Security Beta update for SUSE Manager Client Tools and Salt SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:1427-1 Final 1 1 2024-04-24T09:10:16Z current 2024-04-24T09:10:16Z 2024-04-24T09:10:16Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security Beta update for SUSE Manager Client Tools and Salt This update fixes the following issues: POS_Image-Graphical7: - Update to version 0.1.1710765237.46af599 * Move image services to dracut-saltboot package * Use salt bundle - Update to version 0.1.1645440615.7f1328c * Remove deprecated kiwi functions POS_Image-JeOS7: - Update to version 0.1.1710765237.46af599 * Move image services to dracut-saltboot package * Use salt bundle - Update to version 0.1.1645440615.7f1328c * Remove deprecated kiwi functions ansible: - CVE-2023-5764: Address issues where internal templating can cause unsafe variables to lose their unsafe designation (bsc#1216854) * breaking_changes: assert - Nested templating may result in an inability for the conditional to be evaluated. See the porting guide for more information. - CVE-2024-0690: Address issue where ANSIBLE_NO_LOG was ignored (bsc#1219002) - CVE-2020-14365: Do a GPG validation if the disable_gpg_check option is not set. (bsc#1175993) - Don't Require python-coverage, it is needed only for testing (bsc#1177948) - CVE-2018-10874: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution (included upstream in 2.6.1) (bsc#1099805) dracut-saltboot: - Update to version 0.1.1710765237.46af599 * Load only first available leaseinfo (bsc#1221092) - Update to version 0.1.1681904360.84ef141 grafana: - Require Go 1.20 - Update to version 9.5.16: * [SECURITY] CVE-2023-6152: Add email verification when updating user email (bsc#1219912) * [BUGFIX] Annotations: Split cleanup into separate queries and deletes to avoid deadlocks on MySQL - Update to version 9.5.15: * [FEATURE] Alerting: Attempt to retry retryable errors - Update to version 9.5.14: * [BUGFIX] Alerting: Fix state manager to not keep datasource_uid and ref_id labels in state after Error * [BUGFIX] Transformations: Config overrides being lost when config from query transform is applied * [BUGFIX] LDAP: Fix enable users on successfull login - Update to version 9.5.13: * [BUGFIX] BrowseDashboards: Only remember the most recent expanded folder * [BUGFIX] Licensing: Pass func to update env variables when starting plugin - Update to version 9.5.12: * [FEATURE] Azure: Add support for Workload Identity authentication - Update to version 9.5.9: * [FEATURE] SSE: Fix DSNode to not panic when response has empty response * [FEATURE] Prometheus: Handle the response with different field key order * [BUGFIX] LDAP: Fix user disabling golang-github-prometheus-node_exporter: - Add `device_error` label for filesystem metrics. - Update rtnetlink library to fix errors during ARP metrics collection. - Update to 1.7.0 (jsc#PED-7893, jsc#PED-7928): * [FEATURE] Add ZFS freebsd per dataset stats #2753 * [FEATURE] Add cpu vulnerabilities reporting from sysfs #2721 * [ENHANCEMENT] Parallelize stat calls in Linux filesystem collector #1772 * [ENHANCEMENT] Add missing linkspeeds to ethtool collector #2711 * [ENHANCEMENT] Add CPU MHz as the value for node_cpu_info metric #2778 * [ENHANCEMENT] Improve qdisc collector performance #2779 * [ENHANCEMENT] Add include and exclude filter for hwmon collector #2699 * [ENHANCEMENT] Optionally fetch ARP stats via rtnetlink instead of procfs #2777 * [BUFFIX] Fix ZFS arcstats on FreeBSD 14.0+ 2754 * [BUGFIX] Fallback to 32-bit stats