SUSE: 2022:2146-1 important: release-notes-susemanager, release-notes-susemanager-proxy
Summary
This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues: Release notes for SUSE Manager: - Update to 4.2.7 * Salt has been upgraded to 3004 version * Enabled salt bundle as optional * Debian 11 client support has been added * Alertmanager has been upgraded to 0.23.0 * Node exporter has been upgraded 1.3.0 * CVEs fixed: CVE-2021-44906, CVE-2022-21952, CVE-2022-31248 * Bugs mentioned: bsc#1187333, bsc#1191143, bsc#1192550, bsc#1193707, bsc#1194594 bsc#1195710, bsc#1196702, bsc#1197400, bsc#1197438, bsc#1197449 bsc#1197488, bsc#1197591, bsc#1197689, bsc#1198221 Release notes for SUSE Manager proxy: - Update to 4.2.7 * Salt has been upgraded to 3004 version * Bugs mentioned: bsc#1187333, bsc#1194594, bsc#1195710, bsc#1197689 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2022-2146=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2022-2146=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2022-2146=1 Package List: - SUSE Manager Server 4.2 (ppc64le s390x x86_64): release-notes-susemanager-4.2.7-150300.3.44.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): release-notes-susemanager-proxy-4.2.7-150300.3.31.2 - SUSE Manager Proxy 4.2 (x86_64): release-notes-susemanager-proxy-4.2.7-150300.3.31.2
References
#1187333 #1191143 #1192550 #1193707 #1194594
#1195710 #1196702 #1197400 #1197438 #1197449
#1197488 #1197591 #1197689 #1198221
Cross- CVE-2021-44906 CVE-2022-21952 CVE-2022-31248
CVSS scores:
CVE-2021-44906 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-44906 (SUSE): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE-2022-31248 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products:
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
https://www.suse.com/security/cve/CVE-2021-44906.html
https://www.suse.com/security/cve/CVE-2022-21952.html
https://www.suse.com/security/cve/CVE-2022-31248.html
https://bugzilla.suse.com/1187333
https://bugzilla.suse.com/1191143
https://bugzilla.suse.com/1192550
https://bugzilla.suse.com/1193707
https://bugzilla.suse.com/1194594
https://bugzilla.suse.com/1195710
https://bugzilla.suse.com/1196702
https://bugzilla.suse.com/1197400
https://bugzilla.suse.com/1197438
https://bugzilla.suse.com/1197449
https://bugzilla.suse.com/1197488
https://bugzilla.suse.com/1197591
https://bugzilla.suse.com/1197689
https://bugzilla.suse.com/1198221