Bug 1196338 - (CVE-2022-21698) VUL-0: CVE-2022-21698: rook,golang-github-prometheus-alertmanager,golang-github-prometheus-node_exporter,golang-github-prometheus-prometheus: prometheus/client_golang: Denial of service using InstrumentHandlerCounter
(CVE-2022-21698)
VUL-0: CVE-2022-21698: rook,golang-github-prometheus-alertmanager,golang-gith...
Status: IN_PROGRESS
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: E-Mail List
Security Team bot
https://smash.suse.de/issue/323818/
CVSSv3.1:SUSE:CVE-2022-21698:7.5:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-02-23 10:45 UTC by Gianluca Gabrielli
Modified: 2022-06-21 10:24 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Gianluca Gabrielli 2022-02-23 10:49:32 UTC
Witek could you please submit to the following packages?

 - golang-github-prometheus-prometheus
   - SUSE:SLE-12:Update/golang-github-prometheus-prometheus/vendor/github.com/prometheus/client_golang
   - SUSE:SLE-15:Update/golang-github-prometheus-prometheus/vendor/github.com/prometheus/client_golang
   - SUSE:SLE-15-SP1:Update/golang-github-prometheus-prometheus/vendor/github.com/prometheus/client_golang
   - SUSE:SLE-12:Update:Products:ManagerToolsBeta:Update/golang-github-prometheus-prometheus/vendor/github.com/prometheus/client_golang
   - SUSE:SLE-15:Update:Products:ManagerToolsBeta:Update/golang-github-prometheus-prometheus/vendor/github.com/prometheus/client_golang


 - golang-github-prometheus-node_exporter
   - SUSE:SLE-15-SP2:Update:Products:Manager41:Update/golang-github-prometheus-node_exporter/vendor/github.com/prometheus/client_golang
   - SUSE:RES-8:Update:Products:ManagerToolsBeta:Update/golang-github-prometheus-node_exporter/vendor/github.com/prometheus/client_golang
   - SUSE:SLE-11-SP3:Update:Manager3:Update/golang-github-prometheus-node_exporter/node_exporter/vendor/github.com/prometheus/client_golang
   - SUSE:SLE-12:Update/golang-github-prometheus-node_exporter/vendor/github.com/prometheus/client_golang
   - SUSE:RES-7:Update:Products:ManagerToolsBeta:Update/golang-github-prometheus-node_exporter/vendor/github.com/prometheus/client_golang
   - SUSE:SLE-15-SP1:Update/golang-github-prometheus-node_exporter/vendor/github.com/prometheus/client_golang
   - SUSE:SLE-12:Update:Products:ManagerToolsBeta:Update/golang-github-prometheus-node_exporter/vendor/github.com/prometheus/client_golang
   - SUSE:RES-7:Update/golang-github-prometheus-node_exporter/vendor/github.com/prometheus/client_golang
   - SUSE:RES-8:Update:Products:ManagerTools:Update/golang-github-prometheus-node_exporter/vendor/github.com/prometheus/client_golang
   - SUSE:SLE-15-SP3:Update/golang-github-vpenso-prometheus_slurm_exporter/vendor/github.com/prometheus/client_golang
   - SUSE:SLE-11-SP3:Update:Products:ManagerToolsBeta:Update/golang-github-prometheus-node_exporter/node_exporter/vendor/github.com/prometheus/client_golang
   - SUSE:SLE-15:Update/golang-github-prometheus-node_exporter/node_exporter-1.0.1/vendor/github.com/prometheus/client_golang
   - SUSE:SLE-12-SP2:Update/golang-github-prometheus-node_exporter/vendor/github.com/prometheus/client_golang

 - golang-github-prometheus-alertmanager
   - SUSE:SLE-12:Update/golang-github-prometheus-alertmanager/alertmanager-0.21.0/vendor/github.com/prometheus/client_golang
   - SUSE:SLE-15-SP1:Update/golang-github-prometheus-alertmanager/alertmanager-0.21.0/vendor/github.com/prometheus/client_golang
   - SUSE:SLE-12:Update:Products:ManagerToolsBeta:Update/golang-github-prometheus-alertmanager/alertmanager-0.21.0/vendor/github.com/prometheus/client_golang
   - SUSE:SLE-15:Update:Products:ManagerToolsBeta:Update/golang-github-prometheus-alertmanager/alertmanager-0.21.0/vendor/github.com/prometheus/client_golang

coldpool@suse.de could you please take care of the following one?