in netdev #2757 * [BUGFIX] Close btrfs.FS handle after use #2780 * [BUGFIX] Move RO status before error return #2807 * [BUFFIX] Fix promhttp_metric_handler_errors_total being always active #2808 * [BUGFIX] Fix nfsd v4 index miss #2824 - Update to 1.6.1: (no source code changes in this release) - BuildRequire go1.20 - Update to 1.6.0: * [CHANGE] Fix cpustat when some cpus are offline #2318 * [CHANGE] Remove metrics of offline CPUs in CPU collector #2605 * [CHANGE] Deprecate ntp collector #2603 * [CHANGE] Remove bcache `cache_readaheads_totals` metrics #2583 * [CHANGE] Deprecate supervisord collector #2685 * [FEATURE] Enable uname collector on NetBSD #2559 * [FEATURE] NetBSD support for the meminfo collector #2570 * [FEATURE] NetBSD support for CPU collector #2626 * [FEATURE] Add FreeBSD collector for netisr subsystem #2668 * [FEATURE] Add softirqs collector #2669 * [ENHANCEMENT] Add suspended as a `node_zfs_zpool_state` #2449 * [ENHANCEMENT] Add administrative state of Linux network interfaces #2515 * [ENHANCEMENT] Log current value of GOMAXPROCS #2537 * [ENHANCEMENT] Add profiler options for perf collector #2542 * [ENHANCEMENT] Allow root path as metrics path #2590 * [ENHANCEMENT] Add cpu frequency governor metrics #2569 * [ENHANCEMENT] Add new landing page #2622 * [ENHANCEMENT] Reduce privileges needed for btrfs device stats #2634 * [ENHANCEMENT] Add ZFS `memory_available_bytes` #2687 * [ENHANCEMENT] Use `SCSI_IDENT_SERIAL` as serial in diskstats #2612 * [ENHANCEMENT] Read missing from netlink netclass attributes from sysfs #2669 * [BUGFIX] perf: fixes for automatically detecting the correct tracefs mountpoints #2553 * [BUGFIX] Fix `thermal_zone` collector noise @2554 * [BUGFIX] Fix a problem fetching the user wire count on FreeBSD 2584 * [BUGFIX] interrupts: Fix fields on linux aarch64 #2631 * [BUGFIX] Remove metrics of offline CPUs in CPU collector #2605 * [BUGFIX] Fix OpenBSD filesystem collector string parsing #2637 * [BUGFIX] Fix bad reporting of `node_cpu_seconds_total` in OpenBSD #2663 - Change go_modules archive in _service to use obscpio file spacecmd: - Version 5.0.5-0 * Update translation strings spacewalk-client-tools: - Version 5.0.4-0 * Remove rhn-profile-sync rhn_register spacewalk-channel and spacewalk-update-status supportutils-plugin-susemanager-client: - Version 5.0.3-0 * Remove rhnsd from client actions and server backend uyuni-tools: - Version 0.1.7-0 * Fix wrong Cobbler spacewalk_authentication_endpoint property after upgrade or migration * Fix migration script using missing awk in migration image - Version 0.1.6-0 * Pull image from authenticated registry * Port 80 should be published to the port 80 of the containers. 8080 is squid * Autogenerate the database password * Add mgrctl term command * Fix --version flag * Deny uyuni to suma upgrade and viceversa * Refactor upgrade to clarify script end adding post upgrade script (bsc#1219887) * Add mgradm install podman arguments to define big volumes storage * k8s migration use same functions as upgrade * Allow to use images from RPM if present * Schedule a system list refresh after migrate if not runned before * Ignore error on optional flag * Fix migration of multiple autoinstallable distributions * Obsolete uyuni-proxy-systemd-service package by mgrpxy * Add GitHub workflow for checking changelog * Allow installation using --image image:tag * Add command to register Peripheral server to Hub * Add Node exporter (9100) and Taskomatic (9800) ports to the list of open TCP ports * Fix minimal administrator