Bugzilla – Bug 1197417
VUL-0: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941: salt: 3002.8,3004.1 release
Last modified: 2024-06-18 12:00:59 UTC
Created attachment 857281 [details] 0001-3002.8-CVE-release.patch 0001-3002.8-CVE-release.patch
Created attachment 857282 [details] 0001-3004.1-CVE-release.patch 0001-3004.1-CVE-release.patch
CRD: 2022-03-28
@Robert, submission for Debian9 as well. Neither the maintainers or myself remembered that Debian9 uses Salt 3000 as well, same as SLE12 and RES7: https://build.suse.de/request/show/268504
(In reply to Raúl Osuna from comment #18) > Created attachment 857437 [details] > TID draft v2 > > Sending a new amended version for review, please validate in order to > proceed further with other needed validations within Support. - I think we should mention all SUSE SLE15 family (SLE Micro included) and not only SLES15. - (at the end of "situation"): You mentioned that salt minion service refused to start. This not true. The service is started and running but not being able to authenticate with master. - (in "resolution"): The salt master service does not require to be restarted after upgrading, it is automatically restarted. - (in "resolution"): we do not need to restart the salt minion service when the salt master is upgraded. After fixing the above issues I would double check the whole "resolution" part to see if it is consistent now, maybe we need to reword it after adding the fixes. Thanks in advance!
It should all be 2022 cves. CVE-2022-22934 CVE-2022-22935 CVE-2022-22936 CVE-2022-22941
public via [0]: Salt Security Advisory Release The Salt Project released a security update to Salt to address 4 vulnerabilities with a severity rating of Medium to High. We strongly recommend prioritizing this update. This is a security advisory release. The following CVEs were fixed as part of this release: CVE Details CVE-2022-22934 Description: Salt Masters do not sign pillar data with the minion’s public key. Impact: Attackers can substitute arbitrary pillar data. Solution: Salt masters include the minion’s id in pillar data responses and then sign the response with the master’s private key. Minions also include a nonce in pillar requests so pillar replies cannot be re-played. How to Mitigate: Upgrade to 3002.8, 3003.4, or 3004.1 NOTE: When upgrading your Salt infrastructure, first upgrade your Salt master packages before upgrading your Salt minion packages. Upgrading the minion packages first could result in loss of functionality. Attribution: Lenka Mareková <lenka@cloudflare.com> Severity Rating: 7.5 (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) CVE-2022-22935 Description: Minion authentication denial of service. Impact: A MiTM attacker can force a minion process to stop by impersonating a master. Solution: Minions include a nonce in their authentication requests and masters include the nonce in a reply signed with the master’s private key. How to Mitigate: Upgrade to 3002.8, 3003.4, or 3004.1. Pre-seed the master’s public key on minions. NOTE: When upgrading your Salt infrastructure, first upgrade your Salt master packages before upgrading your Salt minion packages. Upgrading the minion packages first could result in loss of functionality. Attribution: Lenka Mareková <lenka@cloudflare.com> Severity Rating: 6.5 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVE-2022-22936 Description: Job publishes and file server replies are susceptible to replay attacks. Impact: An attacker can re-play job publishes causing minions to run old jobs. File server replies can also be re-played. A sufficient craft attacker could gain root access on minion under certain scenarios. Solution: Minions include a nonce in their file server requests. Masters include the nonce in their replies and sign them with the master’s private key. How to Mitigate: Upgrade to 3002.8, 3003.4, or 3004.1 NOTE: When upgrading your Salt infrastructure, first upgrade your Salt master packages before upgrading your Salt minion packages. Upgrading the minion packages first could result in loss of functionality. Attribution: Lenka Mareková <lenka@cloudflare.com> Severity Rating: 7.5 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVE-2022-22941 Impact: This requires a syndic master combined with publisher_acl configured on the Master-of-Masters, allowing users specified in the publisher_acl to bypass permissions, publishing authorized commands to any configured minion. Description: When configured as a Master-of-Masters, with a publisher_acl, if a user configured in the publisher_acl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid, allowing configured users to target any of the minions connected to the syndic with their configured commands. Solution: The code has been modified to correctly treat an empty list of targets as completely invalid, and the user will correctly be given an error message. How to Mitigate: Upgrade the Salt Master-of-Masters to the latest version of salt software. How to mitigate: Upgrade the Salt Master-of-Masters to 3002.8, 3003.4 or 3004.1 NOTE: When upgrading your Salt infrastructure, first upgrade your Salt master packages before upgrading your Salt minion packages. Upgrading the minion packages first could result in loss of functionality. Attribution: https://github.com/bzukdatto Severity Rating: 7.5 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) [0] https://saltproject.io/security_announcements/salt-security-advisory-release/
After successful testing, approved all requests for qam-manager, including release notes.
