Описание
Security update for SUSE Manager Client Tools
This update fixes the following issues:
python-tornado:
- Security fixes:
- CVE-2023-28370: Fixed an open redirect issue in the static file handler (bsc#1211741)
kiwi-desc-saltboot:
- Update to version 0.1.1687520761.cefb248
- Add osimage cert package to bootstrap for SUSE Linux Enterprise 12 images (bsc#1204089)
prometheus-blackbox_exporter:
- Use obscpio for go modules service
- Set version number
- Set build date from SOURCE_DATE_EPOCH
- Update to 0.24.0 (bsc#1212279, jsc#PED-4556)
- Requires go1.19
- Avoid empty validation script
- Add rc symlink for backwards compatibility
spacecmd:
- Version 4.3.22-1
- Bypass traditional systems check on older SUMA instances (bsc#1208612)
Список пакетов
SUSE Linux Enterprise Module for Advanced Systems Management 12
python-tornado-4.2.1-17.7.1
python3-tornado-4.2.1-17.7.1
SUSE Manager Client Tools 12
kiwi-desc-saltboot-0.1.1687520761.cefb248-1.35.2
prometheus-blackbox_exporter-0.24.0-1.20.3
python-tornado-4.2.1-17.7.1
python3-tornado-4.2.1-17.7.1
spacecmd-4.3.22-38.124.3
Ссылки
- Link for SUSE-SU-2023:3122-1
- E-Mail link for SUSE-SU-2023:3122-1
- SUSE Security Ratings
- SUSE Bug 1204089
- SUSE Bug 1208612
- SUSE Bug 1211741
- SUSE Bug 1212279
- SUSE CVE CVE-2023-28370 page
Описание
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
Затронутые продукты
SUSE Linux Enterprise Module for Advanced Systems Management 12:python-tornado-4.2.1-17.7.1
SUSE Linux Enterprise Module for Advanced Systems Management 12:python3-tornado-4.2.1-17.7.1
SUSE Manager Client Tools 12:kiwi-desc-saltboot-0.1.1687520761.cefb248-1.35.2
SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.24.0-1.20.3
Ссылки
- CVE-2023-28370
- SUSE Bug 1211741