Security update for release-notes-susemanager, release-notes-susemanager-proxy

Announcement ID:	SUSE-SU-2022:3879-1
Rating:	critical
References:	bsc#1195624 bsc#1197724 bsc#1199726 bsc#1200596 bsc#1201059 bsc#1201788 bsc#1202167 bsc#1202729 bsc#1202785 bsc#1203283 bsc#1203406 bsc#1203422 bsc#1203564 bsc#1203599 bsc#1203611 bsc#1203898 bsc#1204146 bsc#1204203 bsc#1204543 bsc#1204716 bsc#1204741
Cross-References:	CVE-2022-31255 CVE-2022-43753 CVE-2022-43754
CVSS scores:	CVE-2022-31255 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-43753 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2022-43753 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-43754 ( SUSE ): 3.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N CVE-2022-43754 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected Products:	openSUSE Leap 15.3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2

An update that solves three vulnerabilities and has 18 security fixes can now be installed.

Description:

This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues:

Release notes for SUSE Manager:

• Update to SUSE Manager 4.2.10
• Apache exporter has been upgraded to version 0.11.0
• CVEs fixed: CVE-2022-43753, CVE-2022-43754, CVE-2022-31255
• Bugs mentioned: bsc#1195624, bsc#1197724, bsc#1199726, bsc#1200596, bsc#1201059 bsc#1201788, bsc#1202167, bsc#1202729, bsc#1202785, bsc#1203283 bsc#1203406, bsc#1203422, bsc#1203564, bsc#1203599, bsc#1203611 bsc#1203898, bsc#1204146, bsc#1204203, bsc#1195624, bsc#1197724 bsc#1199726, bsc#1200596, bsc#1201059, bsc#1201788, bsc#1202167 bsc#1202729, bsc#1202785, bsc#1203283, bsc#1203406, bsc#1203422 bsc#1203564, bsc#1203599, bsc#1203611, bsc#1203898, bsc#1204146 bsc#1204716, bsc#1204741, bsc#1204543

Release notes for SUSE Manager Proxy:

• Update to SUSE Manager 4.2.10
• Bugs mentioned: bsc#1201059, bsc#1201788, bsc#1203283

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• openSUSE Leap 15.3
  zypper in -t patch SUSE-2022-3879=1
• SUSE Manager Proxy 4.2
  zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2022-3879=1
• SUSE Manager Retail Branch Server 4.2
  zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2022-3879=1
• SUSE Manager Server 4.2
  zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2022-3879=1

Package List:

• openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
  • release-notes-susemanager-proxy-4.2.10-150300.3.46.1
  • release-notes-susemanager-4.2.10-150300.3.57.1
• SUSE Manager Proxy 4.2 (x86_64)
  • release-notes-susemanager-proxy-4.2.10-150300.3.46.1
• SUSE Manager Retail Branch Server 4.2 (x86_64)
  • release-notes-susemanager-proxy-4.2.10-150300.3.46.1
• SUSE Manager Server 4.2 (ppc64le s390x x86_64)
  • release-notes-susemanager-4.2.10-150300.3.57.1

References:

• https://www.suse.com/security/cve/CVE-2022-31255.html
• https://www.suse.com/security/cve/CVE-2022-43753.html
• https://www.suse.com/security/cve/CVE-2022-43754.html
• https://bugzilla.suse.com/show_bug.cgi?id=1195624
• https://bugzilla.suse.com/show_bug.cgi?id=1197724
• https://bugzilla.suse.com/show_bug.cgi?id=1199726
• https://bugzilla.suse.com/show_bug.cgi?id=1200596
• https://bugzilla.suse.com/show_bug.cgi?id=1201059
• https://bugzilla.suse.com/show_bug.cgi?id=1201788
• https://bugzilla.suse.com/show_bug.cgi?id=1202167
• https://bugzilla.suse.com/show_bug.cgi?id=1202729
• https://bugzilla.suse.com/show_bug.cgi?id=1202785
• https://bugzilla.suse.com/show_bug.cgi?id=1203283
• https://bugzilla.suse.com/show_bug.cgi?id=1203406
• https://bugzilla.suse.com/show_bug.cgi?id=1203422
• https://bugzilla.suse.com/show_bug.cgi?id=1203564
• https://bugzilla.suse.com/show_bug.cgi?id=1203599
• https://bugzilla.suse.com/show_bug.cgi?id=1203611
• https://bugzilla.suse.com/show_bug.cgi?id=1203898
• https://bugzilla.suse.com/show_bug.cgi?id=1204146
• https://bugzilla.suse.com/show_bug.cgi?id=1204203
• https://bugzilla.suse.com/show_bug.cgi?id=1204543
• https://bugzilla.suse.com/show_bug.cgi?id=1204716
• https://bugzilla.suse.com/show_bug.cgi?id=1204741