This released security patch caused this problem https://bugzilla.suse.com/show_bug.cgi?id=1197765 and cannot be applied because some needed dependencies are missing.
SUSE-SU-2022:1060-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1197417 CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 JIRA References: Sources used: SUSE Manager Server 4.1 (src): salt-3002.2-150200.58.1 SUSE Manager Retail Branch Server 4.1 (src): salt-3002.2-150200.58.1 SUSE Manager Proxy 4.1 (src): salt-3002.2-150200.58.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): salt-3002.2-150200.58.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): salt-3002.2-150200.58.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): salt-3002.2-150200.58.1 SUSE Linux Enterprise Realtime Extension 15-SP2 (src): salt-3002.2-150200.58.1 SUSE Linux Enterprise Micro 5.0 (src): salt-3002.2-150200.58.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): salt-3002.2-150200.58.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): salt-3002.2-150200.58.1 SUSE Enterprise Storage 7 (src): salt-3002.2-150200.58.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1057-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1197417 CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15 (src): salt-3002.2-150000.8.41.26.1 SUSE Linux Enterprise Server 15-LTSS (src): salt-3002.2-150000.8.41.26.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): salt-3002.2-150000.8.41.26.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): salt-3002.2-150000.8.41.26.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1059-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1197417 CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 JIRA References: Sources used: SUSE Linux Enterprise Module for Transactional Server 15-SP3 (src): salt-3002.2-150300.53.10.1 SUSE Linux Enterprise Module for Server Applications 15-SP3 (src): salt-3002.2-150300.53.10.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): salt-3002.2-150300.53.10.1 SUSE Linux Enterprise Micro 5.1 (src): salt-3002.2-150300.53.10.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1056-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1197417 CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 JIRA References: Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1049-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1197417 CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 JIRA References: Sources used: SUSE Manager Server 4.1 (src): release-notes-susemanager-4.1.14.1-150200.3.77.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1058-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1197417 CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15-SP1 (src): salt-3002.2-150100.57.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): salt-3002.2-150100.57.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): salt-3002.2-150100.57.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): salt-3002.2-150100.57.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): salt-3002.2-150100.57.1 SUSE Enterprise Storage 6 (src): salt-3002.2-150100.57.1 SUSE CaaS Platform 4.0 (src): salt-3002.2-150100.57.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1050-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1197417 CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 JIRA References: Sources used: SUSE Manager Server 4.2 (src): release-notes-susemanager-4.2.5.1-150300.3.34.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:14932-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1197417 CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 JIRA References: Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2022:1059-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1197417 CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 JIRA References: Sources used: openSUSE Leap 15.3 (src): salt-3002.2-150300.53.10.1
SUSE-SU-2022:1048-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1197417 CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 JIRA References: Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:14933-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1197417 CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 JIRA References: Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1051-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1197417 CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 JIRA References: Sources used: SUSE Manager Tools 12 (src): salt-3000-58.1 SUSE Linux Enterprise Module for Advanced Systems Management 12 (src): salt-3000-58.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
This is an autogenerated message for OBS integration: This bug (1197417) was mentioned in https://build.opensuse.org/request/show/966156 Factory / salt
This is an autogenerated message for OBS integration: This bug (1197417) was mentioned in https://build.opensuse.org/request/show/966247 Factory / salt
