SUSE-SU-2022:0310-1

Source
https://www.suse.com/support/update/announcement/2022/suse-su-20220310-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:0310-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2022:0310-1
Related
Published
2022-02-02T11:09:18Z
Modified
2022-02-02T11:09:18Z
Summary
Security Beta update for SUSE Manager Client Tools
Details

This update fixes the following issues:

grafana:

  • Update to version 7.5.12:
    • Fix markdown path traversal (#42969, bsc#1193688, CVE-2021-43813)
  • Recreate tarballs using the makefile to update the npm and go modules required
  • Update to version 7.5.11:
    • Fix Snapshot authentication bypass (bsc#1191454, CVE-2021-39226)
    • Fix certs issue (#40002)
    • Release v7.5.11 (#124)
    • Fix static path matching issue in macaron
    • OAuth: add docs for disableAutoLogin param (#38752) (#38894)
    • Fix #747; remove 'other variables'. (#37866) (#37878)
    • Update alert docs (#33658) (#33659)
    • [7.5.x] Docs: added documentation for the 'prepare time series'-transformation. (#36836)
    • cherry picked dc5778c303ca555b70e8ca8c28e95997e26ecfc1 (#36813)
    • 'Release: Updated versions in package to 7.5.10' (#36792)
    • [v7.5.x] Transformations: add 'prepare time series' transformer (#36749)
    • Remove verify-drone from windows (#36775)
    • Update queries.md (#31941) (#36764)
    • Updated content to specify method to use to get keyboard shortcuts; (#36084) (#36087)
    • ReleaseNotes: Updated changelog and release notes for 7.5.9 (#36057) (#36077)
    • 'Release: Updated versions in package to 7.5.9' (#36056)
    • Login: Fixes Unauthorized message showing when on login page or snapshot page (#35311) (#35880)
    • ReleaseNotes: Updated changelog and release notes for 7.5.8 (#35703) (#35822)
    • CI: Upgrade pipeline tool to use main (#35804)
    • CI: try to force v7.5.x instead of master (#35799)
    • CI: supports move from master to main in 7.5.x release branch (#35747)
    • 'Release: Updated versions in package to 7.5.8' (#35701)
    • Chore: Bump acorn and lodash-es (#35650)
    • Snapshots: Remove dashboard links from snapshots (#35567) (#35585)
    • [v7.5.x] Datasource: Allow configuring MaxConnsPerHost (#35519)
    • Remove docs sync from v7.5.x (#35443)
    • 'Release: Updated versions in package to 7.5.7' (#35412)
    • Add maxidleconnectionsperhost to config (#35365)
    • Update go.sum to fix failing enterprise pipeline (#35353)
    • [v7.5.x] HTTP Client: Introduce go-conntrack (#35321)
    • Fix Markdown syntax in enterprise/license/_index.md (#34683) (#35210)
    • Update annotations.md (#33218) (#35138)
    • Docs: Add query caching to enterprise docs page (#34751) (#35025)
    • [7.5.x] Admin: hide per role counts for licensed users (#34994)
    • cleanup shortcodes, image paths (#34827)
    • Security: Upgrade Thrift dependency (#34698) (#34702)
    • Docs: Fix Quick Start link on Geting Started Influx page (#34549) (#34603)
    • Add link to release notes v7.5.7 (#34460) (#34474)
    • Update 7.5.x landing page (#34447)
    • ReleaseNotes: Updated changelog and release notes for 7.5.7 (#34383) (#34428)
  • Update to 7.5.10
    • [v7.5.x] Transformations: add 'prepare time series' transformer. [#36749]
  • Update to 7.5.9
    • Login: Fix Unauthorized message that is displayed on sign-in or snapshot page. [#35880]

kiwi-desc-saltboot:

  • Update to version 0.1.1639488226.7c9eab9
    • Enable one-time autosign grains for SLE12 and SLE11 clients

mgr-cfg:

  • Version 4.3.3-1
    • Fix python selinux package name depending on build target (bsc#1193600)
    • Do not build python 2 package for SLE15SP4 and higher

mgr-custom-info:

  • Version 4.3.3-1
    • require python macros for building

mgr-osad:

  • Version 4.3.3-1
    • require python macros for building
    • Do not build python 2 package for SLE15SP4 and higher

mgr-push:

  • Version 4.3.2-1
    • Do not build python 2 package for SLE15SP4 and higher

mgr-virtualization:

  • Version 4.3.2-1
    • require python macros for building
    • Do not build python 2 package for SLE15SP4 and higher

python-hwdata:

  • Require python macros for building

rhnlib:

  • Version 4.3.2-1
    • do not build python 2 package for SLE15

salt:

  • Fix tmpfiles.d configuration for salt to not use legacy paths (bsc#1173103)
  • Fix the regression of docker_container state module (bsc#1191285)

spacecmd:

  • Version 4.3.5-1
    • require python macros for building

spacewalk-client-tools:

  • Version 4.3.5-1
    • require python macros for building
    • do not build python 2 package for SLE15

spacewalk-koan:

  • Version 4.3.2-1
    • Do not build python 2 package for SLE15SP4 and higher

spacewalk-oscap:

  • Version 4.3.2-1
    • require python macros for building
    • Do not build python 2 package for SLE15SP4 and higher

spacewalk-remote-utils:

  • Version 4.3.2-1
    • require python macros for building

suseRegisterInfo:

  • Version 4.3.2-1
    • require python macros for building
    • Do not build python 2 package for SLE15 and higher

uyuni-common-libs:

  • Version 4.3.2-1
    • Read modularity data from DISTTAG tag as fallback (bsc#1192487)
    • Add decompression of zck files to fileutils
    • require python macros for building

zypp-plugin-spacewalk:

  • 1.0.11
    • require python macros for building
References

Affected packages