SUSE-SU-2022:1545-1

Source
https://www.suse.com/support/update/announcement/2022/suse-su-20221545-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:1545-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2022:1545-1
Related
Published
2022-05-05T10:11:10Z
Modified
2022-05-05T10:11:10Z
Summary
Security Beta update for SUSE Manager Client Tools
Details

This update fixes the following issues:

golang-github-prometheus-alertmanager:

  • CVE-2022-21698: Denial of service using InstrumentHandlerCounter
    • Update vendor tarball with prometheus/client_golang 1.11.1 (bsc#1196338, jsc#SLE-24077)
  • Update to version 0.23.0:
    • amtool: Detect version drift and warn users (#2672)
    • Add ability to skip TLS verification for amtool (#2663)
    • Fix empty isEqual in amtool. (#2668)
    • Fix main tests (#2670)
    • cli: add new template render command (#2538)
    • OpsGenie: refer to alert instead of incident (#2609)
    • Docs: targetmatch and sourcematch are DEPRECATED (#2665)
    • Fix test not waiting for cluster member to be ready
  • Added hardening to systemd service(s) (bsc#1181400).

golang-github-prometheus-prometheus:

  • Build firewalld-prometheus-config only for SUSE Linux Enterprise 15, 15.1 and 15.2, and require firewalld for it
  • Firewalld-prometheus-config needs to be a Recommends, not a Requires, as prometheus does not require it to run
  • Create firewalld-prometheus-config subpackage (bsc#1197042)
  • CVE-2022-21698: Denial of service using InstrumentHandlerCounter.
    • Update vendor tarball with prometheus/client_golang 1.12.1 (bsc#1196338)

mgr-cfg:

  • Version 4.3.6-1
    • Fix the condition for preventing building python 2 subpackage for SLE15 (bsc#1197579)

mgr-osad:

  • Version 4.3.6-1
    • Fix the condition for preventing building python 2 subpackage for SLE15

mgr-push:

  • Version 4.3.4-1
    • Fix the condition for preventing building python 2 subpackage for SLE15

mgr-virtualization:

  • Version 4.3.5-1
    • Fix the condition for preventing building python 2 subpackage for SLE15

rhnlib:

  • Version 4.3.4-1
    • Fix the condition for preventing building python 2 subpackage for SLE15

salt:

  • Prevent data pollution between actions proceesed at the same time (bsc#1197637)
  • Fix regression preventing bootstrapping new clients caused by redundant dependency on psutil (bsc#1197533)
  • Fixes for Python 3.10
  • Fix salt-ssh opts poisoning (bsc#1197637)
  • Fix multiple security issues for salt (bsc#1197417):
    • CVE-2022-22935: Sign authentication replies to prevent MiTM.
    • CVE-2022-22934: Sign pillar data to prevent MiTM attacks.
    • CVE-2022-22936: Prevent job and fileserver replays.
    • CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth.

spacecmd:

  • Version 4.3.10-1
    • parse boolean parameters correctly (bsc#1197689)
    • Add parameter to set containerized proxy SSH port

spacewalk-client-tools:

  • Version 4.3.9-1
    • Fix the condition for preventing building python 2 subpackage for SLE15

spacewalk-koan:

  • Version 4.3.5-1
    • Fix the condition for preventing building python 2 subpackage for SLE15

spacewalk-oscap:

  • Version 4.3.5-1
    • Fix the condition for preventing building python 2 subpackage for SLE15

suseRegisterInfo:

  • Version 4.3.3-1
    • Fix the condition for preventing building python 2 subpackage for SLE15

uyuni-common-libs:

  • Version 4.3.4-1
    • implement more decompression algorithms for reposync (bsc#1196704)

uyuni-proxy-systemd-services:

  • Version 4.3.2-1
    • Harmonize systemd services names and container names
    • Adapted to work on Enterprise Linux.
    • Add package to SLE and Client tools (jsc#SLE-24145)
References

Affected packages