Bug 1213880 (CVE-2023-29409) - VUL-0: CVE-2023-29409: go1.19,go1.20: crypto/tls: restrict RSA keys in certificates to <= 8192 bits
Summary: VUL-0: CVE-2023-29409: go1.19,go1.20: crypto/tls: restrict RSA keys in certif...
Status: RESOLVED FIXED
Alias: CVE-2023-29409
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Jeff Kowalczyk
QA Contact: Security Team bot
URL:
Whiteboard: CVSSv3.1:SUSE:CVE-2023-29409:7.5:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-08-01 23:29 UTC by Jeff Kowalczyk
Modified: 2024-05-14 12:02 UTC (History)
5 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jeff Kowalczyk 2023-08-01 23:29:57 UTC
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. Limit this by restricting the size of RSA keys transmitted during handshakes to <= 8192 bits.

Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.

Thanks to Mateusz Poliwczak for reporting this issue.

This is CVE-2023-29409 and Go issue https://go.dev/issue/61460.
Comment 1 OBSbugzilla Bot 2023-08-02 01:15:05 UTC
This is an autogenerated message for OBS integration:
This bug (1213880) was mentioned in
https://build.opensuse.org/request/show/1101872 Factory / go1.19
https://build.opensuse.org/request/show/1101873 Factory / go1.20
Comment 3 Gianluca Gabrielli 2023-08-02 07:17:30 UTC
Hi Jeff,

could you please also submit (and start always submitting for the future) to SUSE:ALP:Source:Standard:1.0/go1.19 and SUSE:ALP:Source:Standard:1.0/go1.20 ?

Thank you
Comment 7 Maintenance Automation 2023-08-03 20:30:33 UTC
SUSE-SU-2023:3181-1: An update that solves one vulnerability and has one fix can now be installed.

Category: security (important)
Bug References: 1206346, 1213880
CVE References: CVE-2023-29409
Sources used:
openSUSE Leap 15.5 (src): go1.20-1.20.7-150000.1.20.1
Development Tools Module 15-SP4 (src): go1.20-1.20.7-150000.1.20.1
Development Tools Module 15-SP5 (src): go1.20-1.20.7-150000.1.20.1
openSUSE Leap 15.4 (src): go1.20-1.20.7-150000.1.20.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Maintenance Automation 2023-08-10 17:10:07 UTC
SUSE-SU-2023:3263-1: An update that solves one vulnerability and has one fix can now be installed.

Category: security (important)
Bug References: 1200441, 1213880
CVE References: CVE-2023-29409
Sources used:
openSUSE Leap 15.5 (src): go1.19-1.19.12-150000.1.40.1
Development Tools Module 15-SP4 (src): go1.19-1.19.12-150000.1.40.1
Development Tools Module 15-SP5 (src): go1.19-1.19.12-150000.1.40.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): go1.19-1.19.12-150000.1.40.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): go1.19-1.19.12-150000.1.40.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): go1.19-1.19.12-150000.1.40.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): go1.19-1.19.12-150000.1.40.1
SUSE Enterprise Storage 7.1 (src): go1.19-1.19.12-150000.1.40.1
openSUSE Leap 15.4 (src): go1.19-1.19.12-150000.1.40.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Maintenance Automation 2023-08-29 12:30:53 UTC
SUSE-SU-2023:3475-1: An update that solves one vulnerability, contains one feature and has 19 fixes can now be installed.

Category: security (important)
Bug References: 1175823, 1208528, 1208577, 1209156, 1210103, 1210994, 1211100, 1211469, 1211650, 1211884, 1212032, 1212106, 1212416, 1212507, 1212589, 1212700, 1212943, 1213880, 1214187, 1214333
CVE References: CVE-2023-29409
Jira References: MSQA-698
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Cathy Hu 2023-09-25 07:57:21 UTC
I think ALP:Source:Standard:1.0/go1.20 is still missing, could you have a look? Thanks :)
Comment 20 Maintenance Automation 2023-09-27 20:30:13 UTC
SUSE-SU-2023:3841-1: An update that solves two vulnerabilities and has two security fixes can now be installed.

