openSUSE 15 Security Update : SUSE Manager Client Tools (SUSE-SU-2024:3267-1)

medium Nessus Plugin ID 207375

Language:

Synopsis

The remote openSUSE host is missing one or more security updates.

Description

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3267-1 advisory.

golang-github-prometheus-prometheus:

- Security issues fixed:

* CVE-2024-6104: Update go-retryablehttp to version 0.7.7 (bsc#1227038)
* CVE-2023-45142: Updated otelhttp to version 0.46.1 (bsc#1228556)

- Require Go > 1.20 for building
- Migrate from `disabled` to `manual` service mode
- Update to 2.45.6 (jsc#PED-3577):
* Security fixes in dependencies
- Update to 2.45.5:
* [BUGFIX] tsdb/agent: ensure that new series get written to WAL on rollback.
* [BUGFIX] Remote write: Avoid a race condition when applying configuration.
- Update to 2.45.4:
* [BUGFIX] Remote read: Release querier resources before encoding the results.
- Update to 2.45.3:
* [BUGFIX] TSDB: Remove double memory snapshot on shutdown.
- Update to 2.45.2:
* [BUGFIX] TSDB: Fix PostingsForMatchers race with creating new series.
- Update to 2.45.1:
* [ENHANCEMENT] Hetzner SD: Support larger ID's that will be used by Hetzner in September.
* [BUGFIX] Linode SD: Cast InstanceSpec values to int64 to avoid overflows on 386 architecture.
* [BUGFIX] TSDB: Handle TOC parsing failures.

rhnlib:

- Version 5.0.4-0
* Add the old TLS code for very old traditional clients still on python 2.7 (bsc#1228198)

spacecmd:

- Version 5.0.9-0
* Update translation strings

uyuni-tools:

- Version 0.1.21-0
* mgrpxy: Fix typo on Systemd template
- Version 0.1.20-0
* Update the push tag to 5.0.1
* mgrpxy: expose port on IPv6 network (bsc#1227951)
- Version 0.1.19-0
* Skip updating Tomcat remote debug if conf file is not present
- Version 0.1.18-0
* Setup Confidential Computing container during migration (bsc#1227588)
* Add the /etc/uyuni/uyuni-tools.yaml path to the config help
* Split systemd config files to not loose configuration at upgrade (bsc#1227718)
* Use the same logic for image computation in mgradm and mgrpxy (bsc#1228026)
* Allow building with different Helm and container default registry paths (bsc#1226191)
* Fix recursion in mgradm upgrade podman list --help
* Setup hub xmlrpc API service in migration to Podman (bsc#1227588)
* Setup disabled hub xmlrpc API service in all cases (bsc#1227584)
* Clean the inspection code to make it faster
* Properly detect IPv6 enabled on Podman network (bsc#1224349)
* Fix the log file path generation
* Write scripts output to uyuni-tools.log file
* Add uyuni-hubxml-rpc to the list of values in mgradm scale --help
* Use path in mgradm support sql file input (bsc#1227505)
* On Ubuntu build with go1.21 instead of go1.20
* Enforce Cobbler setup (bsc#1226847)
* Expose port on IPv6 network (bsc#1227951)
* show output of podman image search --list-tags command
* Implement mgrpxy support config command
* During migration, ignore /etc/sysconfig/tomcat and /etc/tomcat/tomcat.conf (bsc#1228183)
* During migration, remove java.annotation,com.sun.xml.bind and UseConcMarkSweepGC settings
* Disable node exporter port for Kubernetes
* Fix start, stop and restart in Kubernetes
* Increase start timeout in Kubernetes
* Fix traefik query
* Fix password entry usability (bsc#1226437)
* Add --prepare option to migrate command
* Fix random error during installation of CA certificate (bsc#1227245)
* Clarify and fix distro name guessing when not provided (bsc#1226284)
* Replace not working Fatal error by plain error return (bsc#1220136)
* Allow server installation with preexisting storage volumes
* Do not report error when purging mounted volume (bsc#1225349)
* Preserve PAGER settings from the host for interactive sql usage (bsc#1226914)
* Add mgrpxy command to clear the Squid cache
* Use local images for Confidential Computing and Hub containers (bsc#1227586)
- Version 0.1.17-0
* Allow GPG files to be loaded from the local file (bsc#1227195)
- Version 0.1.16-0
* Prefer local images in all migration steps (bsc#1227244)
- Version 0.1.15-0
* Define --registry flag behaviour (bsc#1226793)
- Version 0.1.14-0
* Do not rely on hardcoded registry, remove any FQDN
- Version 0.1.13-0
* Fix mgradm support config tarball creation (bsc#1226759)
- Version 0.1.12-0
* Detection of k8s on Proxy was wrongly influenced by Server setting

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected spacecmd package.

See Also

https://bugzilla.suse.com/1220136

https://bugzilla.suse.com/1224349

https://bugzilla.suse.com/1225349

https://bugzilla.suse.com/1226191

https://bugzilla.suse.com/1226284

https://bugzilla.suse.com/1226437

https://bugzilla.suse.com/1226759

https://bugzilla.suse.com/1226793

https://bugzilla.suse.com/1226847

https://bugzilla.suse.com/1226914

https://bugzilla.suse.com/1227038

https://bugzilla.suse.com/1227195

https://bugzilla.suse.com/1227244

https://bugzilla.suse.com/1227245

https://bugzilla.suse.com/1227505

https://bugzilla.suse.com/1227584

https://bugzilla.suse.com/1227586

https://bugzilla.suse.com/1227588

https://bugzilla.suse.com/1227718

https://bugzilla.suse.com/1227951

https://bugzilla.suse.com/1228026

https://bugzilla.suse.com/1228183

https://bugzilla.suse.com/1228198

https://bugzilla.suse.com/1228556

http://www.nessus.org/u?3f41ff3c

https://www.suse.com/security/cve/CVE-2023-45142

https://www.suse.com/security/cve/CVE-2024-6104

Plugin Details

Severity: Medium

ID: 207375

File Name: suse_SU-2024-3267-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 9/18/2024

Updated: 9/18/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:N/A:N

CVSS Score Source: CVE-2024-6104

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 9/17/2024

Vulnerability Publication Date: 10/12/2023

Reference Information

CVE: CVE-2023-45142, CVE-2024-6104

SuSE: SUSE-SU-2024:3267-1