SUSE-RU-2022:14945-1: An update that solves four vulnerabilities, contains one feature and has 5 fixes is now available. Category: recommended (important) Bug References: 1182851,1194363,1194632,1194909,1196050,1196432,1197417,1197533,1197637 CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 JIRA References: ECO-3319 Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-RU-2022:1385-1: An update that solves four vulnerabilities and has three fixes is now available. Category: recommended (important) Bug References: 1182851,1194632,1196050,1196432,1197417,1197533,1197637 CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15 (src): salt-3002.2-150000.8.41.32.1 SUSE Linux Enterprise Server 15-LTSS (src): salt-3002.2-150000.8.41.32.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): salt-3002.2-150000.8.41.32.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): salt-3002.2-150000.8.41.32.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-RU-2022:1389-1: An update that solves four vulnerabilities and has three fixes is now available. Category: recommended (important) Bug References: 1182851,1194632,1196050,1196432,1197417,1197533,1197637 CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15-SP1 (src): salt-3002.2-150100.63.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): salt-3002.2-150100.63.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): salt-3002.2-150100.63.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): salt-3002.2-150100.63.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): salt-3002.2-150100.63.1 SUSE Enterprise Storage 6 (src): salt-3002.2-150100.63.1 SUSE CaaS Platform 4.0 (src): salt-3002.2-150100.63.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-RU-2022:14946-1: An update that solves four vulnerabilities, contains one feature and has 5 fixes is now available. Category: recommended (important) Bug References: 1182851,1194363,1194632,1194909,1196050,1196432,1197417,1197533,1197637 CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 JIRA References: ECO-3319 Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-RU-2022:1384-1: An update that fixes four vulnerabilities is now available. Category: recommended (moderate) Bug References: 1194632,1195221,1196050,1197417 CVE References: CVE-2020-22935,CVE-2022-22934,CVE-2022-22936,CVE-2022-22941 JIRA References: Sources used: SUSE Manager Tools 12 (src): salt-3000-62.1 SUSE Linux Enterprise Module for Advanced Systems Management 12 (src): salt-3000-62.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-RU-2022:1388-1: An update that solves four vulnerabilities, contains one feature and has two fixes is now available. Category: recommended (moderate) Bug References: 1194363,1194632,1194909,1195221,1196050,1197417 CVE References: CVE-2020-22935,CVE-2022-22934,CVE-2022-22936,CVE-2022-22941 JIRA References: ECO-3319 Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-RU-2022:1392-1: An update that solves four vulnerabilities and has three fixes is now available. Category: recommended (important) Bug References: 1182851,1194632,1196050,1196432,1197417,1197533,1197637 CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 JIRA References: Sources used: SUSE Manager Server 4.1 (src): salt-3002.2-150200.64.1 SUSE Manager Retail Branch Server 4.1 (src): salt-3002.2-150200.64.1 SUSE Manager Proxy 4.1 (src): salt-3002.2-150200.64.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): salt-3002.2-150200.64.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): salt-3002.2-150200.64.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): salt-3002.2-150200.64.1 SUSE Linux Enterprise Realtime Extension 15-SP2 (src): salt-3002.2-150200.64.1 SUSE Linux Enterprise Micro 5.0 (src): salt-3002.2-150200.64.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): salt-3002.2-150200.64.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): salt-3002.2-150200.64.1 SUSE Enterprise Storage 7 (src): salt-3002.2-150200.64.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-RU-2022:1386-1: An update that solves four vulnerabilities, contains one feature and has 5 fixes is now available. Category: recommended (important) Bug References: 1182851,1194363,1194632,1194909,1196050,1196432,1197417,1197533,1197637 CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 JIRA References: ECO-3319 Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-RU-2022:1391-1: An update that solves four vulnerabilities and has three fixes is now available. Category: recommended (important) Bug References: 1182851,1194632,1196050,1196432,1197417,1197533,1197637 CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 JIRA References: Sources used: openSUSE Leap 15.3 (src): salt-3002.2-150300.53.16.1 SUSE Linux Enterprise Module for Transactional Server 15-SP3 (src): salt-3002.2-150300.53.16.1 SUSE Linux Enterprise Module for Server Applications 15-SP3 (src): salt-3002.2-150300.53.16.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): salt-3002.2-150300.53.16.1 SUSE Linux Enterprise Micro 5.2 (src): salt-3002.2-150300.53.16.1 SUSE Linux Enterprise Micro 5.1 (src): salt-3002.2-150300.53.16.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1514-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1197417,1197637,1198556 CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 JIRA References: Sources used: SUSE Manager Tools 15-BETA (src): venv-salt-minion-3004-159000.3.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1534-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1197417,1197637,1198556 CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 JIRA References: Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1536-1: An update that fixes 8 vulnerabilities is now available. Category: security (important) Bug References: 1118088,1184177,1196249,1196877,1197279,1197417,1197637,1198556 CVE References: CVE-2018-19787,CVE-2021-28957,CVE-2022-0778,CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941,CVE-2022-24302 JIRA References: Sources used: SUSE Manager Tools 12-BETA (src): venv-salt-minion-3004-3.