Category: security (important)
Bug References: 1200441, 1213229, 1213880, 1215090
CVE References: CVE-2023-29406, CVE-2023-29409
Sources used:
openSUSE Leap 15.4 (src): go1.19-openssl-1.19.13.1-150000.1.8.1
openSUSE Leap 15.5 (src): go1.19-openssl-1.19.13.1-150000.1.8.1
Development Tools Module 15-SP4 (src): go1.19-openssl-1.19.13.1-150000.1.8.1
Development Tools Module 15-SP5 (src): go1.19-openssl-1.19.13.1-150000.1.8.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 21 Maintenance Automation 2023-09-27 20:30:16 UTC
SUSE-SU-2023:3840-1: An update that solves three vulnerabilities and has two security fixes can now be installed.

Category: security (important)
Bug References: 1206346, 1213880, 1215084, 1215085, 1215090
CVE References: CVE-2023-29409, CVE-2023-39318, CVE-2023-39319
Sources used:
openSUSE Leap 15.4 (src): go1.20-openssl-1.20.8.1-150000.1.11.1
openSUSE Leap 15.5 (src): go1.20-openssl-1.20.8.1-150000.1.11.1
Development Tools Module 15-SP4 (src): go1.20-openssl-1.20.8.1-150000.1.11.1
Development Tools Module 15-SP5 (src): go1.20-openssl-1.20.8.1-150000.1.11.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 22 Maintenance Automation 2023-09-28 12:30:01 UTC
SUSE-SU-2023:3886-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1213880
CVE References: CVE-2023-29409
Sources used:
openSUSE Leap 15.4 (src): grafana-9.5.5-150200.3.47.1
openSUSE Leap 15.5 (src): grafana-9.5.5-150200.3.47.1
SUSE Package Hub 15 15-SP4 (src): grafana-9.5.5-150200.3.47.1
SUSE Package Hub 15 15-SP5 (src): grafana-9.5.5-150200.3.47.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 23 Maintenance Automation 2023-09-28 12:30:12 UTC
SUSE-SU-2023:3885-1: An update that solves six vulnerabilities, contains seven features and has 74 security fixes can now be installed.

Category: security (important)
Bug References: 1193948, 1193948, 1207330, 1207330, 1208692, 1208692, 1208692, 1210935, 1210935, 1211525, 1211525, 1211525, 1211874, 1211874, 1211884, 1211884, 1212246, 1212246, 1212730, 1212730, 1212814, 1212814, 1212827, 1212827, 1212856, 1212856, 1212856, 1212943, 1212943, 1212943, 1213009, 1213009, 1213077, 1213077, 1213288, 1213288, 1213441, 1213441, 1213445, 1213445, 1213445, 1213469, 1213469, 1213675, 1213675, 1213675, 1213716, 1213716, 1213880, 1213880, 1214002, 1214002, 1214121, 1214121, 1214124, 1214124, 1214187, 1214187, 1214266, 1214266, 1214280, 1214280, 1214796, 1214796, 1214797, 1214797, 1214889, 1214889, 1214982, 1214982, 1215352, 1215352, 1215362, 1215362, 1215413, 1215413, 1215497, 1215497, 1215756, 1215756
CVE References: CVE-2023-20897, CVE-2023-20897, CVE-2023-20898, CVE-2023-20898, CVE-2023-29409, CVE-2023-29409
Jira References: MSQA-699, MSQA-699, MSQA-699, SUMA-158, SUMA-158, SUMA-280, SUMA-280
Sources used:
openSUSE Leap 15.4 (src): release-notes-susemanager-proxy-4.3.8-150400.3.61.2, release-notes-susemanager-4.3.8-150400.3.77.1
SUSE Manager Proxy 4.3 (src): release-notes-susemanager-proxy-4.3.8-150400.3.61.2
SUSE Manager Retail Branch Server 4.3 (src): release-notes-susemanager-proxy-4.3.8-150400.3.61.2
SUSE Manager Server 4.3 (src): release-notes-susemanager-4.3.8-150400.3.77.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 24 Maintenance Automation 2023-09-28 12:30:12 UTC
SUSE-SU-2023:3885-1: An update that solves six vulnerabilities, contains seven features and has 74 security fixes can now be installed.

