SUSE-SU-2023:3144-1

Опубликовано: 02 авг. 2023

Источник: suse-cvrf

Описание

Security update for SUSE Manager Client Tools

This update fixes the following issues:

python-tornado:

Security fixes:
- CVE-2023-28370: Fixed an open redirect issue in the static file handler (bsc#1211741)

prometheus-blackbox_exporter:

Use obscpio for go modules service
Set version number
Set build date from SOURCE_DATE_EPOCH
Update to 0.24.0 (bsc#1212279, jsc#PED-4556)
- Requires go1.19
Avoid empty validation script
Add rc symlink for backwards compatibility

spacecmd:

Version 4.3.22-1
- Bypass traditional systems check on older SUMA instances (bsc#1208612)

Список пакетов

Container ses/7.1/ceph/prometheus-alertmanager:latest

system-user-prometheus-1.0.0-150000.10.1

Container ses/7.1/ceph/prometheus-server:latest

system-user-prometheus-1.0.0-150000.10.1

Container ses/7.1/ceph/prometheus-snmp_notifier:latest

system-user-prometheus-1.0.0-150000.10.1

Container suse/manager/5.0/x86_64/server:latest

system-user-prometheus-1.0.0-150000.10.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure

python3-tornado-4.5.3-150000.3.6.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM

python3-tornado-4.5.3-150000.3.6.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE

python3-tornado-4.5.3-150000.3.6.1

Image server-image

system-user-prometheus-1.0.0-150000.10.1

SUSE Enterprise Storage 7

python2-tornado-4.5.3-150000.3.6.1

python3-tornado-4.5.3-150000.3.6.1

SUSE Enterprise Storage 7.1

python3-tornado-4.5.3-150000.3.6.1

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

python2-tornado-4.5.3-150000.3.6.1

python3-tornado-4.5.3-150000.3.6.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

python2-tornado-4.5.3-150000.3.6.1

python3-tornado-4.5.3-150000.3.6.1

SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS

python3-tornado-4.5.3-150000.3.6.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

python3-tornado-4.5.3-150000.3.6.1

SUSE Linux Enterprise Micro 5.2

python3-tornado-4.5.3-150000.3.6.1

SUSE Linux Enterprise Micro 5.3

python3-tornado-4.5.3-150000.3.6.1

SUSE Linux Enterprise Micro 5.4

python3-tornado-4.5.3-150000.3.6.1

SUSE Linux Enterprise Module for Basesystem 15 SP4

python3-tornado-4.5.3-150000.3.6.1

SUSE Linux Enterprise Module for Basesystem 15 SP5

python3-tornado-4.5.3-150000.3.6.1

SUSE Linux Enterprise Real Time 15 SP3

python3-tornado-4.5.3-150000.3.6.1

SUSE Linux Enterprise Server 15 SP1-LTSS

python2-tornado-4.5.3-150000.3.6.1

python3-tornado-4.5.3-150000.3.6.1

SUSE Linux Enterprise Server 15 SP2-LTSS

python2-tornado-4.5.3-150000.3.6.1

python3-tornado-4.5.3-150000.3.6.1

SUSE Linux Enterprise Server 15 SP3-LTSS

python3-tornado-4.5.3-150000.3.6.1

SUSE Linux Enterprise Server for SAP Applications 15 SP1

python2-tornado-4.5.3-150000.3.6.1

python3-tornado-4.5.3-150000.3.6.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