password length * Do not assume the current host is a cluster node when getting kubelet version * Add mgrpxy start, stop and restart commands * Remove shm size constraints on the server * Add mgrpxy and mgradm status commands * Use uninstall commands dry run by default to avoid unintended removals * Make first user mandatory at install time * Add inspect and upgrade command * Improve error handling when exec.Command is used * Start/Stop/Restart command with kubernetes - Version 0.1.5-0 * Install aardvark-dns if netavark is installed (bsc#1220371) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-1427,SUSE-SLE-Manager-Tools-15-BETA-2024-1427,SUSE-SLE-Manager-Tools-Beta-For-Micro-5-2024-1427 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20241427-1/ Link for SUSE-SU-2024:1427-1 https://lists.suse.com/pipermail/sle-updates/2024-April/035080.html E-Mail link for SUSE-SU-2024:1427-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1008037 SUSE Bug 1008037 https://bugzilla.suse.com/1008038 SUSE Bug 1008038 https://bugzilla.suse.com/1010940 SUSE Bug 1010940 https://bugzilla.suse.com/1019021 SUSE Bug 1019021 https://bugzilla.suse.com/1038785 SUSE Bug 1038785 https://bugzilla.suse.com/1059235 SUSE Bug 1059235 https://bugzilla.suse.com/1099805 SUSE Bug 1099805 https://bugzilla.suse.com/1166389 SUSE Bug 1166389 https://bugzilla.suse.com/1171823 SUSE Bug 1171823 https://bugzilla.suse.com/1174145 SUSE Bug 1174145 https://bugzilla.suse.com/1174302 SUSE Bug 1174302 https://bugzilla.suse.com/1175993 SUSE Bug 1175993 https://bugzilla.suse.com/1177948 SUSE Bug 1177948 https://bugzilla.suse.com/1216854 SUSE Bug 1216854 https://bugzilla.suse.com/1219002 SUSE Bug 1219002 https://bugzilla.suse.com/1219887 SUSE Bug 1219887 https://bugzilla.suse.com/1219912 SUSE Bug 1219912 https://bugzilla.suse.com/1220371 SUSE Bug 1220371 https://bugzilla.suse.com/1221092 SUSE Bug 1221092 https://www.suse.com/security/cve/CVE-2016-8647/ SUSE CVE CVE-2016-8647 page https://www.suse.com/security/cve/CVE-2016-9587/ SUSE CVE CVE-2016-9587 page https://www.suse.com/security/cve/CVE-2017-7550/ SUSE CVE CVE-2017-7550 page https://www.suse.com/security/cve/CVE-2018-10874/ SUSE CVE CVE-2018-10874 page https://www.suse.com/security/cve/CVE-2020-14365/ SUSE CVE CVE-2020-14365 page https://www.suse.com/security/cve/CVE-2023-5764/ SUSE CVE CVE-2023-5764 page https://www.suse.com/security/cve/CVE-2023-6152/ SUSE CVE CVE-2023-6152 page https://www.suse.com/security/cve/CVE-2024-0690/ SUSE CVE CVE-2024-0690 page SUSE Manager Client Tools 15-BETA SUSE Manager Client Tools Beta for SLE Micro 5 POS_Image-Graphical7-0.1.1710765237.46af599-159000.3.24.2 POS_Image-JeOS7-0.1.1710765237.46af599-159000.3.24.2 ansible-2.9.27-159000.3.12.2 ansible-doc-2.9.27-159000.3.12.2 ansible-test-2.9.27-159000.3.12.2 dracut-saltboot-0.1.1710765237.46af599-159000.3.33.2 golang-github-prometheus-node_exporter-1.5.0-159000.6.2.1 grafana-9.5.16-159000.4.30.2 mgrctl-0.1.7-159000.3.8.1 mgrctl-bash-completion-0.1.7-159000.3.8.1 mgrctl-zsh-completion-0.1.7-159000.3.8.1 python3-spacewalk-check-5.0.4-159000.6.54.2 python3-spacewalk-client-setup-5.0.4-159000.6.54.2 python3-spacewalk-client-tools-5.0.4-159000.6.54.2 spacecmd-5.0.5-159000.6.48.2 spacewalk-check-5.0.4-159000.6.54.2 spacewalk-client-setup-5.0.4-159000.6.54.2 spacewalk-client-tools-5.0.4-159000.6.54.2 supportutils-plugin-susemanager-client-5.0.3-159000.6.21.2 uyuni-base-common-5.0.2-159000.3.21.2 uyuni-base-proxy-5.0.2-159000.3.21.2 uyuni-base-server-5.0.2-159000.3.21.2 