (bsc#1227588)\n * Add the /etc/uyuni/uyuni-tools.yaml path to the config help\n * Split systemd config files to not loose configuration at upgrade\n (bsc#1227718)\n * Use the same logic for image computation in mgradm and mgrpxy\n (bsc#1228026)\n * Allow building with different Helm and container default\n registry paths (bsc#1226191)\n * Fix recursion in mgradm upgrade podman list --help\n * Setup hub xmlrpc API service in migration to Podman (bsc#1227588)\n * Setup disabled hub xmlrpc API service in all cases (bsc#1227584)\n * Clean the inspection code to make it faster\n * Properly detect IPv6 enabled on Podman network (bsc#1224349)\n * Fix the log file path generation\n * Write scripts output to uyuni-tools.log file\n * Add uyuni-hubxml-rpc to the list of values in\n mgradm scale --help\n * Use path in mgradm support sql file input (bsc#1227505)\n * On Ubuntu build with go1.21 instead of go1.20\n * Enforce Cobbler setup (bsc#1226847)\n * Expose port on IPv6 network (bsc#1227951)\n * show output of podman image search --list-tags command\n * Implement mgrpxy support config command\n * During migration, ignore /etc/sysconfig/tomcat and\n /etc/tomcat/tomcat.conf (bsc#1228183)\n * During migration, remove java.annotation,com.sun.xml.bind and\n UseConcMarkSweepGC settings\n * Disable node exporter port for Kubernetes\n * Fix start, stop and restart in Kubernetes\n * Increase start timeout in Kubernetes\n * Fix traefik query\n * Fix password entry usability (bsc#1226437)\n * Add --prepare option to migrate command\n * Fix random error during installation of CA certificate\n (bsc#1227245)\n * Clarify and fix distro name guessing when not provided\n (bsc#1226284)\n * Replace not working Fatal error by plain error return\n (bsc#1220136)\n * Allow server installation with preexisting storage volumes\n * Do not report error when purging mounted volume (bsc#1225349)\n * Preserve PAGER settings from the host for interactive sql\n usage (bsc#1226914)\n * Add mgrpxy command to clear the Squid cache\n * Use local images for Confidential Computing and\n Hub containers (bsc#1227586)\n- Version 0.1.17-0\n * Allow GPG files to be loaded from the local file (bsc#1227195)\n- Version 0.1.16-0\n * Prefer local images in all migration steps (bsc#1227244)\n- Version 0.1.15-0\n * Define --registry flag behaviour (bsc#1226793)\n- Version 0.1.14-0\n * Do not rely on hardcoded registry, remove any FQDN\n- Version 0.1.13-0\n * Fix mgradm support config tarball creation (bsc#1226759)\n- Version 0.1.12-0\n * Detection of k8s on Proxy was wrongly influenced by Server\n setting\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-3266,SUSE-SLE-Manager-Tools-12-2024-3266",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_3266-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:3266-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243266-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:3266-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-September/036926.html"
},
{
"category": "self",
"summary": "SUSE Bug 1220136",
"url": "https://bugzilla.suse.com/1220136"
},
{
"category": "self",
"summary": "SUSE Bug 1224349",
"url": "https://bugzilla.suse.com/1224349"
},
{
"category": "self",
"summary": "SUSE Bug 1225349",
"url": "https://bugzilla.suse.com/1225349"
},
{
"category": "self",
"summary": "SUSE Bug 1226191",
"url": "https://bugzilla.suse.com/1226191"
},
{
"category": "self",
"summary": "SUSE Bug 1226284",
"url": "https://bugzilla.suse.com/1226284"
},
{
"category": "self",
"summary": "SUSE Bug 1226437",
"url": "https://bugzilla.suse.com/1226437"
},
{
"category": "self",
"summary": "SUSE Bug 1226759",
