Security update for release-notes-susemanager, release-notes-susemanager-proxy

Announcement ID:	SUSE-SU-2022:3313-1
Rating:	critical
References:	bsc#1172705 bsc#1187028 bsc#1195455 bsc#1195895 bsc#1196729 bsc#1198168 bsc#1198489 bsc#1198738 bsc#1198903 bsc#1199372 bsc#1199659 bsc#1199913 bsc#1199950 bsc#1200276 bsc#1200296 bsc#1200480 bsc#1200532 bsc#1200573 bsc#1200591 bsc#1200629 bsc#1201142 bsc#1201189 bsc#1201210 bsc#1201220 bsc#1201224 bsc#1201527 bsc#1201606 bsc#1201607 bsc#1201626 bsc#1201753 bsc#1201913 bsc#1201918 bsc#1202142 bsc#1202272 bsc#1202464 bsc#1202724 bsc#1202728 bsc#1203287 bsc#1203288 bsc#1203449
Cross-References:	CVE-2021-41411 CVE-2021-42740 CVE-2021-43138 CVE-2022-31129
CVSS scores:	CVE-2021-41411 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-41411 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-42740 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-42740 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-43138 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-43138 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31129 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-31129 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:	openSUSE Leap 15.3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2

An update that solves four vulnerabilities and has 36 security fixes can now be installed.

Description:

This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues:

Release notes for SUSE Manager:

• Update to SUSE:Manager 4.2.9
• Notification about SUSE Manager end-of-life has been added
• CVEs fixed: CVE-2021-43138, CVE-2021-42740, CVE-2022-31129, CVE-2021-41411
• Bugs mentioned: bsc#1172705, bsc#1187028, bsc#1195455, bsc#1195895, bsc#1196729 bsc#1198168, bsc#1198489, bsc#1198738, bsc#1198903, bsc#1199372 bsc#1199659, bsc#1199913, bsc#1199950, bsc#1200276, bsc#1200296 bsc#1200480, bsc#1200532, bsc#1200573, bsc#1200591, bsc#1200629 bsc#1201142, bsc#1201189, bsc#1201210, bsc#1201220, bsc#1201224 bsc#1201527, bsc#1201606, bsc#1201607, bsc#1201626, bsc#1201753 bsc#1201913, bsc#1201918, bsc#1202142, bsc#1202272, bsc#1202464 bsc#1202728, bsc#1203287, bsc#1203288, bsc#1203449

Release notes for SUSE Manager Proxy:

• Update to SUSE Manager 4.2.9
• CVEs fixed: CVE-2021-43138, CVE-2021-42740, CVE-2022-31129
• Bugs mentioned: bsc#1198168, bsc#1198903, bsc#1199659, bsc#1200480, bsc#1200591 bsc#1201142, bsc#1202142, bsc#1202724

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• openSUSE Leap 15.3
  zypper in -t patch SUSE-2022-3313=1
• SUSE Manager Proxy 4.2
  zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2022-3313=1
• SUSE Manager Retail Branch Server 4.2
  zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2022-3313=1
• SUSE Manager Server 4.2
  zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2022-3313=1

Package List:

• openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
  • release-notes-susemanager-proxy-4.2.9-150300.3.43.1
  • release-notes-susemanager-4.2.9-150300.3.54.1
• SUSE Manager Proxy 4.2 (x86_64)
  • release-notes-susemanager-proxy-4.2.9-150300.3.43.1
• SUSE Manager Retail Branch Server 4.2 (x86_64)
  • release-notes-susemanager-proxy-4.2.9-150300.3.43.1
• SUSE Manager Server 4.2 (ppc64le s390x x86_64)
  • release-notes-susemanager-4.2.9-150300.3.54.1

References:

• https://www.suse.com/security/cve/CVE-2021-41411.html
• https://www.suse.com/security/cve/CVE-2021-42740.html
• https://www.suse.com/security/cve/CVE-2021-43138.html
• https://www.suse.com/security/cve/CVE-2022-31129.html
• https://bugzilla.suse.com/show_bug.cgi?id=1172705
• https://bugzilla.suse.com/show_bug.cgi?id=1187028
• https://bugzilla.suse.com/show_bug.cgi?id=1195455
• https://bugzilla.suse.com/show_bug.cgi?id=1195895
• https://bugzilla.suse.com/show_bug.cgi?id=1196729
• https://bugzilla.suse.com/show_bug.cgi?id=1198168
• https://bugzilla.suse.com/show_bug.cgi?id=1198489
• https://bugzilla.suse.com/show_bug.cgi?id=1198738
• https://bugzilla.suse.com/show_bug.cgi?id=1198903
• https://bugzilla.suse.com/show_bug.cgi?id=1199372
• https://bugzilla.suse.com/show_bug.cgi?id=1199659
• https://bugzilla.suse.com/show_bug.cgi?id=1199913
• https://bugzilla.suse.com/show_bug.cgi?id=1199950
• https://bugzilla.suse.com/show_bug.cgi?id=1200276
• https://bugzilla.suse.com/show_bug.cgi?id=1200296
• https://bugzilla.suse.com/show_bug.cgi?id=1200480
• https://bugzilla.suse.com/show_bug.cgi?id=1200532
• https://bugzilla.suse.com/show_bug.cgi?id=1200573
• https://bugzilla.suse.com/show_bug.cgi?id=1200591
• https://bugzilla.suse.com/show_bug.cgi?id=1200629
• https://bugzilla.suse.com/show_bug.cgi?id=1201142
• https://bugzilla.suse.com/show_bug.cgi?id=1201189
• https://bugzilla.suse.com/show_bug.cgi?id=1201210
• https://bugzilla.suse.com/show_bug.cgi?id=1201220
• https://bugzilla.suse.com/show_bug.cgi?id=1201224
• https://bugzilla.suse.com/show_bug.cgi?id=1201527
• https://bugzilla.suse.com/show_bug.cgi?id=1201606
• https://bugzilla.suse.com/show_bug.cgi?id=1201607
• https://bugzilla.suse.com/show_bug.cgi?id=1201626
• https://bugzilla.suse.com/show_bug.cgi?id=1201753
• https://bugzilla.suse.com/show_bug.cgi?id=1201913
• https://bugzilla.suse.com/show_bug.cgi?id=1201918
• https://bugzilla.suse.com/show_bug.cgi?id=1202142
• https://bugzilla.suse.com/show_bug.cgi?id=1202272
• https://bugzilla.suse.com/show_bug.cgi?id=1202464
• https://bugzilla.suse.com/show_bug.cgi?id=1202724
• https://bugzilla.suse.com/show_bug.cgi?id=1202728
• https://bugzilla.suse.com/show_bug.cgi?id=1203287
• https://bugzilla.suse.com/show_bug.cgi?id=1203288
• https://bugzilla.suse.com/show_bug.cgi?id=1203449