Security update for release-notes-susemanager, release-notes-susemanager-proxy SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:3761-1 Final 1 1 2022-10-26T08:58:54Z current 2022-10-26T08:58:54Z 2022-10-26T08:58:54Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for release-notes-susemanager, release-notes-susemanager-proxy This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues: Release notes for SUSE Manager: - Update to SUSE Manager 4.3.2 * Containerized proxy and RBS are now fully supported * HTTP API is now fully supported * Ubuntu 22.04 is now supported as a client * Cobbler has been upgraded to version 3.3.3 which also includes building ISOs with UEFI support * pip support has been added for the Salt Bundle * Prometheus exporter for Apache has been upgraded to 0.10.0 * CVEs fixed: CVE-2021-41411, CVE-2021-42740, CVE-2021-43138, CVE-2022-0860, CVE-2022-31129 * Bugs mentioned: bsc#1191857, bsc#1195624, bsc#1196729, bsc#1197027, bsc#1198168 bsc#1198903, bsc#1199726, bsc#1200480, bsc#1200573, bsc#1200629 bsc#1201210, bsc#1201220, bsc#1201260, bsc#1201626, bsc#1201753 bsc#1201788, bsc#1201913, bsc#1201918, bsc#1202271, bsc#1202272 bsc#1202367, bsc#1202455, bsc#1202464, bsc#1202602, bsc#1202728 bsc#1202729, bsc#1202805, bsc#1202899, bsc#1203026, bsc#1203049 bsc#1203056, bsc#1203169, bsc#1203287, bsc#1203288, bsc#1203385 bsc#1203406, bsc#1203422, bsc#1203449, bsc#1203478, bsc#1203484 bsc#1203564, bsc#1203585, bsc#1203611 Release notes for SUSE Manager Proxy: - Update to SUSE Manager 4.3.2 * Containerized proxy and RBS are now fully supported * CVEs fixed: CVE-2021-42740, CVE-2021-43138, CVE-2022-31129 * Bugs mentioned: bsc#1198168, bsc#1198903, bsc#1200480, bsc#1201589, bsc#1201788 bsc#1203287, bsc#1203288, bsc#1203585 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/manager/4.3/proxy-httpd:latest-2022-3761,Image SLES15-SP4-Manager-Proxy-4-3-BYOS-2022-3761,Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure-2022-3761,Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2-2022-3761,Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE-2022-3761,Image SLES15-SP4-Manager-Server-4-3-2022-3761,Image SLES15-SP4-Manager-Server-4-3-Azure-llc-2022-3761,Image SLES15-SP4-Manager-Server-4-3-Azure-ltd-2022-3761,Image SLES15-SP4-Manager-Server-4-3-BYOS-2022-3761,Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure-2022-3761,Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2-2022-3761,Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE-2022-3761,Image SLES15-SP4-Manager-Server-4-3-EC2-llc-2022-3761,Image SLES15-SP4-Manager-Server-4-3-EC2-ltd-2022-3761,SUSE-2022-3761,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2022-3761,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.3-2022-3761,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2022-3761 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20223761-1/ Link for SUSE-SU-2022:3761-1 https://lists.suse.com/pipermail/sle-security-updates/2022-October/012707.html E-Mail link for SUSE-SU-2022:3761-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1191857 SUSE Bug 1191857 https://bugzilla.suse.com/1195624 SUSE Bug 1195624 https://bugzilla.suse.com/1196729 SUSE Bug 1196729 https://bugzilla.suse.com/1197027 SUSE Bug 1197027 https://bugzilla.suse.com/1198168 SUSE Bug 1198168 https://bugzilla.suse.com/1198903 SUSE Bug 1198903 https://bugzilla.suse.com/1199726 SUSE Bug 1199726 https://bugzilla.suse.com/1200480 SUSE Bug 1200480 https://bugzilla.suse.com/1200573 SUSE Bug 1200573 https://bugzilla.suse.com/1200629 SUSE Bug 1200629 https://bugzilla.suse.com/1201210 SUSE Bug 1201210 https://bugzilla.suse.com/1201220 SUSE Bug 1201220 https://bugzilla.suse.com/1201260 SUSE Bug 1201260 https://bugzilla.suse.com/1201589 SUSE Bug 1201589 https://bugzilla.suse.com/1201626 SUSE Bug 1201626 https://bugzilla.suse.com/1201753 SUSE Bug 1201753 https://bugzilla.suse.com/1201788 SUSE Bug 1201788 https://bugzilla.suse.com/1201913 SUSE Bug 1201913 https://bugzilla.suse.com/1201918 SUSE Bug 1201918 https://bugzilla.suse.com/1202271 SUSE Bug 1202271 https://bugzilla.suse.com/1202272 SUSE Bug 1202272 https://bugzilla.suse.com/1202367 SUSE Bug 1202367 https://bugzilla.suse.com/1202455 SUSE Bug 1202455 https://bugzilla.suse.com/1202464 SUSE Bug 1202464 https://bugzilla.suse.com/1202602 SUSE Bug 1202602 https://bugzilla.suse.com/1202728 SUSE Bug 1202728 https://bugzilla.suse.com/1202729 SUSE Bug 1202729 https://bugzilla.suse.com/1202805 SUSE Bug 1202805 https://bugzilla.suse.com/1202899 SUSE Bug 1202899 https://bugzilla.suse.com/1203026 SUSE Bug 1203026 https://bugzilla.suse.com/1203049 SUSE Bug 1203049 https://bugzilla.suse.com/1203056 SUSE Bug 1203056 https://bugzilla.suse.com/1203169 SUSE Bug 1203169 https://bugzilla.suse.com/1203287 SUSE Bug 1203287 https://bugzilla.suse.com/1203288 SUSE Bug 1203288 https://bugzilla.suse.com/1203385 SUSE Bug 1203385 https://bugzilla.suse.com/1203406 SUSE Bug 1203406 