"url": "https://bugzilla.suse.com/1226759"
},
{
"category": "self",
"summary": "SUSE Bug 1226793",
"url": "https://bugzilla.suse.com/1226793"
},
{
"category": "self",
"summary": "SUSE Bug 1226847",
"url": "https://bugzilla.suse.com/1226847"
},
{
"category": "self",
"summary": "SUSE Bug 1226914",
"url": "https://bugzilla.suse.com/1226914"
},
{
"category": "self",
"summary": "SUSE Bug 1227038",
"url": "https://bugzilla.suse.com/1227038"
},
{
"category": "self",
"summary": "SUSE Bug 1227195",
"url": "https://bugzilla.suse.com/1227195"
},
{
"category": "self",
"summary": "SUSE Bug 1227244",
"url": "https://bugzilla.suse.com/1227244"
},
{
"category": "self",
"summary": "SUSE Bug 1227245",
"url": "https://bugzilla.suse.com/1227245"
},
{
"category": "self",
"summary": "SUSE Bug 1227505",
"url": "https://bugzilla.suse.com/1227505"
},
{
"category": "self",
"summary": "SUSE Bug 1227584",
"url": "https://bugzilla.suse.com/1227584"
},
{
"category": "self",
"summary": "SUSE Bug 1227586",
"url": "https://bugzilla.suse.com/1227586"
},
{
"category": "self",
"summary": "SUSE Bug 1227588",
"url": "https://bugzilla.suse.com/1227588"
},
{
"category": "self",
"summary": "SUSE Bug 1227718",
"url": "https://bugzilla.suse.com/1227718"
},
{
"category": "self",
"summary": "SUSE Bug 1227951",
"url": "https://bugzilla.suse.com/1227951"
},
{
"category": "self",
"summary": "SUSE Bug 1228026",
"url": "https://bugzilla.suse.com/1228026"
},
{
"category": "self",
"summary": "SUSE Bug 1228183",
"url": "https://bugzilla.suse.com/1228183"
},
{
"category": "self",
"summary": "SUSE Bug 1228198",
"url": "https://bugzilla.suse.com/1228198"
},
{
"category": "self",
"summary": "SUSE Bug 1228556",
"url": "https://bugzilla.suse.com/1228556"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45142 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6104 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6104/"
}
],
"title": "Security update for SUSE Manager Client Tools",
"tracking": {
"current_release_date": "2024-09-17T07:42:22Z",
"generator": {
"date": "2024-09-17T07:42:22Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:3266-1",
"initial_release_date": "2024-09-17T07:42:22Z",
"revision_history": [
{
"date": "2024-09-17T07:42:22Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-2.45.6-1.53.1.aarch64",
"product": {
"name": "golang-github-prometheus-prometheus-2.45.6-1.53.1.aarch64",
"product_id": "golang-github-prometheus-prometheus-2.45.6-1.53.1.aarch64"
}
},
{
"category": "product_version",
"name": "mgrctl-0.1.21-1.8.1.aarch64",
"product": {
"name": "mgrctl-0.1.21-1.8.1.aarch64",
"product_id": "mgrctl-0.1.21-1.8.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-2.45.6-1.53.1.i586",
"product": {
"name": "golang-github-prometheus-prometheus-2.45.6-1.53.1.i586",
"product_id": "golang-github-prometheus-prometheus-2.45.6-1.53.1.i586"
}
},
{
"category": "product_version",
"name": "mgrctl-0.1.21-1.8.1.i586",
"product": {
"name": "mgrctl-0.1.21-1.8.1.i586",
"product_id": "mgrctl-0.1.21-1.8.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "mgrctl-bash-completion-0.1.21-1.8.1.noarch",
"product": {
"name": "mgrctl-bash-completion-0.1.21-1.8.1.noarch",
"product_id": "mgrctl-bash-completion-0.1.21-1.8.1.noarch"
}
},
{
"category": "product_version",
"name": "mgrctl-lang-0.1.21-1.8.1.noarch",
"product": {
"name": "mgrctl-lang-0.1.21-1.8.1.noarch",
"product_id": "mgrctl-lang-0.1.21-1.8.1.noarch"
}
},
{
"category": "product_version",
"name": "mgrctl-zsh-completion-0.1.21-1.8.1.noarch",
"product": {
"name": "mgrctl-zsh-completion-0.1.21-1.8.1.noarch",
"product_id": "mgrctl-zsh-completion-0.1.21-1.8.1.noarch"