Category: security (important)
Bug References: 1193948, 1193948, 1207330, 1207330, 1208692, 1208692, 1208692, 1210935, 1210935, 1211525, 1211525, 1211525, 1211874, 1211874, 1211884, 1211884, 1212246, 1212246, 1212730, 1212730, 1212814, 1212814, 1212827, 1212827, 1212856, 1212856, 1212856, 1212943, 1212943, 1212943, 1213009, 1213009, 1213077, 1213077, 1213288, 1213288, 1213441, 1213441, 1213445, 1213445, 1213445, 1213469, 1213469, 1213675, 1213675, 1213675, 1213716, 1213716, 1213880, 1213880, 1214002, 1214002, 1214121, 1214121, 1214124, 1214124, 1214187, 1214187, 1214266, 1214266, 1214280, 1214280, 1214796, 1214796, 1214797, 1214797, 1214889, 1214889, 1214982, 1214982, 1215352, 1215352, 1215362, 1215362, 1215413, 1215413, 1215497, 1215497, 1215756, 1215756
CVE References: CVE-2023-20897, CVE-2023-20897, CVE-2023-20898, CVE-2023-20898, CVE-2023-29409, CVE-2023-29409
Jira References: MSQA-699, MSQA-699, MSQA-699, SUMA-158, SUMA-158, SUMA-280, SUMA-280
Sources used:
openSUSE Leap 15.4 (src): release-notes-susemanager-proxy-4.3.8-150400.3.61.2, release-notes-susemanager-4.3.8-150400.3.77.1
SUSE Manager Proxy 4.3 (src): release-notes-susemanager-proxy-4.3.8-150400.3.61.2
SUSE Manager Retail Branch Server 4.3 (src): release-notes-susemanager-proxy-4.3.8-150400.3.61.2
SUSE Manager Server 4.3 (src): release-notes-susemanager-4.3.8-150400.3.77.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 25 Maintenance Automation 2023-09-28 12:31:04 UTC
SUSE-SU-2023:3875-1: An update that solves four vulnerabilities, contains four features and has one security fix can now be installed.

Category: security (important)
Bug References: 1204501, 1208046, 1208270, 1213691, 1213880
CVE References: CVE-2022-32149, CVE-2022-41723, CVE-2022-46146, CVE-2023-29409
Jira References: ECO-3319, MSQA-699, PED-5405, SLE-24791
Sources used:
SUSE Manager Client Tools for RHEL, Liberty and Clones 9 (src): golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1, prometheus-postgres_exporter-0.10.1-1.9.2, golang-github-lusitaniae-apache_exporter-1.0.0-1.8.1, golang-github-prometheus-node_exporter-1.5.0-1.9.2, spacecmd-4.3.23-1.18.2, scap-security-guide-0.1.69-1.12.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 26 Maintenance Automation 2023-09-28 12:31:15 UTC
SUSE-SU-202306:15231-1: An update that solves one vulnerability, contains one feature and has one security fix can now be installed.

Category: security (important)
Bug References: 1208612, 1213880
CVE References: CVE-2023-29409
Jira References: MSQA-679
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 27 Maintenance Automation 2023-09-28 12:31:18 UTC
SUSE-SU-202309:15230-1: An update that solves three vulnerabilities, contains two features and has 11 security fixes can now be installed.

Category: security (moderate)
Bug References: 1193948, 1210994, 1212794, 1212844, 1212855, 1213257, 1213441, 1213630, 1213691, 1213880, 1213960, 1214796, 1214797, 1215489
CVE References: CVE-2023-20897, CVE-2023-20898, CVE-2023-29409
Jira References: ECO-3319, MSQA-699
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 28 Maintenance Automation 2023-09-28 12:31:24 UTC
SUSE-SU-2023:3868-1: An update that solves four vulnerabilities, contains three features and has three security fixes can now be installed.