python2-tornado-4.5.3-150000.3.6.1

python3-tornado-4.5.3-150000.3.6.1

SUSE Linux Enterprise Server for SAP Applications 15 SP3

python3-tornado-4.5.3-150000.3.6.1

SUSE Manager Client Tools 15

prometheus-blackbox_exporter-0.24.0-150000.1.20.2

spacecmd-4.3.22-150000.3.101.1

system-user-prometheus-1.0.0-150000.10.1

SUSE Manager Client Tools for SLE Micro 5

prometheus-blackbox_exporter-0.24.0-150000.1.20.2

system-user-prometheus-1.0.0-150000.10.1

SUSE Manager Proxy 4.2

python3-tornado-4.5.3-150000.3.6.1

SUSE Manager Proxy Module 4.2

prometheus-blackbox_exporter-0.24.0-150000.1.20.2

system-user-prometheus-1.0.0-150000.10.1

SUSE Manager Proxy Module 4.3

prometheus-blackbox_exporter-0.24.0-150000.1.20.2

system-user-prometheus-1.0.0-150000.10.1

SUSE Manager Server 4.2

python2-tornado-4.5.3-150000.3.6.1

python3-tornado-4.5.3-150000.3.6.1

SUSE Manager Server Module 4.2

system-user-prometheus-1.0.0-150000.10.1

SUSE Manager Server Module 4.3

system-user-prometheus-1.0.0-150000.10.1

openSUSE Leap 15.4

prometheus-blackbox_exporter-0.24.0-150000.1.20.2

python3-tornado-4.5.3-150000.3.6.1

spacecmd-4.3.22-150000.3.101.1

system-user-prometheus-1.0.0-150000.10.1

openSUSE Leap 15.5

prometheus-blackbox_exporter-0.24.0-150000.1.20.2

python3-tornado-4.5.3-150000.3.6.1

spacecmd-4.3.22-150000.3.101.1

system-user-prometheus-1.0.0-150000.10.1

openSUSE Leap Micro 5.3

python3-tornado-4.5.3-150000.3.6.1

openSUSE Leap Micro 5.4

python3-tornado-4.5.3-150000.3.6.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20233144-1/
Link for SUSE-SU-2023:3144-1
https://lists.suse.com/pipermail/sle-security-updates/2023-August/015736.html
E-Mail link for SUSE-SU-2023:3144-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1208612
SUSE Bug 1208612
https://bugzilla.suse.com/1211741
SUSE Bug 1211741
https://bugzilla.suse.com/1212279
SUSE Bug 1212279
https://www.suse.com/security/cve/CVE-2023-28370/
SUSE CVE CVE-2023-28370 page

Описание

Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.

Затронутые продукты

Container ses/7.1/ceph/prometheus-alertmanager:latest:system-user-prometheus-1.0.0-150000.10.1

Container ses/7.1/ceph/prometheus-server:latest:system-user-prometheus-1.0.0-150000.10.1

Container ses/7.1/ceph/prometheus-snmp_notifier:latest:system-user-prometheus-1.0.0-150000.10.1

Container suse/manager/5.0/x86_64/server:latest:system-user-prometheus-1.0.0-150000.10.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-28370.html
CVE-2023-28370
https://bugzilla.suse.com/1211741
SUSE Bug 1211741

SUSE-SU-2023:3144-1

Описание

Список пакетов

Container ses/7.1/ceph/prometheus-alertmanager:latest

Container ses/7.1/ceph/prometheus-server:latest

Container ses/7.1/ceph/prometheus-snmp_notifier:latest

Container suse/manager/5.0/x86_64/server:latest

Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure

Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM

Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE

Image server-image

SUSE Enterprise Storage 7

SUSE Enterprise Storage 7.1

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

SUSE Linux Enterprise Micro 5.2

SUSE Linux Enterprise Micro 5.3

SUSE Linux Enterprise Micro 5.4

SUSE Linux Enterprise Module for Basesystem 15 SP4

SUSE Linux Enterprise Module for Basesystem 15 SP5

SUSE Linux Enterprise Real Time 15 SP3

SUSE Linux Enterprise Server 15 SP1-LTSS

SUSE Linux Enterprise Server 15 SP2-LTSS

SUSE Linux Enterprise Server 15 SP3-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

SUSE Linux Enterprise Server for SAP Applications 15 SP3

SUSE Manager Client Tools 15

SUSE Manager Client Tools for SLE Micro 5

SUSE Manager Proxy 4.2

SUSE Manager Proxy Module 4.2

SUSE Manager Proxy Module 4.3

SUSE Manager Server 4.2

SUSE Manager Server Module 4.2

SUSE Manager Server Module 4.3

openSUSE Leap 15.4

openSUSE Leap 15.5

openSUSE Leap Micro 5.3

openSUSE Leap Micro 5.4

Ссылки

Уязвимость: CVE-2023-28370

Описание

Затронутые продукты

Ссылки