Security update for release-notes-susemanager, release-notes-susemanager-proxy

Announcement ID:	SUSE-SU-2022:2146-1
Rating:	important
References:	bsc#1187333 bsc#1191143 bsc#1192550 bsc#1193707 bsc#1194594 bsc#1195710 bsc#1196702 bsc#1197400 bsc#1197438 bsc#1197449 bsc#1197488 bsc#1197591 bsc#1197689 bsc#1198221
Cross-References:	CVE-2021-44906 CVE-2022-21952 CVE-2022-31248
CVSS scores:	CVE-2021-44906 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-44906 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-21952 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-21952 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-31248 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-31248 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products:	openSUSE Leap 15.3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2

An update that solves three vulnerabilities and has 11 security fixes can now be installed.

Description:

This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues:

Release notes for SUSE Manager:

• Update to 4.2.7
• Salt has been upgraded to 3004 version
• Enabled salt bundle as optional
• Debian 11 client support has been added
• Alertmanager has been upgraded to 0.23.0
• Node exporter has been upgraded 1.3.0
• CVEs fixed: CVE-2021-44906, CVE-2022-21952, CVE-2022-31248
• Bugs mentioned: bsc#1187333, bsc#1191143, bsc#1192550, bsc#1193707, bsc#1194594 bsc#1195710, bsc#1196702, bsc#1197400, bsc#1197438, bsc#1197449 bsc#1197488, bsc#1197591, bsc#1197689, bsc#1198221

Release notes for SUSE Manager proxy:

• Update to 4.2.7
• Salt has been upgraded to 3004 version
• Bugs mentioned: bsc#1187333, bsc#1194594, bsc#1195710, bsc#1197689

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• openSUSE Leap 15.3
  zypper in -t patch SUSE-2022-2146=1
• SUSE Manager Proxy 4.2
  zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2022-2146=1
• SUSE Manager Retail Branch Server 4.2
  zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2022-2146=1
• SUSE Manager Server 4.2
  zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2022-2146=1

Package List:

• openSUSE Leap 15.3 (aarch64 ppc64le s390x i586)
  • release-notes-susemanager-proxy-4.2.7-150300.3.33.1
• openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
  • release-notes-susemanager-4.2.7-150300.3.44.1
• openSUSE Leap 15.3 (x86_64)
  • release-notes-susemanager-proxy-4.2.7-150300.3.31.2
• SUSE Manager Proxy 4.2 (x86_64)
  • release-notes-susemanager-proxy-4.2.7-150300.3.31.2
• SUSE Manager Retail Branch Server 4.2 (x86_64)
  • release-notes-susemanager-proxy-4.2.7-150300.3.31.2
• SUSE Manager Server 4.2 (ppc64le s390x x86_64)
  • release-notes-susemanager-4.2.7-150300.3.44.1

References:

• https://www.suse.com/security/cve/CVE-2021-44906.html
• https://www.suse.com/security/cve/CVE-2022-21952.html
• https://www.suse.com/security/cve/CVE-2022-31248.html
• https://bugzilla.suse.com/show_bug.cgi?id=1187333
• https://bugzilla.suse.com/show_bug.cgi?id=1191143
• https://bugzilla.suse.com/show_bug.cgi?id=1192550
• https://bugzilla.suse.com/show_bug.cgi?id=1193707
• https://bugzilla.suse.com/show_bug.cgi?id=1194594
• https://bugzilla.suse.com/show_bug.cgi?id=1195710
• https://bugzilla.suse.com/show_bug.cgi?id=1196702
• https://bugzilla.suse.com/show_bug.cgi?id=1197400
• https://bugzilla.suse.com/show_bug.cgi?id=1197438
• https://bugzilla.suse.com/show_bug.cgi?id=1197449
• https://bugzilla.suse.com/show_bug.cgi?id=1197488
• https://bugzilla.suse.com/show_bug.cgi?id=1197591
• https://bugzilla.suse.com/show_bug.cgi?id=1197689
• https://bugzilla.suse.com/show_bug.cgi?id=1198221