Category: security (important)
Bug References: 1204501, 1208046, 1208270, 1208298, 1208692, 1211525, 1213880
CVE References: CVE-2022-32149, CVE-2022-41723, CVE-2022-46146, CVE-2023-29409
Jira References: MSQA-699, PED-5405, PED-5406
Sources used:
openSUSE Leap 15.4 (src): golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.18.3, golang-github-lusitaniae-apache_exporter-1.0.0-150000.1.17.2, prometheus-postgres_exporter-0.10.1-150000.1.14.3, spacecmd-4.3.23-150000.3.104.2, prometheus-blackbox_exporter-0.24.0-150000.1.23.3, supportutils-plugin-susemanager-client-4.3.3-150000.3.21.2
openSUSE Leap 15.5 (src): golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.18.3, golang-github-lusitaniae-apache_exporter-1.0.0-150000.1.17.2, prometheus-postgres_exporter-0.10.1-150000.1.14.3, spacecmd-4.3.23-150000.3.104.2, prometheus-blackbox_exporter-0.24.0-150000.1.23.3, supportutils-plugin-susemanager-client-4.3.3-150000.3.21.2
SUSE Manager Client Tools for SLE 15 (src): golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.18.3, golang-github-lusitaniae-apache_exporter-1.0.0-150000.1.17.2, prometheus-postgres_exporter-0.10.1-150000.1.14.3, spacecmd-4.3.23-150000.3.104.2, python-pyvmomi-6.7.3-150000.1.6.2, supportutils-plugin-susemanager-client-4.3.3-150000.3.21.2, grafana-9.5.5-150000.1.54.3, golang-github-prometheus-prometheus-2.45.0-150000.3.50.3, prometheus-blackbox_exporter-0.24.0-150000.1.23.3, uyuni-common-libs-4.3.9-150000.1.36.2
SUSE Manager Client Tools for SLE Micro 5 (src): golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.18.3, prometheus-blackbox_exporter-0.24.0-150000.1.23.3
SUSE Manager Proxy 4.2 Module 4.2 (src): golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.18.3, golang-github-lusitaniae-apache_exporter-1.0.0-150000.1.17.2, prometheus-blackbox_exporter-0.24.0-150000.1.23.3
SUSE Manager Proxy 4.3 Module 4.3 (src): golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.18.3, golang-github-lusitaniae-apache_exporter-1.0.0-150000.1.17.2, prometheus-blackbox_exporter-0.24.0-150000.1.23.3
SUSE Manager Server 4.2 Module 4.2 (src): golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.18.3, golang-github-lusitaniae-apache_exporter-1.0.0-150000.1.17.2, prometheus-postgres_exporter-0.10.1-150000.1.14.3
SUSE Manager Server 4.3 Module 4.3 (src): golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.18.3, golang-github-lusitaniae-apache_exporter-1.0.0-150000.1.17.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 29 Maintenance Automation 2023-09-28 12:31:29 UTC
SUSE-SU-2023:3867-1: An update that solves four vulnerabilities, contains three features and has three security fixes can now be installed.