 - rook
   - SUSE:SLE-15-SP2:Update:Products:SES7:Update/rook/vendor/github.com/prometheus/client_golang
Comment 2 Gabriele Sonnu 2022-03-21 15:43:36 UTC
SUSE:SLE-15-SP3:Update:Products:SES7:Update/rook is also affected
Comment 3 Gianluca Gabrielli 2022-03-21 16:06:14 UTC
coldpool and Witek could you please provide your feedback?
Comment 4 Witek Bedyk 2022-03-23 11:04:07 UTC
I've fixed monitoring packages by updating vendor tarballs. Current status is the following:

* golang-github-prometheus-prometheus

Fix submitted to openSUSE:Factory, waiting to accumulate another pending bugfix before submitting to SLE codestreams.

* golang-github-prometheus-node_exporter

Fix in review at openSUSE:Factory.

* golang-github-prometheus-alertmanager

Fix submitted to openSUSE:Factory. The bugfix includes version bump of build requirement `promu`. ECO is needed here  to upgrade both Alertmanager and promu in SLE codestreams.
Comment 5 Gianluca Gabrielli 2022-03-28 10:39:25 UTC
(In reply to Witek Bedyk from comment #4)
> I've fixed monitoring packages by updating vendor tarballs. Current status
> is the following:
> 
> * golang-github-prometheus-prometheus
> 
> Fix submitted to openSUSE:Factory, waiting to accumulate another pending
> bugfix before submitting to SLE codestreams.
> 
> * golang-github-prometheus-node_exporter
> 
> Fix in review at openSUSE:Factory.

Could you update here once SLE submissions are provided?

> * golang-github-prometheus-alertmanager
> 
> Fix submitted to openSUSE:Factory. The bugfix includes version bump of build
> requirement `promu`. ECO is needed here  to upgrade both Alertmanager and
> promu in SLE codestreams.

Do you mean the package `golang-github-prometheus-promu`? In this case the ECO is only required for SUSE:SLE-12:Update which ships to SLE-Manager-Tools_12.
Comment 9 Swamp Workflow Management 2022-04-27 16:18:42 UTC
SUSE-SU-2022:1434-1: An update that solves one vulnerability, contains one feature and has one errata is now available.

Category: security (important)
Bug References: 1196338,1197042
CVE References: CVE-2022-21698
JIRA References: SLE-24376
Sources used:
SUSE Manager Tools 15 (src):    golang-github-prometheus-prometheus-2.32.1-150000.3.41.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2022-04-27 16:19:57 UTC
SUSE-SU-2022:1433-1: An update that solves one vulnerability, contains one feature and has one errata is now available.

Category: security (important)
Bug References: 1196338,1197042
CVE References: CVE-2022-21698
JIRA References: SLE-24376
Sources used:
SUSE Manager Tools 12 (src):    golang-github-prometheus-prometheus-2.32.1-1.38.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2022-04-27 16:20:52 UTC
SUSE-SU-2022:1435-1: An update that solves one vulnerability, contains three features and has one errata is now available.

Category: security (important)
Bug References: 1196338,1197042
CVE References: CVE-2022-21698
JIRA References: SLE-24373,SLE-24374,SLE-24375
Sources used:
openSUSE Leap 15.4 (src):    golang-github-prometheus-prometheus-2.32.1-150100.4.9.2
openSUSE Leap 15.3 (src):    firewalld-0.9.3-150300.3.6.1, golang-github-prometheus-prometheus-2.32.1-150100.4.9.2
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (src):    golang-github-prometheus-prometheus-2.32.1-150100.4.9.2
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (src):    golang-github-prometheus-prometheus-2.32.1-150100.4.9.2
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (src):    golang-github-prometheus-prometheus-2.32.1-150100.4.9.2
SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src):    firewalld-0.9.3-150300.3.6.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    firewalld-0.9.3-150300.3.6.1
SUSE Linux Enterprise Micro 5.2 (src):    firewalld-0.9.3-150300.3.6.1
SUSE Linux Enterprise Micro 5.1 (src):    firewalld-0.9.3-150300.3.6.1
SUSE Enterprise Storage 6 (src):    golang-github-prometheus-prometheus-2.32.1-150100.4.9.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Swamp Workflow Management 2022-05-04 19:19:55 UTC
SUSE-SU-2022:1531-1: An update that solves 5 vulnerabilities, contains 5 features and has three fixes is now available.