POS_Image-Graphical7-0.1.1710765237.46af599-159000.3.24.2 as a component of SUSE Manager Client Tools 15-BETA POS_Image-JeOS7-0.1.1710765237.46af599-159000.3.24.2 as a component of SUSE Manager Client Tools 15-BETA ansible-2.9.27-159000.3.12.2 as a component of SUSE Manager Client Tools 15-BETA ansible-doc-2.9.27-159000.3.12.2 as a component of SUSE Manager Client Tools 15-BETA dracut-saltboot-0.1.1710765237.46af599-159000.3.33.2 as a component of SUSE Manager Client Tools 15-BETA grafana-9.5.16-159000.4.30.2 as a component of SUSE Manager Client Tools 15-BETA mgrctl-0.1.7-159000.3.8.1 as a component of SUSE Manager Client Tools 15-BETA mgrctl-bash-completion-0.1.7-159000.3.8.1 as a component of SUSE Manager Client Tools 15-BETA mgrctl-zsh-completion-0.1.7-159000.3.8.1 as a component of SUSE Manager Client Tools 15-BETA python3-spacewalk-check-5.0.4-159000.6.54.2 as a component of SUSE Manager Client Tools 15-BETA python3-spacewalk-client-setup-5.0.4-159000.6.54.2 as a component of SUSE Manager Client Tools 15-BETA python3-spacewalk-client-tools-5.0.4-159000.6.54.2 as a component of SUSE Manager Client Tools 15-BETA spacecmd-5.0.5-159000.6.48.2 as a component of SUSE Manager Client Tools 15-BETA spacewalk-check-5.0.4-159000.6.54.2 as a component of SUSE Manager Client Tools 15-BETA spacewalk-client-setup-5.0.4-159000.6.54.2 as a component of SUSE Manager Client Tools 15-BETA spacewalk-client-tools-5.0.4-159000.6.54.2 as a component of SUSE Manager Client Tools 15-BETA supportutils-plugin-susemanager-client-5.0.3-159000.6.21.2 as a component of SUSE Manager Client Tools 15-BETA golang-github-prometheus-node_exporter-1.5.0-159000.6.2.1 as a component of SUSE Manager Client Tools Beta for SLE Micro 5 mgrctl-0.1.7-159000.3.8.1 as a component of SUSE Manager Client Tools Beta for SLE Micro 5 mgrctl-bash-completion-0.1.7-159000.3.8.1 as a component of SUSE Manager Client Tools Beta for SLE Micro 5 mgrctl-zsh-completion-0.1.7-159000.3.8.1 as a component of SUSE Manager Client Tools Beta for SLE Micro 5 An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed. CVE-2016-8647 SUSE Manager Client Tools 15-BETA:POS_Image-Graphical7-0.1.1710765237.46af599-159000.3.24.2 SUSE Manager Client Tools 15-BETA:POS_Image-JeOS7-0.1.1710765237.46af599-159000.3.24.2 SUSE Manager Client Tools 15-BETA:ansible-2.9.27-159000.3.12.2 SUSE Manager Client Tools 15-BETA:ansible-doc-2.9.27-159000.3.12.2 SUSE Manager Client Tools 15-BETA:dracut-saltboot-0.1.1710765237.46af599-159000.3.33.2 SUSE Manager Client Tools 15-BETA:grafana-9.5.16-159000.4.30.2 SUSE Manager Client Tools 15-BETA:mgrctl-0.1.7-159000.3.8.1 SUSE Manager Client Tools 15-BETA:mgrctl-bash-completion-0.1.7-159000.3.8.1 SUSE Manager Client Tools 15-BETA:mgrctl-zsh-completion-0.1.7-159000.3.8.1 SUSE Manager Client Tools 15-BETA:python3-spacewalk-check-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:python3-spacewalk-client-setup-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:python3-spacewalk-client-tools-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:spacecmd-5.0.5-159000.6.48.2 SUSE Manager Client Tools 15-BETA:spacewalk-check-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:spacewalk-client-setup-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:spacewalk-client-tools-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:supportutils-plugin-susemanager-client-5.0.3-159000.6.21.2 SUSE Manager Client Tools Beta for SLE Micro 5:golang-github-prometheus-node_exporter-1.5.0-159000.6.2.1 SUSE Manager Client Tools Beta