Category: security (important)
Bug References: 1204501, 1208046, 1208270, 1208298, 1208692, 1211525, 1213880
CVE References: CVE-2022-32149, CVE-2022-41723, CVE-2022-46146, CVE-2023-29409
Jira References: MSQA-699, PED-5405, PED-5406
Sources used:
SUSE Manager Client Tools for SLE 12 (src): golang-github-QubitProducts-exporter_exporter-0.4.0-1.12.2, uyuni-common-libs-4.3.9-1.36.3, golang-github-prometheus-alertmanager-0.23.0-1.21.2, golang-github-prometheus-node_exporter-1.5.0-1.27.2, prometheus-postgres_exporter-0.10.1-1.14.3, supportutils-plugin-susemanager-client-4.3.3-6.27.2, spacecmd-4.3.23-38.127.3, golang-github-prometheus-prometheus-2.45.0-1.47.3, golang-github-lusitaniae-apache_exporter-1.0.0-1.18.2, prometheus-blackbox_exporter-0.24.0-1.23.2, grafana-9.5.5-1.54.3
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): golang-github-prometheus-node_exporter-1.5.0-1.27.2
SUSE Linux Enterprise Server 12 SP5 (src): golang-github-prometheus-node_exporter-1.5.0-1.27.2
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): golang-github-prometheus-node_exporter-1.5.0-1.27.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 30 Maintenance Automation 2023-09-28 12:32:14 UTC
SUSE-SU-2023:3861-1: An update that solves two vulnerabilities, contains seven features and has 70 security fixes can now be installed.

Category: security (important)
Bug References: 1207330, 1207330, 1208692, 1208692, 1208692, 1210935, 1210935, 1211525, 1211525, 1211525, 1211874, 1211874, 1211884, 1211884, 1212246, 1212246, 1212730, 1212730, 1212814, 1212814, 1212827, 1212827, 1212856, 1212856, 1212856, 1212943, 1212943, 1212943, 1213009, 1213009, 1213077, 1213077, 1213288, 1213288, 1213445, 1213445, 1213445, 1213675, 1213675, 1213675, 1213716, 1213716, 1213880, 1213880, 1214002, 1214002, 1214121, 1214121, 1214124, 1214124, 1214187, 1214187, 1214266, 1214266, 1214280, 1214280, 1214889, 1214889, 1214982, 1214982, 1215352, 1215352, 1215362, 1215362, 1215373, 1215373, 1215413, 1215413, 1215497, 1215497, 1215756, 1215756
CVE References: CVE-2023-29409, CVE-2023-29409
Jira References: MSQA-699, MSQA-699, MSQA-699, SUMA-158, SUMA-158, SUMA-280, SUMA-280
Sources used:
SUSE Manager Proxy 4.3 Module 4.3 (src): spacecmd-4.3.23-150400.3.24.13, spacewalk-certs-tools-4.3.19-150400.3.18.13, uyuni-common-libs-4.3.9-150400.3.15.13, spacewalk-web-4.3.33-150400.3.27.16, supportutils-plugin-susemanager-proxy-4.3.3-150400.3.3.13, supportutils-plugin-susemanager-client-4.3.3-150400.3.3.13, spacewalk-backend-4.3.23-150400.3.27.19
SUSE Manager Server 4.3 Module 4.3 (src): susemanager-schema-4.3.20-150400.3.24.17, spacewalk-config-4.3.11-150400.3.9.13, prometheus-exporters-formula-1.3.0-150400.3.3.13, inter-server-sync-0.3.0-150400.3.21.15, image-sync-formula-0.1.1692188980.9aa0455-150400.3.15.13, spacewalk-admin-4.3.13-150400.3.12.13, billing-data-service-0.3-150400.10.6.13, spacewalk-java-4.3.66-150400.3.60.1, hub-xmlrpc-api-0.7-150400.5.9.15, spacewalk-backend-4.3.23-150400.3.27.19, spacecmd-4.3.23-150400.3.24.13, spacewalk-certs-tools-4.3.19-150400.3.18.13, susemanager-4.3.31-150400.3.36.12, supportutils-plugin-susemanager-4.3.9-150400.3.15.13, spacewalk-setup-4.3.18-150400.3.27.13, susemanager-docs_en-4.3-150400.9.38.2, uyuni-common-libs-4.3.9-150400.3.15.13, susemanager-sls-4.3.35-150400.3.31.12, grafana-formula-0.9.0-150400.3.12.1, saltboot-formula-0.1.1692188980.9aa0455-150400.3.12.13, cobbler-3.3.3-150400.5.33.13, spacewalk-web-4.3.33-150400.3.27.16, prometheus-postgres_exporter-0.10.1-150400.3.6.17

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 31 Maintenance Automation 2023-09-28 12:32:15 UTC
SUSE-SU-2023:3861-1: An update that solves two vulnerabilities, contains seven features and has 70 security fixes can now be installed.