Category: security (important)
Bug References: 1181400,1190535,1196338,1196704,1197042,1197417,1197579,1197689
CVE References: CVE-2020-22935,CVE-2022-21698,CVE-2022-22934,CVE-2022-22936,CVE-2022-22941
JIRA References: SLE-24077,SLE-24138,SLE-24139,SLE-24238,SLE-24239
Sources used:
SUSE Manager Tools 12-BETA (src):    golang-github-prometheus-alertmanager-0.23.0-4.9.1, golang-github-prometheus-node_exporter-1.3.0-4.12.1, golang-github-prometheus-prometheus-2.32.1-4.30.1, golang-github-prometheus-promu-0.13.0-4.9.1, mgr-cfg-4.3.6-4.27.1, mgr-osad-4.3.6-4.27.1, mgr-push-4.3.4-4.18.1, mgr-virtualization-4.3.5-4.18.1, rhnlib-4.3.4-24.27.1, salt-3000-53.11.1, spacecmd-4.3.10-41.39.1, spacewalk-client-tools-4.3.9-55.45.1, spacewalk-koan-4.3.5-27.18.1, spacewalk-oscap-4.3.5-22.18.1, suseRegisterInfo-4.3.3-28.21.1, uyuni-common-libs-4.3.4-3.30.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2022-05-05 13:23:10 UTC
SUSE-SU-2022:1545-1: An update that solves 5 vulnerabilities, contains two features and has four fixes is now available.

Category: security (important)
Bug References: 1181400,1196338,1196704,1197042,1197417,1197533,1197579,1197637,1197689
CVE References: CVE-2022-21698,CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: SLE-24077,SLE-24145
Sources used:
SUSE Manager Tools 15-BETA (src):    golang-github-prometheus-alertmanager-0.23.0-159000.6.9.3, golang-github-prometheus-prometheus-2.32.1-159000.6.30.4, mgr-cfg-4.3.6-159000.4.26.1, mgr-osad-4.3.6-159000.4.27.2, mgr-push-4.3.4-159000.4.18.2, mgr-virtualization-4.3.5-159000.4.18.2, rhnlib-4.3.4-159000.6.27.2, salt-3004-159000.8.56.1, spacecmd-4.3.10-159000.6.39.2, spacewalk-client-tools-4.3.9-159000.6.45.2, spacewalk-koan-4.3.5-159000.6.18.1, spacewalk-oscap-4.3.5-159000.6.18.2, suseRegisterInfo-4.3.3-159000.6.21.2, uyuni-common-libs-4.3.4-159000.3.30.2, uyuni-proxy-systemd-services-4.3.2-159000.3.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Witek Bedyk 2022-05-09 09:46:07 UTC
golang-github-prometheus-prometheus - ACCEPTED
golang-github-prometheus-node_exporter - IN REVIEW
golang-github-prometheus-alertmanager - IN REVIEW
Comment 17 Witek Bedyk 2022-05-10 14:01:13 UTC
Monitoring changes completed. Leaving the bug open for SES.
Comment 18 Marcus Meissner 2022-05-11 08:36:51 UTC
rook was incorrectly assigned bugowner coldpool, i adjusted it to storage-team.
Comment 23 Swamp Workflow Management 2022-06-20 16:22:51 UTC
SUSE-SU-2022:2137-1: An update that solves one vulnerability, contains two features and has two fixes is now available.

Category: security (important)
Bug References: 1151558,1190535,1196338
CVE References: CVE-2022-21698
JIRA References: SLE-24238,SLE-24239
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    golang-github-prometheus-node_exporter-1.3.0-150000.3.12.1
SUSE Linux Enterprise Server 15-LTSS (src):    golang-github-prometheus-node_exporter-1.3.0-150000.3.12.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    golang-github-prometheus-node_exporter-1.3.0-150000.3.12.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    golang-github-prometheus-node_exporter-1.3.0-150000.3.12.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 24 Swamp Workflow Management 2022-06-20 16:24:44 UTC
SUSE-SU-2022:2139-1: An update that solves one vulnerability, contains one feature and has one errata is now available.

