SUSE SLES15 Security Update : release-notes-susemanager, release-notes-susemanager-proxy (SUSE-SU-2022:3761-1)

high Nessus Plugin ID 181674

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3761-1 advisory.

Release notes for SUSE Manager:

- Update to SUSE Manager 4.3.2
* Containerized proxy and RBS are now fully supported
* HTTP API is now fully supported
* Ubuntu 22.04 is now supported as a client
* Cobbler has been upgraded to version 3.3.3 which also includes building ISOs with UEFI support
* pip support has been added for the Salt Bundle
* Prometheus exporter for Apache has been upgraded to 0.10.0
* CVEs fixed: CVE-2021-41411, CVE-2021-42740, CVE-2021-43138, CVE-2022-0860, CVE-2022-31129
* Bugs mentioned:
bsc#1191857, bsc#1195624, bsc#1196729, bsc#1197027, bsc#1198168 bsc#1198903, bsc#1199726, bsc#1200480, bsc#1200573, bsc#1200629 bsc#1201210, bsc#1201220, bsc#1201260, bsc#1201626, bsc#1201753 bsc#1201788, bsc#1201913, bsc#1201918, bsc#1202271, bsc#1202272 bsc#1202367, bsc#1202455, bsc#1202464, bsc#1202602, bsc#1202728 bsc#1202729, bsc#1202805, bsc#1202899, bsc#1203026, bsc#1203049 bsc#1203056, bsc#1203169, bsc#1203287, bsc#1203288, bsc#1203385 bsc#1203406, bsc#1203422, bsc#1203449, bsc#1203478, bsc#1203484 bsc#1203564, bsc#1203585, bsc#1203611

Release notes for SUSE Manager Proxy:

- Update to SUSE Manager 4.3.2
* Containerized proxy and RBS are now fully supported
* CVEs fixed: CVE-2021-42740, CVE-2021-43138, CVE-2022-31129
* Bugs mentioned:
bsc#1198168, bsc#1198903, bsc#1200480, bsc#1201589, bsc#1201788 bsc#1203287, bsc#1203288, bsc#1203585

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected release-notes-susemanager and / or release-notes-susemanager-proxy packages.

See Also

https://bugzilla.suse.com/1191857

https://bugzilla.suse.com/1195624

https://bugzilla.suse.com/1196729

https://bugzilla.suse.com/1197027

https://bugzilla.suse.com/1198168

https://bugzilla.suse.com/1198903

https://bugzilla.suse.com/1199726

https://bugzilla.suse.com/1200480

https://bugzilla.suse.com/1200573

https://bugzilla.suse.com/1200629

https://bugzilla.suse.com/1201210

https://bugzilla.suse.com/1201220

https://bugzilla.suse.com/1201260

https://bugzilla.suse.com/1201589

https://bugzilla.suse.com/1201626

https://bugzilla.suse.com/1201753

https://bugzilla.suse.com/1201788

https://bugzilla.suse.com/1201913

https://bugzilla.suse.com/1201918

https://bugzilla.suse.com/1202271

https://bugzilla.suse.com/1202272

https://bugzilla.suse.com/1202367

https://bugzilla.suse.com/1202455

https://bugzilla.suse.com/1202464

https://bugzilla.suse.com/1202602

https://bugzilla.suse.com/1202728

https://bugzilla.suse.com/1202729

https://bugzilla.suse.com/1202805

https://bugzilla.suse.com/1202899

https://bugzilla.suse.com/1203026

https://bugzilla.suse.com/1203049

https://bugzilla.suse.com/1203056

https://bugzilla.suse.com/1203169

https://bugzilla.suse.com/1203287

https://bugzilla.suse.com/1203288

https://bugzilla.suse.com/1203385

https://bugzilla.suse.com/1203406

https://bugzilla.suse.com/1203422

https://bugzilla.suse.com/1203449

https://bugzilla.suse.com/1203478

https://bugzilla.suse.com/1203484

https://bugzilla.suse.com/1203564

https://bugzilla.suse.com/1203585

https://bugzilla.suse.com/1203611

https://www.suse.com/security/cve/CVE-2021-41411

https://www.suse.com/security/cve/CVE-2021-42740

https://www.suse.com/security/cve/CVE-2021-43138

https://www.suse.com/security/cve/CVE-2022-0860

https://www.suse.com/security/cve/CVE-2022-31129

http://www.nessus.org/u?db7bd395

Plugin Details

Severity: High

ID: 181674

File Name: suse_SU-2022-3761-1.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 9/20/2023

Updated: 6/25/2026

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-42740

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS v4

Risk Factor: High

Base Score: 8.8

Threat Score: 7.8

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2022-0860

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:release-notes-susemanager, p-cpe:/a:novell:suse_linux:release-notes-susemanager-proxy

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/26/2022

Vulnerability Publication Date: 10/21/2021

Reference Information

CVE: CVE-2021-41411, CVE-2021-42740, CVE-2021-43138, CVE-2022-0860, CVE-2022-31129

SuSE: SUSE-SU-2022:3761-1