for SLE Micro 5:mgrctl-0.1.7-159000.3.8.1 SUSE Manager Client Tools Beta for SLE Micro 5:mgrctl-bash-completion-0.1.7-159000.3.8.1 SUSE Manager Client Tools Beta for SLE Micro 5:mgrctl-zsh-completion-0.1.7-159000.3.8.1 low 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N 4 AV:N/AC:L/Au:S/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241427-1/ https://www.suse.com/security/cve/CVE-2016-8647.html CVE-2016-8647 https://bugzilla.suse.com/1008038 SUSE Bug 1008038 https://bugzilla.suse.com/1010940 SUSE Bug 1010940 Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges. CVE-2016-9587 SUSE Manager Client Tools 15-BETA:POS_Image-Graphical7-0.1.1710765237.46af599-159000.3.24.2 SUSE Manager Client Tools 15-BETA:POS_Image-JeOS7-0.1.1710765237.46af599-159000.3.24.2 SUSE Manager Client Tools 15-BETA:ansible-2.9.27-159000.3.12.2 SUSE Manager Client Tools 15-BETA:ansible-doc-2.9.27-159000.3.12.2 SUSE Manager Client Tools 15-BETA:dracut-saltboot-0.1.1710765237.46af599-159000.3.33.2 SUSE Manager Client Tools 15-BETA:grafana-9.5.16-159000.4.30.2 SUSE Manager Client Tools 15-BETA:mgrctl-0.1.7-159000.3.8.1 SUSE Manager Client Tools 15-BETA:mgrctl-bash-completion-0.1.7-159000.3.8.1 SUSE Manager Client Tools 15-BETA:mgrctl-zsh-completion-0.1.7-159000.3.8.1 SUSE Manager Client Tools 15-BETA:python3-spacewalk-check-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:python3-spacewalk-client-setup-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:python3-spacewalk-client-tools-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:spacecmd-5.0.5-159000.6.48.2 SUSE Manager Client Tools 15-BETA:spacewalk-check-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:spacewalk-client-setup-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:spacewalk-client-tools-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:supportutils-plugin-susemanager-client-5.0.3-159000.6.21.2 SUSE Manager Client Tools Beta for SLE Micro 5:golang-github-prometheus-node_exporter-1.5.0-159000.6.2.1 SUSE Manager Client Tools Beta for SLE Micro 5:mgrctl-0.1.7-159000.3.8.1 SUSE Manager Client Tools Beta for SLE Micro 5:mgrctl-bash-completion-0.1.7-159000.3.8.1 SUSE Manager Client Tools Beta for SLE Micro 5:mgrctl-zsh-completion-0.1.7-159000.3.8.1 important 7.5 AV:N/AC:M/Au:S/C:P/I:C/A:P 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241427-1/ https://www.suse.com/security/cve/CVE-2016-9587.html CVE-2016-9587 https://bugzilla.suse.com/1019021 SUSE Bug 1019021 A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the module documentation. CVE-2017-7550 SUSE Manager Client Tools 15-BETA:POS_Image-Graphical7-0.1.1710765237.46af599-159000.3.24.2 SUSE Manager Client Tools 15-BETA:POS_Image-JeOS7-0.1.1710765237.46af599-159000.3.24.2 SUSE Manager Client Tools 15-BETA:ansible-2.9.27-159000.3.12.2 SUSE Manager Client Tools 15-BETA:ansible-doc-2.9.27-159000.3.12.2 SUSE Manager Client Tools 15-BETA:dracut-saltboot-0.1.1710765237.46af599-159000.3.33.2 SUSE Manager Client Tools 15-BETA:grafana-9.5.16-159000.4.30.2 SUSE Manager Client Tools 15-BETA:mgrctl-0.1.7-159000.3.8.1 SUSE Manager Client Tools 15-BETA:mgrctl-bash-completion-0.1.7-159000.3.8.1 SUSE Manager Client Tools 15-BETA:mgrctl-zsh-completion-0.1.7-159000.3.8.1 SUSE Manager Client Tools 15-BETA:python3-spacewalk-check-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:python3-spacewalk-client-setup-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:python3-spacewalk-client-tools-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:spacecmd-5.0.5-159000.6.48.2 