https://bugzilla.suse.com/1203422 SUSE Bug 1203422 https://bugzilla.suse.com/1203449 SUSE Bug 1203449 https://bugzilla.suse.com/1203478 SUSE Bug 1203478 https://bugzilla.suse.com/1203484 SUSE Bug 1203484 https://bugzilla.suse.com/1203564 SUSE Bug 1203564 https://bugzilla.suse.com/1203585 SUSE Bug 1203585 https://bugzilla.suse.com/1203611 SUSE Bug 1203611 https://www.suse.com/security/cve/CVE-2021-41411/ SUSE CVE CVE-2021-41411 page https://www.suse.com/security/cve/CVE-2021-42740/ SUSE CVE CVE-2021-42740 page https://www.suse.com/security/cve/CVE-2021-43138/ SUSE CVE CVE-2021-43138 page https://www.suse.com/security/cve/CVE-2022-0860/ SUSE CVE CVE-2022-0860 page https://www.suse.com/security/cve/CVE-2022-31129/ SUSE CVE CVE-2022-31129 page Container suse/manager/4.3/proxy-httpd:latest Image SLES15-SP4-Manager-Proxy-4-3-BYOS Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE Image SLES15-SP4-Manager-Server-4-3 Image SLES15-SP4-Manager-Server-4-3-Azure-llc Image SLES15-SP4-Manager-Server-4-3-Azure-ltd Image SLES15-SP4-Manager-Server-4-3-BYOS Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE Image SLES15-SP4-Manager-Server-4-3-EC2-llc Image SLES15-SP4-Manager-Server-4-3-EC2-ltd SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 release-notes-susemanager-proxy-4.3.2-150400.3.9.3 release-notes-susemanager-4.3.2-150400.3.15.1 release-notes-susemanager-proxy-4.3.2-150400.3.9.3 as a component of Container suse/manager/4.3/proxy-httpd:latest release-notes-susemanager-proxy-4.3.2-150400.3.9.3 as a component of Image SLES15-SP4-Manager-Proxy-4-3-BYOS release-notes-susemanager-proxy-4.3.2-150400.3.9.3 as a component of Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure release-notes-susemanager-proxy-4.3.2-150400.3.9.3 as a component of Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2 release-notes-susemanager-proxy-4.3.2-150400.3.9.3 as a component of Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE release-notes-susemanager-4.3.2-150400.3.15.1 as a component of Image SLES15-SP4-Manager-Server-4-3 release-notes-susemanager-4.3.2-150400.3.15.1 as a component of Image SLES15-SP4-Manager-Server-4-3-Azure-llc release-notes-susemanager-4.3.2-150400.3.15.1 as a component of Image SLES15-SP4-Manager-Server-4-3-Azure-ltd release-notes-susemanager-4.3.2-150400.3.15.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS release-notes-susemanager-4.3.2-150400.3.15.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure release-notes-susemanager-4.3.2-150400.3.15.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 release-notes-susemanager-4.3.2-150400.3.15.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE release-notes-susemanager-4.3.2-150400.3.15.1 as a component of Image SLES15-SP4-Manager-Server-4-3-EC2-llc release-notes-susemanager-4.3.2-150400.3.15.1 as a component of Image SLES15-SP4-Manager-Server-4-3-EC2-ltd release-notes-susemanager-proxy-4.3.2-150400.3.9.3 as a component of SUSE Manager Proxy 4.3 release-notes-susemanager-proxy-4.3.2-150400.3.9.3 as a component of SUSE Manager Retail Branch Server 4.3 release-notes-susemanager-4.3.2-150400.3.15.1 as a component of SUSE Manager Server 4.3 drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability. CVE-2021-41411 Container suse/manager/4.3/proxy-httpd:latest:release-notes-susemanager-proxy-4.3.2-150400.3.9.3 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure:release-notes-susemanager-proxy-4.3.2-150400.3.9.3 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2:release-notes-susemanager-proxy-4.3.2-150400.3.9.3 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE:release-notes-susemanager-proxy-4.3.2-150400.3.9.3 Image SLES15-SP4-Manager-Proxy-4-3-BYOS:release-notes-susemanager-proxy-4.3.2-150400.3.9.3 Image SLES15-SP4-Manager-Server-4-3-Azure-llc:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3-Azure-ltd:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3-BYOS:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3-EC2-llc:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3-EC2-ltd:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3:release-notes-susemanager-4.3.2-150400.3.15.1 SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3 SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3 SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223761-1/ https://www.suse.com/security/cve/CVE-2021-41411.html CVE-2021-41411 https://bugzilla.suse.com/1200629 SUSE Bug 1200629 The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec(), an attacker can inject arbitrary commands. This is because the Windows drive letter regex character class is {A-z] instead of the correct {A-Za-z]. Several shell metacharacters exist in the space between capital letter Z and lower case letter a, such as the backtick character. CVE-2021-42740 Container suse/manager/4.3/proxy-httpd:latest:release-notes-susemanager-proxy-4.3.2-150400.3.9.3 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure:release-notes-susemanager-proxy-4.3.2-150400.3.9.3 