}
},
{
"category": "product_version",
"name": "python2-rhnlib-5.0.4-21.52.1.noarch",
"product": {
"name": "python2-rhnlib-5.0.4-21.52.1.noarch",
"product_id": "python2-rhnlib-5.0.4-21.52.1.noarch"
}
},
{
"category": "product_version",
"name": "spacecmd-5.0.9-38.147.1.noarch",
"product": {
"name": "spacecmd-5.0.9-38.147.1.noarch",
"product_id": "spacecmd-5.0.9-38.147.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-2.45.6-1.53.1.ppc64le",
"product": {
"name": "golang-github-prometheus-prometheus-2.45.6-1.53.1.ppc64le",
"product_id": "golang-github-prometheus-prometheus-2.45.6-1.53.1.ppc64le"
}
},
{
"category": "product_version",
"name": "mgrctl-0.1.21-1.8.1.ppc64le",
"product": {
"name": "mgrctl-0.1.21-1.8.1.ppc64le",
"product_id": "mgrctl-0.1.21-1.8.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-2.45.6-1.53.1.s390x",
"product": {
"name": "golang-github-prometheus-prometheus-2.45.6-1.53.1.s390x",
"product_id": "golang-github-prometheus-prometheus-2.45.6-1.53.1.s390x"
}
},
{
"category": "product_version",
"name": "mgrctl-0.1.21-1.8.1.s390x",
"product": {
"name": "mgrctl-0.1.21-1.8.1.s390x",
"product_id": "mgrctl-0.1.21-1.8.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-2.45.6-1.53.1.x86_64",
"product": {
"name": "golang-github-prometheus-prometheus-2.45.6-1.53.1.x86_64",
"product_id": "golang-github-prometheus-prometheus-2.45.6-1.53.1.x86_64"
}
},
{
"category": "product_version",
"name": "mgrctl-0.1.21-1.8.1.x86_64",
"product": {
"name": "mgrctl-0.1.21-1.8.1.x86_64",
"product_id": "mgrctl-0.1.21-1.8.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Client Tools 12",
"product": {
"name": "SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-2.45.6-1.53.1.aarch64 as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.45.6-1.53.1.aarch64"
},
"product_reference": "golang-github-prometheus-prometheus-2.45.6-1.53.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-2.45.6-1.53.1.ppc64le as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.45.6-1.53.1.ppc64le"
},
"product_reference": "golang-github-prometheus-prometheus-2.45.6-1.53.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-2.45.6-1.53.1.s390x as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.45.6-1.53.1.s390x"
},
"product_reference": "golang-github-prometheus-prometheus-2.45.6-1.53.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-2.45.6-1.53.1.x86_64 as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.45.6-1.53.1.x86_64"
},
"product_reference": "golang-github-prometheus-prometheus-2.45.6-1.53.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-0.1.21-1.8.1.aarch64 as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:mgrctl-0.1.21-1.8.1.aarch64"
},
"product_reference": "mgrctl-0.1.21-1.8.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-0.1.21-1.8.1.ppc64le as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:mgrctl-0.1.21-1.8.1.ppc64le"
},
"product_reference": "mgrctl-0.1.21-1.8.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-0.1.21-1.8.1.s390x as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:mgrctl-0.1.21-1.8.1.s390x"
},
"product_reference": "mgrctl-0.1.21-1.8.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-0.1.21-1.8.1.x86_64 as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:mgrctl-0.1.21-1.8.1.x86_64"
},
"product_reference": "mgrctl-0.1.21-1.8.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-bash-completion-0.1.21-1.8.1.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:mgrctl-bash-completion-0.1.21-1.8.1.noarch"
},
"product_reference": "mgrctl-bash-completion-0.1.21-1.8.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-zsh-completion-0.1.21-1.8.1.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:mgrctl-zsh-completion-0.1.21-1.8.1.noarch"