SUSE Manager Client Tools 15-BETA:spacewalk-check-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:spacewalk-client-setup-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:spacewalk-client-tools-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:supportutils-plugin-susemanager-client-5.0.3-159000.6.21.2 SUSE Manager Client Tools Beta for SLE Micro 5:golang-github-prometheus-node_exporter-1.5.0-159000.6.2.1 SUSE Manager Client Tools Beta for SLE Micro 5:mgrctl-0.1.7-159000.3.8.1 SUSE Manager Client Tools Beta for SLE Micro 5:mgrctl-bash-completion-0.1.7-159000.3.8.1 SUSE Manager Client Tools Beta for SLE Micro 5:mgrctl-zsh-completion-0.1.7-159000.3.8.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241427-1/ https://www.suse.com/security/cve/CVE-2017-7550.html CVE-2017-7550 https://bugzilla.suse.com/1035124 SUSE Bug 1035124 https://bugzilla.suse.com/1065872 SUSE Bug 1065872 In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. CVE-2018-10874 SUSE Manager Client Tools 15-BETA:POS_Image-Graphical7-0.1.1710765237.46af599-159000.3.24.2 SUSE Manager Client Tools 15-BETA:POS_Image-JeOS7-0.1.1710765237.46af599-159000.3.24.2 SUSE Manager Client Tools 15-BETA:ansible-2.9.27-159000.3.12.2 SUSE Manager Client Tools 15-BETA:ansible-doc-2.9.27-159000.3.12.2 SUSE Manager Client Tools 15-BETA:dracut-saltboot-0.1.1710765237.46af599-159000.3.33.2 SUSE Manager Client Tools 15-BETA:grafana-9.5.16-159000.4.30.2 SUSE Manager Client Tools 15-BETA:mgrctl-0.1.7-159000.3.8.1 SUSE Manager Client Tools 15-BETA:mgrctl-bash-completion-0.1.7-159000.3.8.1 SUSE Manager Client Tools 15-BETA:mgrctl-zsh-completion-0.1.7-159000.3.8.1 SUSE Manager Client Tools 15-BETA:python3-spacewalk-check-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:python3-spacewalk-client-setup-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:python3-spacewalk-client-tools-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:spacecmd-5.0.5-159000.6.48.2 SUSE Manager Client Tools 15-BETA:spacewalk-check-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:spacewalk-client-setup-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:spacewalk-client-tools-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:supportutils-plugin-susemanager-client-5.0.3-159000.6.21.2 SUSE Manager Client Tools Beta for SLE Micro 5:golang-github-prometheus-node_exporter-1.5.0-159000.6.2.1 SUSE Manager Client Tools Beta for SLE Micro 5:mgrctl-0.1.7-159000.3.8.1 SUSE Manager Client Tools Beta for SLE Micro 5:mgrctl-bash-completion-0.1.7-159000.3.8.1 SUSE Manager Client Tools Beta for SLE Micro 5:mgrctl-zsh-completion-0.1.7-159000.3.8.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241427-1/ https://www.suse.com/security/cve/CVE-2018-10874.html CVE-2018-10874 https://bugzilla.suse.com/1097775 SUSE Bug 1097775 https://bugzilla.suse.com/1099805 SUSE Bug 1099805 https://bugzilla.suse.com/1099808 SUSE Bug 1099808 A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability. CVE-2020-14365 SUSE Manager Client Tools 15-BETA:POS_Image-Graphical7-0.1.1710765237.46af599-159000.3.24.2 SUSE Manager Client Tools 15-BETA:POS_Image-JeOS7-0.1.1710765237.46af599-159000.3.24.2 SUSE Manager Client Tools 15-BETA:ansible-2.9.27-159000.3.12.2 SUSE Manager Client Tools 15-BETA:ansible-doc-2.9.27-159000.3.12.2 SUSE Manager Client Tools 15-BETA:dracut-saltboot-0.1.1710765237.46af599-159000.3.33.2 SUSE Manager Client Tools 15-BETA:grafana-9.5.16-159000.4.30.2 SUSE Manager Client Tools 15-BETA:mgrctl-0.1.7-159000.3.8.1 SUSE