openSUSE Local Security Checks : openSUSE Security Advisory (SUSE-SU-2024:4011-1)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.856728

Categoría: openSUSE Local Security Checks

Título: openSUSE Security Advisory (SUSE-SU-2024:4011-1)

Resumen: The remote host is missing an update for the 'SUSE Manager Client Tools' package(s) announced via the SUSE-SU-2024:4011-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'SUSE Manager Client Tools' package(s) announced via the SUSE-SU-2024:4011-1 advisory.

Vulnerability Insight:
This update fixes the following issues:

golang-github-lusitaniae-apache_exporter:

- Security issues fixed:

* CVE-2023-3978: Fixed security bug in x/net dependency (bsc#1213933)

- Other changes and issues fixed:

* Delete unpackaged debug files for RHEL
* Do not include source files in the package for RHEL 9
* Require Go 1.20 when building for RedHat derivatives
* Drop EnvironmentFile from the service definition
* Explicitly unset $ARGS environment variable. Setting environment
variables should be done in drop-in systemd configuration files.
* Drop go_nostrip macro. It is not needed with current binutils and
Go.
* Migrate from `disabled` to `manual` source service type
* Drop BuildRequires: golang-packaging
* Upgrade to version 1.0.8 (bsc#1227341)
+ Update prometheus/client_golang to version 1.19.1
+ Update x/net to version 0.23.0
* Upgrade to version 1.0.7
+ Update protobuf to version 1.33.0
+ Update prometheus/client_golang to version 1.19.0
+ Update prometheus/common to version 0.46.0
+ Standardize landing page
* Upgrade to version 1.0.6
+ Update prometheus/exporter-toolkit to version 0.11.0
+ Update prometheus/client_golang to version 1.18.0
+ Add User-Agent header
* Upgrade to version 1.0.4
+ Update x/crypto to version 0.17.0
+ Update alecthomas/kingpin/v2 to version 2.4.0
+ Update prometheus/common to version 0.45.0
* Upgrade to version 1.0.3
+ Update prometheus/client_golang to version 1.17.0
+ Update x/net 0.17.0
* Upgrade to version 1.0.1
+ Update prometheus/exporter-toolkit to version 0.10.0
+ Update prometheus/common to version 0.44.0
+ Update prometheus/client_golang to version 1.16.0

golang-github-prometheus-promu:

- Require Go >= 1.21 for building
- Packaging improvements:
* Drop export CGO_ENABLED='0'. Use the default unless there is a
defined requirement or benefit (bsc#1230623).
- Update to version 0.16.0:
* Do not discover user/host for reproducible builds
* Fix example/prometheus build error
- Update to version 0.15.0:
* Add linux/riscv64 to default platforms
* Use yaml.Unmarshalstrict to validate configuration files

spacecmd:

- Version 5.0.10-0
* Speed up softwarechannel_removepackages (bsc#1227606)
* Fix error in 'kickstart_delete' when using wildcards
(bsc#1227578)
* Spacecmd bootstrap now works with specified port (bsc#1229437)
* Fix sls backup creation as directory with spacecmd (bsc#1230745)

uyuni-common-libs:

- Version 5.0.5-0
* Enforce directory permissions at repo-sync when creating
directories (bsc#1229260)

uyuni-tools:

- version 0.1.23-0
* Ensure namespace is defined in all kubernetes commands
* Use SCC credentials to authenticate against registry.suse.com
for kubernetes (bsc#1231157)
* Fix namespace usage on mgrctl cp command
- version 0.1.22-0
* Set projectId also for test packages/images
* mgradm migration should not pull Confidential Computing and Hub
image is replicas == 0 ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'SUSE Manager Client Tools' package(s) on openSUSE Leap 15.5, openSUSE Leap 15.6.

Solution:
Please install the updated package(s).

CVSS Score:
6.4

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2023-3978
https://go.dev/cl/514896
https://go.dev/issue/61615
https://pkg.go.dev/vuln/GO-2023-1988

Copyright Copyright (C) 2024 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.856728
Categoría:	openSUSE Local Security Checks
Título:	openSUSE Security Advisory (SUSE-SU-2024:4011-1)
Resumen:	The remote host is missing an update for the 'SUSE Manager Client Tools' package(s) announced via the SUSE-SU-2024:4011-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'SUSE Manager Client Tools' package(s) announced via the SUSE-SU-2024:4011-1 advisory. Vulnerability Insight: This update fixes the following issues: golang-github-lusitaniae-apache_exporter: - Security issues fixed: * CVE-2023-3978: Fixed security bug in x/net dependency (bsc#1213933) - Other changes and issues fixed: * Delete unpackaged debug files for RHEL * Do not include source files in the package for RHEL 9 * Require Go 1.20 when building for RedHat derivatives * Drop EnvironmentFile from the service definition * Explicitly unset $ARGS environment variable. Setting environment variables should be done in drop-in systemd configuration files. * Drop go_nostrip macro. It is not needed with current binutils and Go. * Migrate from `disabled` to `manual` source service type * Drop BuildRequires: golang-packaging * Upgrade to version 1.0.8 (bsc#1227341) + Update prometheus/client_golang to version 1.19.1 + Update x/net to version 0.23.0 * Upgrade to version 1.0.7 + Update protobuf to version 1.33.0 + Update prometheus/client_golang to version 1.19.0 + Update prometheus/common to version 0.46.0 + Standardize landing page * Upgrade to version 1.0.6 + Update prometheus/exporter-toolkit to version 0.11.0 + Update prometheus/client_golang to version 1.18.0 + Add User-Agent header * Upgrade to version 1.0.4 + Update x/crypto to version 0.17.0 + Update alecthomas/kingpin/v2 to version 2.4.0 + Update prometheus/common to version 0.45.0 * Upgrade to version 1.0.3 + Update prometheus/client_golang to version 1.17.0 + Update x/net 0.17.0 * Upgrade to version 1.0.1 + Update prometheus/exporter-toolkit to version 0.10.0 + Update prometheus/common to version 0.44.0 + Update prometheus/client_golang to version 1.16.0 golang-github-prometheus-promu: - Require Go >= 1.21 for building - Packaging improvements: * Drop export CGO_ENABLED='0'. Use the default unless there is a defined requirement or benefit (bsc#1230623). - Update to version 0.16.0: * Do not discover user/host for reproducible builds * Fix example/prometheus build error - Update to version 0.15.0: * Add linux/riscv64 to default platforms * Use yaml.Unmarshalstrict to validate configuration files spacecmd: - Version 5.0.10-0 * Speed up softwarechannel_removepackages (bsc#1227606) * Fix error in 'kickstart_delete' when using wildcards (bsc#1227578) * Spacecmd bootstrap now works with specified port (bsc#1229437) * Fix sls backup creation as directory with spacecmd (bsc#1230745) uyuni-common-libs: - Version 5.0.5-0 * Enforce directory permissions at repo-sync when creating directories (bsc#1229260) uyuni-tools: - version 0.1.23-0 * Ensure namespace is defined in all kubernetes commands * Use SCC credentials to authenticate against registry.suse.com for kubernetes (bsc#1231157) * Fix namespace usage on mgrctl cp command - version 0.1.22-0 * Set projectId also for test packages/images * mgradm migration should not pull Confidential Computing and Hub image is replicas == 0 ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'SUSE Manager Client Tools' package(s) on openSUSE Leap 15.5, openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2023-3978 https://go.dev/cl/514896 https://go.dev/issue/61615 https://pkg.go.dev/vuln/GO-2023-1988
Copyright	Copyright (C) 2024 Greenbone AG