},
"product_reference": "mgrctl-zsh-completion-0.1.21-1.8.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-rhnlib-5.0.4-21.52.1.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:python2-rhnlib-5.0.4-21.52.1.noarch"
},
"product_reference": "python2-rhnlib-5.0.4-21.52.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacecmd-5.0.9-38.147.1.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:spacecmd-5.0.9-38.147.1.noarch"
},
"product_reference": "spacecmd-5.0.9-38.147.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45142"
}
],
"notes": [
{
"category": "general",
"text": "OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server\u0027s potential memory exhaustion when many malicious requests are sent to it. HTTP header User-Agent or HTTP method for requests can be easily set by an attacker to be random and long. The library internally uses `httpconv.ServerRequest` that records every value for HTTP `method` and `User-Agent`. In order to be affected, a program has to use the `otelhttp.NewHandler` wrapper and not filter any unknown HTTP methods or User agents on the level of CDN, LB, previous middleware, etc. Version 0.44.0 fixed this issue when the values collected for attribute `http.request.method` were changed to be restricted to a set of well-known values and other high cardinality attributes were removed. As a workaround to stop being affected, `otelhttp.WithFilter()` can be used, but it requires manual careful configuration to not log certain requests entirely. For convenience and safe usage of this library, it should by default mark with the label `unknown` non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.45.6-1.53.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.45.6-1.53.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.45.6-1.53.1.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.45.6-1.53.1.x86_64",
"SUSE Manager Client Tools 12:mgrctl-0.1.21-1.8.1.aarch64",
"SUSE Manager Client Tools 12:mgrctl-0.1.21-1.8.1.ppc64le",
"SUSE Manager Client Tools 12:mgrctl-0.1.21-1.8.1.s390x",
"SUSE Manager Client Tools 12:mgrctl-0.1.21-1.8.1.x86_64",
"SUSE Manager Client Tools 12:mgrctl-bash-completion-0.1.21-1.8.1.noarch",
"SUSE Manager Client Tools 12:mgrctl-zsh-completion-0.1.21-1.8.1.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-5.0.4-21.52.1.noarch",
"SUSE Manager Client Tools 12:spacecmd-5.0.9-38.147.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45142",
"url": "https://www.suse.com/security/cve/CVE-2023-45142"
},
{
"category": "external",
"summary": "SUSE Bug 1228553 for CVE-2023-45142",
"url": "https://bugzilla.suse.com/1228553"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.45.6-1.53.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.45.6-1.53.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.45.6-1.53.1.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.45.6-1.53.1.x86_64",
"SUSE Manager Client Tools 12:mgrctl-0.1.21-1.8.1.aarch64",
"SUSE Manager Client Tools 12:mgrctl-0.1.21-1.8.1.ppc64le",
"SUSE Manager Client Tools 12:mgrctl-0.1.21-1.8.1.s390x",
"SUSE Manager Client Tools 12:mgrctl-0.1.21-1.8.1.x86_64",
"SUSE Manager Client Tools 12:mgrctl-bash-completion-0.1.21-1.8.1.noarch",
"SUSE Manager Client Tools 12:mgrctl-zsh-completion-0.1.21-1.8.1.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-5.0.4-21.52.1.noarch",
"SUSE Manager Client Tools 12:spacecmd-5.0.9-38.147.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.45.6-1.53.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.45.6-1.53.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.45.6-1.53.1.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.45.6-1.53.1.x86_64",
