SUSE SLES15 Security Update : SUSE Manager Server 4.3 (SUSE-SU-2024:0485-1)

high Nessus Plugin ID 190654

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0485-1 advisory.

- jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less. (CVE-2023-31582)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1170848

https://bugzilla.suse.com/1210911

https://bugzilla.suse.com/1211254

https://bugzilla.suse.com/1211560

https://bugzilla.suse.com/1211912

https://bugzilla.suse.com/1213079

https://bugzilla.suse.com/1213507

https://bugzilla.suse.com/1215810

https://bugzilla.suse.com/1215813

https://bugzilla.suse.com/1215982

https://bugzilla.suse.com/1216114

https://bugzilla.suse.com/1216394

https://bugzilla.suse.com/1216437

https://bugzilla.suse.com/1216550

https://bugzilla.suse.com/1216609

https://bugzilla.suse.com/1216657

https://bugzilla.suse.com/1216753

https://bugzilla.suse.com/1216781

https://bugzilla.suse.com/1216988

https://bugzilla.suse.com/1217069

https://bugzilla.suse.com/1217209

https://bugzilla.suse.com/1217588

https://bugzilla.suse.com/1217784

https://bugzilla.suse.com/1217869

https://bugzilla.suse.com/1218019

https://bugzilla.suse.com/1218074

https://bugzilla.suse.com/1218075

https://bugzilla.suse.com/1218089

https://bugzilla.suse.com/1218094

https://bugzilla.suse.com/1218146

https://bugzilla.suse.com/1218490

https://bugzilla.suse.com/1218615

https://bugzilla.suse.com/1218669

https://bugzilla.suse.com/1218837

https://bugzilla.suse.com/1218849

https://bugzilla.suse.com/1219151

https://bugzilla.suse.com/1219449

https://bugzilla.suse.com/1219577

https://bugzilla.suse.com/1219850

http://www.nessus.org/u?62e9cede

https://www.suse.com/security/cve/CVE-2023-31582

https://www.suse.com/security/cve/CVE-2023-32189

https://bugzilla.suse.com/1213738

https://bugzilla.suse.com/1213981

https://bugzilla.suse.com/1214077

https://bugzilla.suse.com/1214791

https://bugzilla.suse.com/1215166

https://bugzilla.suse.com/1215514

https://bugzilla.suse.com/1215769

Plugin Details

Severity: High

ID: 190654

File Name: suse_SU-2024-0485-1.nasl

Version: 1.0

Type: local

Agent: unix

Published: 2/17/2024

Updated: 2/17/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N

CVSS Score Source: CVE-2023-31582

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:saltboot-formula, p-cpe:/a:novell:suse_linux:spacewalk-base-minimal-config, p-cpe:/a:novell:suse_linux:patterns-suma_retail, p-cpe:/a:novell:suse_linux:subscription-matcher, p-cpe:/a:novell:suse_linux:susemanager-sls, p-cpe:/a:novell:suse_linux:python3-spacewalk-certs-tools, p-cpe:/a:novell:suse_linux:patterns-suma_server, p-cpe:/a:novell:suse_linux:spacewalk-base-minimal, p-cpe:/a:novell:suse_linux:spacewalk-utils-extras, p-cpe:/a:novell:suse_linux:spacewalk-backend-iss-export, p-cpe:/a:novell:suse_linux:spacewalk-java-postgresql, p-cpe:/a:novell:suse_linux:susemanager-schema-utility, p-cpe:/a:novell:suse_linux:python3-spacewalk-client-tools, p-cpe:/a:novell:suse_linux:spacewalk-html, p-cpe:/a:novell:suse_linux:spacewalk-java-config, p-cpe:/a:novell:suse_linux:spacewalk-certs-tools, p-cpe:/a:novell:suse_linux:spacecmd, p-cpe:/a:novell:suse_linux:spacewalk-backend-app, p-cpe:/a:novell:suse_linux:inter-server-sync, p-cpe:/a:novell:suse_linux:susemanager-schema, p-cpe:/a:novell:suse_linux:cobbler, p-cpe:/a:novell:suse_linux:spacewalk-backend-tools, p-cpe:/a:novell:suse_linux:susemanager-docs_en, p-cpe:/a:novell:suse_linux:spacewalk-setup, p-cpe:/a:novell:suse_linux:spacewalk-backend-config-files, p-cpe:/a:novell:suse_linux:spacewalk-backend-xml-export-libs, p-cpe:/a:novell:suse_linux:supportutils-plugin-susemanager, p-cpe:/a:novell:suse_linux:grafana-formula, p-cpe:/a:novell:suse_linux:spacewalk-base, p-cpe:/a:novell:suse_linux:susemanager-build-keys, p-cpe:/a:novell:suse_linux:susemanager-tools, p-cpe:/a:novell:suse_linux:jose4j, p-cpe:/a:novell:suse_linux:spacewalk-backend-iss, p-cpe:/a:novell:suse_linux:spacewalk-backend-applet, p-cpe:/a:novell:suse_linux:spacewalk-backend-server, p-cpe:/a:novell:suse_linux:susemanager-docs_en-pdf, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:uyuni-config-modules, p-cpe:/a:novell:suse_linux:spacewalk-backend-xmlrpc, p-cpe:/a:novell:suse_linux:spacewalk-taskomatic, p-cpe:/a:novell:suse_linux:spacewalk-backend, p-cpe:/a:novell:suse_linux:spacewalk-backend-config-files-common, p-cpe:/a:novell:suse_linux:spacewalk-client-tools, p-cpe:/a:novell:suse_linux:spacewalk-java, p-cpe:/a:novell:suse_linux:prometheus-postgres_exporter, p-cpe:/a:novell:suse_linux:spacewalk-utils, p-cpe:/a:novell:suse_linux:liberate-formula, p-cpe:/a:novell:suse_linux:susemanager-sync-data, p-cpe:/a:novell:suse_linux:susemanager-build-keys-web, p-cpe:/a:novell:suse_linux:prometheus-formula, p-cpe:/a:novell:suse_linux:spacewalk-backend-config-files-tool, p-cpe:/a:novell:suse_linux:uyuni-reportdb-schema, p-cpe:/a:novell:suse_linux:spacewalk-backend-sql, p-cpe:/a:novell:suse_linux:spacewalk-java-lib, p-cpe:/a:novell:suse_linux:susemanager, p-cpe:/a:novell:suse_linux:spacewalk-backend-package-push-server, p-cpe:/a:novell:suse_linux:spacewalk-backend-sql-postgresql

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2/15/2024

Vulnerability Publication Date: 10/25/2023

Reference Information

CVE: CVE-2023-31582, CVE-2023-32189

SuSE: SUSE-SU-2024:0485-1