SUSE SLES15: cobbler / grafana-formula / inter-server-sync / jose4j / etc (SUSE-SU-2024:0485-1)

medium Nessus Plugin ID 190654

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0485-1 advisory.

cobbler:

- Build the appendline correctly for RHEL-family <= 9 (bsc#1216437)
- Notify to 'systemd' when cobblerd startup is finished (bsc#1215982)
- Enable ppc64(le) buildiso support (bsc#1214077)

grafana-formula:

- Version 0.10.0
* Replace legacy message queue metrics with Salt queue metrics
* Grafana formula should not be supported in a Proxy/Retail

inter-server-sync:

- Version 0.3.2-1
* Fix conflict in rhndistchannelmap (bsc#1216114)

jose4j:

- CVE-2023-31582: Insecure Password-Based Encryption Iteration Count (bsc#1216609)

liberate-formula:

- Version 0.1.0
* Provide liberate-formula, a formula for converting a system to SUSE Liberty Linux

patterns-suse-manager:

- Add liberate-formula to the required packages for the server to get it installed by default

prometheus-formula:

- Version 0.8.0
* Fix federation endpoint
* Add remote write configuration
* Add group filtering for service discovery relabeling configuration
- Version 0.7.1
* Fix PrometheusNotIngestingSamples false positive alerts (bsc#1216550)

prometheus-postgres_exporter:

- Do not build debug if RHEL >= 8
- Do not strip if SUSE Linux Enterprise 15 SP3
- Build at least with with Go >= 1.18 on RHEL
- Build with Go >= 1.20 elsewhere

saltboot-formula:

- Update to version 0.1.1701196218.b6b8ca1
* Remove f-formating to be compatible with python < 3.6
* Update packaging not to package salt directories
- Update to version 0.1.1692188980.9aa0455

spacecmd:

- Version 4.3.26-1
* Update translation strings

spacewalk-backend:

- Version 4.3.27-1
* Fix issue in 'spacewalk-repo-sync' when RPM packages contains files with size greater than 4GB (bsc#1219151)
- Version 4.3.26-1
* Fix decompressing and renaming bzip2 comps files in reposync
* Update query to the new credentials structure
* Remove normalize_orphan_vendor_packages and move it to taskomatic (bsc#1216781)
* Skip syncing packages with incorrect metadata (bsc#1213738)
* Update translation strings

spacewalk-certs-tools:

- version 4.3.22-1
* Skip deploying the CA into the Salt directory on proxies (bsc#1219850)
- Version 4.3.21-1
* Deploy the CA certificate also into the Salt filesystem (bsc#1219577)
- Version 4.3.20-1
* Handle server keys in PKCS8 format in mgr-ssl-cert-setup (bsc#1218615)
* Include reboot info beacon in the bootstrap script for transactional systems (bsc#1217588)

spacewalk-client-tools:

- Version 4.3.18-1
* Update translation strings

spacewalk-java:

- Version 4.3.71-1
* Generate server SSH key also when bootstrapping regular Minions (bsc#1219449)
- Version 4.3.70-1
* Fix the use of page size preference in systems and packages lists (bsc#1217209)
* Fix issue with disabling token check not working (bsc#1218669)
* Enforce snakeyaml version requirement (bsc#1215166)
* Improve the performance of paginated queries when syncing the reporting database (bsc#1211912, bsc#1213079)
* Do not require entitlement for Pay-as-you-go SUSE Linux Enterprise Server for SAP (bsc#1217069)
* Use the base product file to show the correct SUSE Manager product in the subscription matching results page
* Do not require entitlements if SUSE Manager is Pay-as-you-go
* Exclude SUSE Manager from subscription matching if it's Pay-as-you-go
* Refactor Credentials to a proper class hierarchy
* Fix unit test about duplicated packages
* Prevent installation of packages with same name in a single action (bsc#1214791)
* When canceling an action which has prerequisites, return hints to get the first action id which can be canceled (bsc#1216988)
* Fix exception when removing a Debian package (bsc#1216781)
* Fix XSS in taskomatic XML RPC handler (bsc#1210911)
* Improve logging for Product Migration (bsc#1218490)
* Add only 1 IP for Cloud RMT Host in /etc/hosts
* Change org for orphan vendor packages that an admin can delete (bsc#1216781)
* Expose the monitoring data for the Salt queue handling the Salt results
* Provide total number of CPUs for SUSE Linux Enterprise Micro systems to subscription matcher when it is not used as hypervisor to match vCore subscriptions correctly (bsc#1218074)
* Try to download compressed Ubuntu USN database
* Add user information to system organization transfer message (bsc#1216753)
* CVE-2023-32189: Fix issue with Salt SSH keys for Salt SSH Minions (bsc#1170848)
* Add notification in daily email in addition to in SUSE Manager home page when SUSE Manager Pay-as-you-go is not compliant
* Fix apidoc link from #top to $call.name (bsc#1213507)
* Add config option to disable remote commands from web UI (bsc#1217869)
* Address high rating Sonar issues
* Refactor SUSE Customer Center registration flow
* Avoid blocking Taskomatic thread when waiting for queued action (bsc#1211560)
* Fix modify kickstart profile when using 'Always newest tree' option (bsc#1215813)
* Configure reboot method for SUSE Linux Enterprise Micro when applying bootstrap state (bsc#1213981)
* Handle not existing known_host file in permission check
* Fix handling of proxy ssh public keys
* Include reboot required indication for non-Suse distros

spacewalk-setup:

- Version 4.3.19-1
* Update query to the new credentials structure
* Fix setting SUSE Customer Center password during setup

spacewalk-utils:

- Version 4.3.19-1
* Add SUSE Linux Enterprise Micro 5.4 and 5.5 to spacewalk-commons-channels

spacewalk-web:

- Version 4.3.37-1
* Fix the use of page size preference in systems and packages lists (bsc#1217209)
* Fix issue displaying Ansible playbook name (bsc#1216657)
* Add support for `PaygNotCompliantWarning` notification
* Bump web.version to 4.3.11

subscription-matcher:

- Version 0.35
* Added missing part number
- Version 0.34
* Enabled support for Long Term Service Pack Support subscriptions (bsc#1218075)
* Added SUSE Linux Enterprise Micro vCore handling (bsc#1218074)
* Added new SKUs and new bundles

supportutils-plugin-susemanager:

- Version 4.3.10-1
* Update query to the new credentials structure

susemanager:

- Version 4.3.34-1
* Rename Open Enterprise Server label to OES23.4 (bsc#1215514)
* Verify in Yast FQDN with name returned via DNS reverse lookup
* CVE-2023-32189: Fix issue with Salt SSH keys for Salt SSH Minions (bsc#1170848)

susemanager-build-keys:

- Version 15.4.10
* Add new Almalinux 8 GPG Key (bsc#1218849)
* Refresh extended Uyuni GPG public key

susemanager-docs_en:

- Removed obsolete traditional to Salt migration documentation from the System Types section of the Client Configuration Guide and updated the Migrate traditional clients to Salt clients section
- Fixed navigation bar of Client Configuration Guide (bsc#1218089)
- Added openSUSE Leap to Supported Features navigation list in Client Configuration Guide (bsc#1218094)
- Described new monitoring metrics for Salt queue in Administration Guide
- Fixed xrefs for internal book references
- Removed mentioning that CVE number for CVE auditing is optional (bsc#1218019)
- Corrected channel names for CentOS 7 Updates and Extras in CentOS Client Configuration Guide
- Documented bootstrap settings for SUSE Linux Enterprise Micro in Client Configuration Guide (bsc#1216394)
- Corrected command mgr-push to mgrpush in Administration Guide (bsc#1215810)
- Updated Red Hat OVAL data URL and file in CentOS Clients Registration in Client Configution Guide
- Added Pay-as-you-go for Azure documentation to the Specialized Guides book
- Added Pay-as-you-go limitations chapter to Pay-as-you-go Guide
- Removed Ubuntu 18.04 from the list of supported clients
- Fixed file location in Custom Salt Formulas section of Salt Guide
- Documented using Virtualization Host formula in Client Configuration

susemanager-schema:

- Version 4.3.24-1
* Refactor susecredentials to support the new hierarchy
* Improve performance of System (bsc#1211254)
* Change schedule of system-profile-refresh to run on the 2nd Saturday of a month to not collide with normal working times (bsc#1215769)

susemanager-sls:

- version 4.3.40-1
* Remove automatic reboot from transactional systems bootstrap (bsc#1218146)
- Version 4.3.39-1
* Change certs/RHN-ORG-TRUSTED-SSL-CERT from symlink into a real file (bsc#1219577)
- Version 4.3.38-1
* Improve Pay-as-you-go instance detection (bsc#1217784)
* CVE-2023-32189: Fix issue with Salt SSH keys for Salt SSH Minions (bsc#1170848)
* Configure reboot method for SUSE Linux Enterprise Micro when applying bootstrap state (bsc#1213981)
* Include reboot required indication for non SUSE distros

susemanager-sync-data:

- Version 4.3.16-1
* Fix OES 23.4 internal name (bsc#1218837)
- Version 4.3.15-1
* Update release status and repository description of Open Enterprise Server 23.4 (bsc#1215514)
* Add new SUSE Liberty Linux 7 Long Term Service Pack Support channel families
* Rename Red Hat Enterprise Linux and Liberty 8 Base product to remove EOL CentOS 8 from the name

uyuni-reportdb-schema:

- Version 4.3.9-1
* Provide reportdb upgrade schema path structure

How to apply this update:

1. Log in as root user to the SUSE Manager Server.
2. Stop the Spacewalk service:
`spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update.
4. Start the Spacewalk service:
`spacewalk-service start`