Category: security (important)
Bug References: 1181400,1196338
CVE References: CVE-2022-21698
JIRA References: SLE-24077
Sources used:
openSUSE Leap 15.4 (src):    golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1
openSUSE Leap 15.3 (src):    golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1
SUSE Manager Tools 15 (src):    golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (src):    golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (src):    golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (src):    golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1
SUSE Enterprise Storage 6 (src):    golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 25 Swamp Workflow Management 2022-06-20 16:25:45 UTC
SUSE-SU-2022:2140-1: An update that solves one vulnerability, contains two features and has one errata is now available.

Category: security (important)
Bug References: 1190535,1196338
CVE References: CVE-2022-21698
JIRA References: SLE-24238,SLE-24239
Sources used:
openSUSE Leap 15.4 (src):    golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
openSUSE Leap 15.3 (src):    golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
SUSE Manager Server 4.1 (src):    golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
SUSE Manager Retail Branch Server 4.1 (src):    golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
SUSE Manager Proxy 4.1 (src):    golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
SUSE Enterprise Storage 7 (src):    golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
SUSE Enterprise Storage 6 (src):    golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1
SUSE CaaS Platform 4.0 (src):    golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 26 Swamp Workflow Management 2022-06-20 16:40:19 UTC
SUSE-SU-2022:2134-1: An update that fixes 13 vulnerabilities, contains 5 features is now available.

Category: security (important)
Bug References: 1181223,1181400,1190462,1190535,1193600,1194873,1195726,1195727,1195728,1196338,1196704,1197507,1197689
CVE References: CVE-2021-36222,CVE-2021-3711,CVE-2021-39226,CVE-2021-41174,CVE-2021-41244,CVE-2021-43798,CVE-2021-43813,CVE-2021-43815,CVE-2022-21673,CVE-2022-21698,CVE-2022-21702,CVE-2022-21703,CVE-2022-21713
JIRA References: SLE-23422,SLE-23439,SLE-24077,SLE-24238,SLE-24239
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    golang-github-prometheus-node_exporter-1.3.0-1.15.3
SUSE OpenStack Cloud Crowbar 8 (src):    golang-github-prometheus-node_exporter-1.3.0-1.15.3
SUSE OpenStack Cloud 9 (src):    golang-github-prometheus-node_exporter-1.3.0-1.15.3
SUSE OpenStack Cloud 8 (src):    golang-github-prometheus-node_exporter-1.3.0-1.15.3
SUSE Manager Tools 12 (src):    golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1, golang-github-prometheus-alertmanager-0.23.0-1.12.3, golang-github-prometheus-node_exporter-1.3.0-1.15.3, grafana-8.3.5-1.30.3, mgr-cfg-4.3.6-1.27.4, mgr-custom-info-4.3.3-1.18.1, mgr-daemon-4.3.4-1.32.3, mgr-osad-4.3.6-1.39.4, mgr-push-4.3.4-1.21.4, mgr-virtualization-4.3.5-1.29.3, prometheus-blackbox_exporter-0.19.0-1.8.2, prometheus-postgres_exporter-0.10.0-1.8.2, python-hwdata-2.3.5-12.9.1, rhnlib-4.3.4-21.43.3, spacecmd-4.3.11-38.103.3, spacewalk-client-tools-4.3.9-52.71.3, spacewalk-koan-4.3.5-24.33.3, spacewalk-oscap-4.3.5-19.27.1, spacewalk-remote-utils-4.3.3-24.24.3, supportutils-plugin-salt-1.2.0-6.16.1, supportutils-plugin-susemanager-client-4.3.2-6.24.1, suseRegisterInfo-4.3.3-25.27.3, uyuni-common-libs-4.3.4-1.21.3
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    golang-github-prometheus-node_exporter-1.3.0-1.15.3
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    golang-github-prometheus-node_exporter-1.3.0-1.15.3
SUSE Linux Enterprise Server 12-SP5 (src):    golang-github-prometheus-node_exporter-1.3.0-1.15.3
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    golang-github-prometheus-node_exporter-1.3.0-1.15.3
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    golang-github-prometheus-node_exporter-1.3.0-1.15.3
SUSE Linux Enterprise Server 12-SP3-BCL (src):    golang-github-prometheus-node_exporter-1.3.0-1.15.3
HPE Helion Openstack 8 (src):    golang-github-prometheus-node_exporter-1.3.0-1.15.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 27 Swamp Workflow Management 2022-06-21 10:17:07 UTC
SUSE-SU-2022:2145-1: An update that solves 5 vulnerabilities, contains two features and has 33 fixes is now available.