Manager Client Tools 15-BETA:mgrctl-bash-completion-0.1.7-159000.3.8.1 SUSE Manager Client Tools 15-BETA:mgrctl-zsh-completion-0.1.7-159000.3.8.1 SUSE Manager Client Tools 15-BETA:python3-spacewalk-check-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:python3-spacewalk-client-setup-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:python3-spacewalk-client-tools-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:spacecmd-5.0.5-159000.6.48.2 SUSE Manager Client Tools 15-BETA:spacewalk-check-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:spacewalk-client-setup-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:spacewalk-client-tools-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:supportutils-plugin-susemanager-client-5.0.3-159000.6.21.2 SUSE Manager Client Tools Beta for SLE Micro 5:golang-github-prometheus-node_exporter-1.5.0-159000.6.2.1 SUSE Manager Client Tools Beta for SLE Micro 5:mgrctl-0.1.7-159000.3.8.1 SUSE Manager Client Tools Beta for SLE Micro 5:mgrctl-bash-completion-0.1.7-159000.3.8.1 SUSE Manager Client Tools Beta for SLE Micro 5:mgrctl-zsh-completion-0.1.7-159000.3.8.1 moderate 6.6 AV:L/AC:L/Au:N/C:N/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241427-1/ https://www.suse.com/security/cve/CVE-2020-14365.html CVE-2020-14365 https://bugzilla.suse.com/1175993 SUSE Bug 1175993 A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data. CVE-2023-5764 SUSE Manager Client Tools 15-BETA:POS_Image-Graphical7-0.1.1710765237.46af599-159000.3.24.2 SUSE Manager Client Tools 15-BETA:POS_Image-JeOS7-0.1.1710765237.46af599-159000.3.24.2 SUSE Manager Client Tools 15-BETA:ansible-2.9.27-159000.3.12.2 SUSE Manager Client Tools 15-BETA:ansible-doc-2.9.27-159000.3.12.2 SUSE Manager Client Tools 15-BETA:dracut-saltboot-0.1.1710765237.46af599-159000.3.33.2 SUSE Manager Client Tools 15-BETA:grafana-9.5.16-159000.4.30.2 SUSE Manager Client Tools 15-BETA:mgrctl-0.1.7-159000.3.8.1 SUSE Manager Client Tools 15-BETA:mgrctl-bash-completion-0.1.7-159000.3.8.1 SUSE Manager Client Tools 15-BETA:mgrctl-zsh-completion-0.1.7-159000.3.8.1 SUSE Manager Client Tools 15-BETA:python3-spacewalk-check-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:python3-spacewalk-client-setup-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:python3-spacewalk-client-tools-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:spacecmd-5.0.5-159000.6.48.2 SUSE Manager Client Tools 15-BETA:spacewalk-check-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:spacewalk-client-setup-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:spacewalk-client-tools-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:supportutils-plugin-susemanager-client-5.0.3-159000.6.21.2 SUSE Manager Client Tools Beta for SLE Micro 5:golang-github-prometheus-node_exporter-1.5.0-159000.6.2.1 SUSE Manager Client Tools Beta for SLE Micro 5:mgrctl-0.1.7-159000.3.8.1 SUSE Manager Client Tools Beta for SLE Micro 5:mgrctl-bash-completion-0.1.7-159000.3.8.1 SUSE Manager Client Tools Beta for SLE Micro 5:mgrctl-zsh-completion-0.1.7-159000.3.8.