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1537-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1197417,1197637,1198556 CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 JIRA References: Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1531-1: An update that solves 5 vulnerabilities, contains 5 features and has three fixes is now available. Category: security (important) Bug References: 1181400,1190535,1196338,1196704,1197042,1197417,1197579,1197689 CVE References: CVE-2020-22935,CVE-2022-21698,CVE-2022-22934,CVE-2022-22936,CVE-2022-22941 JIRA References: SLE-24077,SLE-24138,SLE-24139,SLE-24238,SLE-24239 Sources used: SUSE Manager Tools 12-BETA (src): golang-github-prometheus-alertmanager-0.23.0-4.9.1, golang-github-prometheus-node_exporter-1.3.0-4.12.1, golang-github-prometheus-prometheus-2.32.1-4.30.1, golang-github-prometheus-promu-0.13.0-4.9.1, mgr-cfg-4.3.6-4.27.1, mgr-osad-4.3.6-4.27.1, mgr-push-4.3.4-4.18.1, mgr-virtualization-4.3.5-4.18.1, rhnlib-4.3.4-24.27.1, salt-3000-53.11.1, spacecmd-4.3.10-41.39.1, spacewalk-client-tools-4.3.9-55.45.1, spacewalk-koan-4.3.5-27.18.1, spacewalk-oscap-4.3.5-22.18.1, suseRegisterInfo-4.3.3-28.21.1, uyuni-common-libs-4.3.4-3.30.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1527-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1197417,1197533,1197637,1197689 CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 JIRA References: Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1529-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1197417,1197533,1197637,1197689 CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 JIRA References: Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1533-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1197417,1197637,1198556 CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 JIRA References: Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1528-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1197417,1197533,1197637,1197689 CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 JIRA References: Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1538-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1197417,1197637,1198556 CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 JIRA References: Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1545-1: An update that solves 5 vulnerabilities, contains two features and has four fixes is now available. Category: security (important) Bug References: 1181400,1196338,1196704,1197042,1197417,1197533,1197579,1197637,1197689 CVE References: CVE-2022-21698,CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 JIRA References: SLE-24077,SLE-24145 Sources used: SUSE Manager Tools 15-BETA (src): golang-github-prometheus-alertmanager-0.23.0-159000.6.9.3, golang-github-prometheus-prometheus-2.32.1-159000.6.30.4, mgr-cfg-4.3.6-159000.4.26.1, mgr-osad-4.3.6-159000.4.27.2, mgr-push-4.3.4-159000.4.18.2, mgr-virtualization-4.3.5-159000.4.18.2, rhnlib-4.3.4-159000.6.27.2, salt-3004-159000.8.56.1, spacecmd-4.3.10-159000.6.39.2, spacewalk-client-tools-4.3.9-159000.6.45.2, spacewalk-koan-4.3.5-159000.6.18.1, spacewalk-oscap-4.3.5-159000.6.18.2, suseRegisterInfo-4.3.3-159000.6.21.2, uyuni-common-libs-4.3.4-159000.3.30.2, uyuni-proxy-systemd-services-4.3.2-159000.3.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-FU-2022:2042-1: An update that solves four vulnerabilities and has four fixes is now available. Category: feature (important) Bug References: 1182851,1194632,1196050,1196432,1197417,1197637,1198556,1199149 CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 JIRA References: Sources used: SUSE Manager Tools 15 (src): venv-salt-minion-3004-150000.3.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-FU-2022:2135-1: An update that solves four vulnerabilities and has four fixes is now available. Category: feature (important) Bug References: 1182851,1194632,1196050,1196432,1197417,1197637,1198556,1199149 CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 JIRA References: Sources used: SUSE Manager Tools 12 (src): venv-salt-minion-3004-3.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-FU-2022:2133-1: An update that solves four vulnerabilities and has four fixes is now available. Category: feature (important) Bug References: 1182851,1194632,1196050,1196432,1197417,1197637,1198556,1199149 CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 JIRA References: Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-FU-2022:14987-1: An update that solves four vulnerabilities and has four fixes is now available. Category: feature (important) Bug References: 1182851,1194632,1196050,1196432,1197417,1197637,1198556,1199149 CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 JIRA References: Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-FU-2022:2128-1: An update that solves four vulnerabilities and has four fixes is now available. Category: feature (important) Bug References: 1182851,1194632,1196050,1196432,1197417,1197637,1198556,1199149 CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 JIRA References: Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-FU-2022:14989-1: An update that solves four vulnerabilities and has three fixes is now available. Category: feature (moderate) Bug References: 1182851,1196050,1196432,1197417,1197637,1198556,1199149 CVE References: CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 JIRA References: Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-RU-2023:4408-1: An update that solves eight vulnerabilities, contains two features and has 48 fixes can now be installed. Category: recommended (important) Bug References: 1097531, 1182851, 1186738, 1190781, 1193357, 1193948, 1194632, 1195624, 1195895, 1196050, 1196432, 1197288, 1197417, 1197533, 1197637, 1198489, 1198556, 1198744, 1199149, 1199372, 1199562, 1200566, 1200596, 1201082, 1202165, 1202631, 1203685, 1203834, 1203886, 1204206, 1204939, 1205687, 1207071, 1208691, 1209233, 1210954, 1210994, 1211591, 1211612, 1211741, 1211754, 1212516, 1212517, 1212794, 1212844, 1212855, 1213257, 1213293, 1213441, 1213518, 1213630, 1213926, 1213960, 1214796, 1214797, 1215489 CVE References: CVE-2022-22934, CVE-2022-22935, CVE-2022-22936, CVE-2022-22941, CVE-2022-22967, CVE-2023-20897, CVE-2023-20898, CVE-2023-28370 Jira References: MSQA-706, PED-3139 Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.