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2:release-notes-susemanager-proxy-4.3.2-150400.3.9.3 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE:release-notes-susemanager-proxy-4.3.2-150400.3.9.3 Image SLES15-SP4-Manager-Proxy-4-3-BYOS:release-notes-susemanager-proxy-4.3.2-150400.3.9.3 Image SLES15-SP4-Manager-Server-4-3-Azure-llc:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3-Azure-ltd:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3-BYOS:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3-EC2-llc:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3-EC2-ltd:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3:release-notes-susemanager-4.3.2-150400.3.15.1 SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3 SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3 SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223761-1/ https://www.suse.com/security/cve/CVE-2021-42740.html CVE-2021-42740 https://bugzilla.suse.com/1203287 SUSE Bug 1203287 In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution. CVE-2021-43138 Container suse/manager/4.3/proxy-httpd:latest:release-notes-susemanager-proxy-4.3.2-150400.3.9.3 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure:release-notes-susemanager-proxy-4.3.2-150400.3.9.3 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2:release-notes-susemanager-proxy-4.3.2-150400.3.9.3 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE:release-notes-susemanager-proxy-4.3.2-150400.3.9.3 Image SLES15-SP4-Manager-Proxy-4-3-BYOS:release-notes-susemanager-proxy-4.3.2-150400.3.9.3 Image SLES15-SP4-Manager-Server-4-3-Azure-llc:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3-Azure-ltd:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3-BYOS:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3-EC2-llc:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3-EC2-ltd:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3:release-notes-susemanager-4.3.2-150400.3.15.1 SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3 SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3 SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223761-1/ https://www.suse.com/security/cve/CVE-2021-43138.html CVE-2021-43138 https://bugzilla.suse.com/1200480 SUSE Bug 1200480 Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2. CVE-2022-0860 Container suse/manager/4.3/proxy-httpd:latest:release-notes-susemanager-proxy-4.3.2-150400.3.9.3 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure:release-notes-susemanager-proxy-4.3.2-150400.3.9.3 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2:release-notes-susemanager-proxy-4.3.2-150400.3.9.3 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE:release-notes-susemanager-proxy-4.3.2-150400.3.9.3 Image SLES15-SP4-Manager-Proxy-4-3-BYOS:release-notes-susemanager-proxy-4.3.2-150400.3.9.3 Image SLES15-SP4-Manager-Server-4-3-Azure-llc:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3-Azure-ltd:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3-BYOS:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3-EC2-llc:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3-EC2-ltd:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3:release-notes-susemanager-4.3.2-150400.3.15.1 SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3 SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3 SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1 important 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223761-1/ https://www.suse.com/security/cve/CVE-2022-0860.html CVE-2022-0860 https://bugzilla.suse.com/1197027 SUSE Bug 1197027 moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input. CVE-2022-31129 Container suse/manager/4.3/proxy-httpd:latest:release-notes-susemanager-proxy-4.3.2-150400.3.9.3 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure:release-notes-susemanager-proxy-4.3.2-150400.3.9.3 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2:release-notes-susemanager-proxy-4.3.2-150400.3.9.3 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE:release-notes-susemanager-proxy-4.3.2-150400.3.9.3 Image SLES15-SP4-Manager-Proxy-4-3-BYOS:release-notes-susemanager-proxy-4.3.2-150400.3.9.3 Image SLES15-SP4-Manager-Server-4-3-Azure-llc:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3-Azure-ltd:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3-BYOS:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3-EC2-llc:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3-EC2-ltd:release-notes-susemanager-4.3.2-150400.3.15.1 Image SLES15-SP4-Manager-Server-4-3:release-notes-susemanager-4.3.2-150400.3.15.1 SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3 SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3 SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223761-1/ https://www.suse.com/security/cve/CVE-2022-31129.html CVE-2022-31129 https://bugzilla.suse.com/1203288 SUSE Bug 1203288