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241427-1/ https://www.suse.com/security/cve/CVE-2023-5764.html CVE-2023-5764 https://bugzilla.suse.com/1216854 SUSE Bug 1216854 A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up. CVE-2023-6152 SUSE Manager Client Tools 15-BETA:POS_Image-Graphical7-0.1.1710765237.46af599-159000.3.24.2 SUSE Manager Client Tools 15-BETA:POS_Image-JeOS7-0.1.1710765237.46af599-159000.3.24.2 SUSE Manager Client Tools 15-BETA:ansible-2.9.27-159000.3.12.2 SUSE Manager Client Tools 15-BETA:ansible-doc-2.9.27-159000.3.12.2 SUSE Manager Client Tools 15-BETA:dracut-saltboot-0.1.1710765237.46af599-159000.3.33.2 SUSE Manager Client Tools 15-BETA:grafana-9.5.16-159000.4.30.2 SUSE Manager Client Tools 15-BETA:mgrctl-0.1.7-159000.3.8.1 SUSE Manager Client Tools 15-BETA:mgrctl-bash-completion-0.1.7-159000.3.8.1 SUSE Manager Client Tools 15-BETA:mgrctl-zsh-completion-0.1.7-159000.3.8.1 SUSE Manager Client Tools 15-BETA:python3-spacewalk-check-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:python3-spacewalk-client-setup-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:python3-spacewalk-client-tools-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:spacecmd-5.0.5-159000.6.48.2 SUSE Manager Client Tools 15-BETA:spacewalk-check-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:spacewalk-client-setup-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:spacewalk-client-tools-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:supportutils-plugin-susemanager-client-5.0.3-159000.6.21.2 SUSE Manager Client Tools Beta for SLE Micro 5:golang-github-prometheus-node_exporter-1.5.0-159000.6.2.1 SUSE Manager Client Tools Beta for SLE Micro 5:mgrctl-0.1.7-159000.3.8.1 SUSE Manager Client Tools Beta for SLE Micro 5:mgrctl-bash-completion-0.1.7-159000.3.8.1 SUSE Manager Client Tools Beta for SLE Micro 5:mgrctl-zsh-completion-0.1.7-159000.3.8.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241427-1/ https://www.suse.com/security/cve/CVE-2023-6152.html CVE-2023-6152 https://bugzilla.suse.com/1219912 SUSE Bug 1219912 An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values. CVE-2024-0690 SUSE Manager Client Tools 15-BETA:POS_Image-Graphical7-0.1.1710765237.46af599-159000.3.24.2 SUSE Manager Client Tools 15-BETA:POS_Image-JeOS7-0.1.1710765237.46af599-159000.3.24.2 SUSE Manager Client Tools 15-BETA:ansible-2.9.27-159000.3.12.2 SUSE Manager Client Tools 15-BETA:ansible-doc-2.9.27-159000.3.12.2 SUSE Manager Client Tools 15-BETA:dracut-saltboot-0.1.1710765237.46af599-159000.3.33.2 SUSE Manager Client Tools 15-BETA:grafana-9.5.16-159000.4.30.2 SUSE Manager Client Tools 15-BETA:mgrctl-0.1.7-159000.3.8.1 SUSE Manager Client Tools 15-BETA:mgrctl-bash-completion-0.1.7-159000.3.8.1 SUSE Manager Client Tools 15-BETA:mgrctl-zsh-completion-0.1.7-159000.3.8.1 SUSE Manager Client Tools 15-BETA:python3-spacewalk-check-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:python3-spacewalk-client-setup-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:python3-spacewalk-client-tools-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:spacecmd-5.0.5-159000.6.48.2 SUSE Manager Client Tools 15-BETA:spacewalk-check-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:spacewalk-client-setup-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:spacewalk-client-tools-5.0.4-159000.6.54.2 SUSE Manager Client Tools 15-BETA:supportutils-plugin-susemanager-client-5.0.3-159000.6.21.2 SUSE Manager Client Tools Beta for SLE Micro 5:golang-github-prometheus-node_exporter-1.5.0-159000.6.2.1 SUSE Manager Client Tools Beta for SLE Micro 5:mgrctl-0.1.7-159000.3.8.1 SUSE Manager Client Tools Beta for SLE Micro 5:mgrctl-bash-completion-0.1.7-159000.3.8.1 SUSE Manager Client Tools Beta for SLE Micro 5:mgrctl-zsh-completion-0.1.7-159000.3.8.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241427-1/ https://www.suse.com/security/cve/CVE-2024-0690.html CVE-2024-0690 https://bugzilla.suse.com/1219002 SUSE Bug 1219002