Category: security (important)
Bug References: 1173527,1182742,1189501,1190535,1191143,1192850,1193032,1193238,1193707,1194262,1194447,1194594,1194909,1195561,1196067,1196338,1196407,1196702,1196704,1197356,1197429,1197438,1197488,1198221,1198356,1198686,1198914,1199036,1199142,1199149,1199512,1199528,1199577,1199629,1199677,1199888,1200212,1200606
CVE References: CVE-2022-21698,CVE-2022-21724,CVE-2022-21952,CVE-2022-26520,CVE-2022-31248
JIRA References: SLE-24238,SLE-24239
Sources used:
SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (src):    golang-github-QubitProducts-exporter_exporter-0.4.0-150200.6.12.2, golang-github-lusitaniae-apache_exporter-0.7.0-150200.2.6.2, golang-github-prometheus-node_exporter-1.3.0-150200.3.9.3, patterns-suse-manager-4.1-150200.6.12.2, postgresql-jdbc-42.2.10-150200.3.8.2, prometheus-exporters-formula-0.9.5-150200.3.31.2, prometheus-formula-0.3.7-150200.3.21.2, py27-compat-salt-3000.3-150200.6.24.2, spacecmd-4.1.18-150200.4.39.3, spacewalk-backend-4.1.31-150200.4.50.4, spacewalk-java-4.1.46-150200.3.71.5, spacewalk-setup-4.1.11-150200.3.18.2, spacewalk-utils-4.1.20-150200.3.30.2, spacewalk-web-4.1.34-150200.3.47.6, subscription-matcher-0.28-150200.3.15.2, susemanager-4.1.36-150200.3.52.1, susemanager-doc-indexes-4.1-150200.11.55.4, susemanager-docs_en-4.1-150200.11.55.2, susemanager-schema-4.1.26-150200.3.45.4, susemanager-sls-4.1.36-150200.3.64.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 28 Swamp Workflow Management 2022-06-21 10:20:13 UTC
SUSE-SU-2022:2143-1: An update that solves four vulnerabilities and has 28 fixes is now available.

Category: security (moderate)
Bug References: 1182742,1189501,1190535,1192850,1193032,1193238,1193707,1194262,1194447,1194594,1194909,1195561,1196338,1196407,1196702,1196704,1197356,1197429,1197438,1197488,1198221,1198356,1198686,1198914,1199036,1199142,1199149,1199512,1199528,1199629,1199677,1199888
CVE References: CVE-2022-21724,CVE-2022-21952,CVE-2022-26520,CVE-2022-31248
JIRA References: 
Sources used:
SUSE Manager Server 4.1 (src):    release-notes-susemanager-4.1.15-150200.3.80.1
SUSE Manager Retail Branch Server 4.1 (src):    release-notes-susemanager-proxy-4.1.15-150200.3.56.1
SUSE Manager Proxy 4.1 (src):    release-notes-susemanager-proxy-4.1.15-150200.3.56.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 29 Swamp Workflow Management 2022-06-21 10:24:30 UTC
SUSE-RU-2022:2145-1: An update that solves one vulnerability, contains two features and has 8 fixes is now available.

Category: recommended (moderate)
Bug References: 1190535,1193238,1194447,1194594,1194909,1196338,1196704,1199142,1199528
CVE References: CVE-2022-21698
JIRA References: SLE-24238,SLE-24239
Sources used:
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (src):    golang-github-QubitProducts-exporter_exporter-0.4.0-150200.6.12.2, golang-github-lusitaniae-apache_exporter-0.7.0-150200.2.6.2, golang-github-prometheus-node_exporter-1.3.0-150200.3.9.3, patterns-suse-manager-4.1-150200.6.12.2, spacecmd-4.1.18-150200.4.39.3, spacewalk-backend-4.1.31-150200.4.50.4, spacewalk-web-4.1.34-150200.3.47.6

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.