Category: security (important)
Bug References: 1207330, 1207330, 1208692, 1208692, 1208692, 1210935, 1210935, 1211525, 1211525, 1211525, 1211874, 1211874, 1211884, 1211884, 1212246, 1212246, 1212730, 1212730, 1212814, 1212814, 1212827, 1212827, 1212856, 1212856, 1212856, 1212943, 1212943, 1212943, 1213009, 1213009, 1213077, 1213077, 1213288, 1213288, 1213445, 1213445, 1213445, 1213675, 1213675, 1213675, 1213716, 1213716, 1213880, 1213880, 1214002, 1214002, 1214121, 1214121, 1214124, 1214124, 1214187, 1214187, 1214266, 1214266, 1214280, 1214280, 1214889, 1214889, 1214982, 1214982, 1215352, 1215352, 1215362, 1215362, 1215373, 1215373, 1215413, 1215413, 1215497, 1215497, 1215756, 1215756
CVE References: CVE-2023-29409, CVE-2023-29409
Jira References: MSQA-699, MSQA-699, MSQA-699, SUMA-158, SUMA-158, SUMA-280, SUMA-280
Sources used:
SUSE Manager Proxy 4.3 Module 4.3 (src): spacecmd-4.3.23-150400.3.24.13, spacewalk-certs-tools-4.3.19-150400.3.18.13, uyuni-common-libs-4.3.9-150400.3.15.13, spacewalk-web-4.3.33-150400.3.27.16, supportutils-plugin-susemanager-proxy-4.3.3-150400.3.3.13, supportutils-plugin-susemanager-client-4.3.3-150400.3.3.13, spacewalk-backend-4.3.23-150400.3.27.19
SUSE Manager Server 4.3 Module 4.3 (src): susemanager-schema-4.3.20-150400.3.24.17, spacewalk-config-4.3.11-150400.3.9.13, prometheus-exporters-formula-1.3.0-150400.3.3.13, inter-server-sync-0.3.0-150400.3.21.15, image-sync-formula-0.1.1692188980.9aa0455-150400.3.15.13, spacewalk-admin-4.3.13-150400.3.12.13, billing-data-service-0.3-150400.10.6.13, spacewalk-java-4.3.66-150400.3.60.1, hub-xmlrpc-api-0.7-150400.5.9.15, spacewalk-backend-4.3.23-150400.3.27.19, spacecmd-4.3.23-150400.3.24.13, spacewalk-certs-tools-4.3.19-150400.3.18.13, susemanager-4.3.31-150400.3.36.12, supportutils-plugin-susemanager-4.3.9-150400.3.15.13, spacewalk-setup-4.3.18-150400.3.27.13, susemanager-docs_en-4.3-150400.9.38.2, uyuni-common-libs-4.3.9-150400.3.15.13, susemanager-sls-4.3.35-150400.3.31.12, grafana-formula-0.9.0-150400.3.12.1, saltboot-formula-0.1.1692188980.9aa0455-150400.3.12.13, cobbler-3.3.3-150400.5.33.13, spacewalk-web-4.3.33-150400.3.27.16, prometheus-postgres_exporter-0.10.1-150400.3.6.17