"SUSE Manager Client Tools 12:mgrctl-0.1.21-1.8.1.aarch64",
"SUSE Manager Client Tools 12:mgrctl-0.1.21-1.8.1.ppc64le",
"SUSE Manager Client Tools 12:mgrctl-0.1.21-1.8.1.s390x",
"SUSE Manager Client Tools 12:mgrctl-0.1.21-1.8.1.x86_64",
"SUSE Manager Client Tools 12:mgrctl-bash-completion-0.1.21-1.8.1.noarch",
"SUSE Manager Client Tools 12:mgrctl-zsh-completion-0.1.21-1.8.1.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-5.0.4-21.52.1.noarch",
"SUSE Manager Client Tools 12:spacecmd-5.0.9-38.147.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-17T07:42:22Z",
"details": "important"
}
],
"title": "CVE-2023-45142"
},
{
"cve": "CVE-2024-6104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6104"
}
],
"notes": [
{
"category": "general",
"text": "go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.45.6-1.53.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.45.6-1.53.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.45.6-1.53.1.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.45.6-1.53.1.x86_64",
"SUSE Manager Client Tools 12:mgrctl-0.1.21-1.8.1.aarch64",
"SUSE Manager Client Tools 12:mgrctl-0.1.21-1.8.1.ppc64le",
"SUSE Manager Client Tools 12:mgrctl-0.1.21-1.8.1.s390x",
"SUSE Manager Client Tools 12:mgrctl-0.1.21-1.8.1.x86_64",
"SUSE Manager Client Tools 12:mgrctl-bash-completion-0.1.21-1.8.1.noarch",
"SUSE Manager Client Tools 12:mgrctl-zsh-completion-0.1.21-1.8.1.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-5.0.4-21.52.1.noarch",
"SUSE Manager Client Tools 12:spacecmd-5.0.9-38.147.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6104",
"url": "https://www.suse.com/security/cve/CVE-2024-6104"
},
{
"category": "external",
"summary": "SUSE Bug 1227024 for CVE-2024-6104",
"url": "https://bugzilla.suse.com/1227024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.45.6-1.53.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.45.6-1.53.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.45.6-1.53.1.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.45.6-1.53.1.x86_64",
"SUSE Manager Client Tools 12:mgrctl-0.1.21-1.8.1.aarch64",
"SUSE Manager Client Tools 12:mgrctl-0.1.21-1.8.1.ppc64le",
"SUSE Manager Client Tools 12:mgrctl-0.1.21-1.8.1.s390x",
"SUSE Manager Client Tools 12:mgrctl-0.1.21-1.8.1.x86_64",
"SUSE Manager Client Tools 12:mgrctl-bash-completion-0.1.21-1.8.1.noarch",
"SUSE Manager Client Tools 12:mgrctl-zsh-completion-0.1.21-1.8.1.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-5.0.4-21.52.1.noarch",
"SUSE Manager Client Tools 12:spacecmd-5.0.9-38.147.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.45.6-1.53.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.45.6-1.53.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.45.6-1.53.1.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.45.6-1.53.1.x86_64",
"SUSE Manager Client Tools 12:mgrctl-0.1.21-1.8.1.aarch64",
"SUSE Manager Client Tools 12:mgrctl-0.1.21-1.8.1.ppc64le",
"SUSE Manager Client Tools 12:mgrctl-0.1.21-1.8.1.s390x",
"SUSE Manager Client Tools 12:mgrctl-0.1.21-1.8.1.x86_64",
"SUSE Manager Client Tools 12:mgrctl-bash-completion-0.1.21-1.8.1.noarch",
"SUSE Manager Client Tools 12:mgrctl-zsh-completion-0.1.21-1.8.1.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-5.0.4-21.52.1.noarch",
"SUSE Manager Client Tools 12:spacecmd-5.0.9-38.147.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-17T07:42:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-6104"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…