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 32 Maintenance Automation 2023-09-28 16:30:01 UTC
SUSE-SU-2023:3888-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1213880
CVE References: CVE-2023-29409
Sources used:
openSUSE Leap 15.4 (src): golang-github-prometheus-alertmanager-0.23.0-150100.4.16.2, golang-github-prometheus-node_exporter-1.5.0-150100.3.26.2
openSUSE Leap 15.5 (src): golang-github-prometheus-alertmanager-0.23.0-150100.4.16.2, golang-github-prometheus-node_exporter-1.5.0-150100.3.26.2
SUSE Manager Client Tools for SLE 15 (src): golang-github-prometheus-alertmanager-0.23.0-150100.4.16.2
SUSE Manager Client Tools for SLE Micro 5 (src): golang-github-prometheus-node_exporter-1.5.0-150100.3.26.2
Basesystem Module 15-SP4 (src): golang-github-prometheus-node_exporter-1.5.0-150100.3.26.2
Basesystem Module 15-SP5 (src): golang-github-prometheus-node_exporter-1.5.0-150100.3.26.2
SUSE Package Hub 15 15-SP5 (src): golang-github-prometheus-alertmanager-0.23.0-150100.4.16.2
SUSE Manager Proxy 4.2 Module 4.2 (src): golang-github-prometheus-alertmanager-0.23.0-150100.4.16.2
SUSE Manager Proxy 4.3 Module 4.3 (src): golang-github-prometheus-alertmanager-0.23.0-150100.4.16.2
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): golang-github-prometheus-node_exporter-1.5.0-150100.3.26.2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): golang-github-prometheus-node_exporter-1.5.0-150100.3.26.2
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): golang-github-prometheus-node_exporter-1.5.0-150100.3.26.2
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): golang-github-prometheus-node_exporter-1.5.0-150100.3.26.2
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): golang-github-prometheus-node_exporter-1.5.0-150100.3.26.2
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): golang-github-prometheus-node_exporter-1.5.0-150100.3.26.2
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): golang-github-prometheus-node_exporter-1.5.0-150100.3.26.2
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): golang-github-prometheus-node_exporter-1.5.0-150100.3.26.2
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): golang-github-prometheus-node_exporter-1.5.0-150100.3.26.2
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): golang-github-prometheus-node_exporter-1.5.0-150100.3.26.2
SUSE Manager Proxy 4.2 (src): golang-github-prometheus-node_exporter-1.5.0-150100.3.26.2
SUSE Manager Retail Branch Server 4.2 (src): golang-github-prometheus-node_exporter-1.5.0-150100.3.26.2
SUSE Manager Server 4.2 (src): golang-github-prometheus-node_exporter-1.5.0-150100.3.26.2
SUSE Enterprise Storage 7.1 (src): golang-github-prometheus-node_exporter-1.5.0-150100.3.26.2
SUSE CaaS Platform 4.0 (src): golang-github-prometheus-node_exporter-1.5.0-150100.3.26.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 35 Maintenance Automation 2024-02-27 12:30:24 UTC
SUSE-SU-2023:3474-1: An update that solves one vulnerability, contains one feature and has 19 security fixes can now be installed.

Category: security (important)
Bug References: 1175823, 1208528, 1208577, 1209156, 1210103, 1210994, 1211100, 1211469, 1211650, 1211884, 1212032, 1212106, 1212416, 1212507, 1212589, 1212700, 1212943, 1213880, 1214187, 1214333
CVE References: CVE-2023-29409
Jira References: MSQA-698
Sources used:
SUSE Manager Proxy 4.2 Module 4.2 (src): spacewalk-backend-4.2.29-150300.4.44.5, spacewalk-web-4.2.36-150300.3.47.5, spacecmd-4.2.24-150300.4.42.3
SUSE Manager Server 4.2 Module 4.2 (src): spacewalk-setup-4.2.13-150300.3.21.3, spacewalk-web-4.2.36-150300.3.47.5, spacecmd-4.2.24-150300.4.42.3, hub-xmlrpc-api-0.7-150300.3.14.2, spacewalk-java-4.2.55-150300.3.73.2, spacewalk-reports-4.2.8-150300.3.12.3, susemanager-4.2.44-150300.3.59.1, susemanager-schema-4.2.29-150300.3.41.5, inter-server-sync-0.3.0-150300.8.36.1, susemanager-doc-indexes-4.2-150300.12.48.5, spacewalk-utils-4.2.20-150300.3.27.3, spacewalk-backend-4.2.29-150300.4.44.5, susemanager-sls-4.2.35-150300.3.54.3, susemanager-docs_en-4.2-150300.12.48.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 37 Marcus Meissner 2024-05-14 12:02:48 UTC
done