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1170848

https://bugzilla.suse.com/1210911

https://bugzilla.suse.com/1211254

https://bugzilla.suse.com/1211560

https://bugzilla.suse.com/1211912

https://bugzilla.suse.com/1213079

https://bugzilla.suse.com/1213507

https://bugzilla.suse.com/1213738

https://bugzilla.suse.com/1213981

https://bugzilla.suse.com/1214077

https://bugzilla.suse.com/1214791

https://bugzilla.suse.com/1215166

https://bugzilla.suse.com/1215514

https://bugzilla.suse.com/1215769

https://bugzilla.suse.com/1215810

https://bugzilla.suse.com/1215813

https://bugzilla.suse.com/1215982

https://bugzilla.suse.com/1216114

https://bugzilla.suse.com/1216394

https://bugzilla.suse.com/1216437

https://bugzilla.suse.com/1216550

https://bugzilla.suse.com/1216609

https://bugzilla.suse.com/1216657

https://bugzilla.suse.com/1216753

https://bugzilla.suse.com/1216781

https://bugzilla.suse.com/1216988

https://bugzilla.suse.com/1217069

https://bugzilla.suse.com/1217209

https://bugzilla.suse.com/1217588

https://bugzilla.suse.com/1217784

https://bugzilla.suse.com/1217869

https://bugzilla.suse.com/1218019

https://bugzilla.suse.com/1218074

https://bugzilla.suse.com/1218075

https://bugzilla.suse.com/1218089

https://bugzilla.suse.com/1218094

https://bugzilla.suse.com/1218146

https://bugzilla.suse.com/1218490

https://bugzilla.suse.com/1218615

https://bugzilla.suse.com/1218669

https://bugzilla.suse.com/1218837

https://bugzilla.suse.com/1218849

https://bugzilla.suse.com/1219151

https://bugzilla.suse.com/1219449

https://bugzilla.suse.com/1219577

https://bugzilla.suse.com/1219850

https://www.suse.com/security/cve/CVE-2023-31582

https://www.suse.com/security/cve/CVE-2023-32189

http://www.nessus.org/u?62e9cede

Plugin Details

Severity: Medium

ID: 190654

File Name: suse_SU-2024-0485-1.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 2/17/2024

Updated: 6/25/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.3

Percentile: 50.9

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N

CVSS Score Source: CVE-2023-31582

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS v4

Risk Factor: Medium

Base Score: 6.4

Threat Score: 2.5

Threat Vector: CVSS:4.0/E:U

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H

CVSS Score Source: CVE-2023-32189

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:saltboot-formula, p-cpe:/a:novell:suse_linux:spacewalk-base-minimal-config, p-cpe:/a:novell:suse_linux:patterns-suma_retail, p-cpe:/a:novell:suse_linux:subscription-matcher, p-cpe:/a:novell:suse_linux:susemanager-sls, p-cpe:/a:novell:suse_linux:python3-spacewalk-certs-tools, p-cpe:/a:novell:suse_linux:patterns-suma_server, p-cpe:/a:novell:suse_linux:spacewalk-base-minimal, p-cpe:/a:novell:suse_linux:spacewalk-utils-extras, p-cpe:/a:novell:suse_linux:spacewalk-backend-iss-export, p-cpe:/a:novell:suse_linux:spacewalk-java-postgresql, p-cpe:/a:novell:suse_linux:susemanager-schema-utility, p-cpe:/a:novell:suse_linux:python3-spacewalk-client-tools, p-cpe:/a:novell:suse_linux:spacewalk-html, p-cpe:/a:novell:suse_linux:spacewalk-java-config, p-cpe:/a:novell:suse_linux:spacewalk-certs-tools, p-cpe:/a:novell:suse_linux:spacecmd, p-cpe:/a:novell:suse_linux:spacewalk-backend-app, p-cpe:/a:novell:suse_linux:inter-server-sync, p-cpe:/a:novell:suse_linux:susemanager-schema, p-cpe:/a:novell:suse_linux:cobbler, p-cpe:/a:novell:suse_linux:spacewalk-backend-tools, p-cpe:/a:novell:suse_linux:susemanager-docs_en, p-cpe:/a:novell:suse_linux:spacewalk-setup, p-cpe:/a:novell:suse_linux:spacewalk-backend-config-files, p-cpe:/a:novell:suse_linux:spacewalk-backend-xml-export-libs, p-cpe:/a:novell:suse_linux:supportutils-plugin-susemanager, p-cpe:/a:novell:suse_linux:grafana-formula, p-cpe:/a:novell:suse_linux:spacewalk-base, p-cpe:/a:novell:suse_linux:susemanager-build-keys, p-cpe:/a:novell:suse_linux:susemanager-tools, p-cpe:/a:novell:suse_linux:jose4j, p-cpe:/a:novell:suse_linux:spacewalk-backend-iss, p-cpe:/a:novell:suse_linux:spacewalk-backend-applet, p-cpe:/a:novell:suse_linux:spacewalk-backend-server, p-cpe:/a:novell:suse_linux:susemanager-docs_en-pdf, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:uyuni-config-modules, p-cpe:/a:novell:suse_linux:spacewalk-backend-xmlrpc, p-cpe:/a:novell:suse_linux:spacewalk-taskomatic, p-cpe:/a:novell:suse_linux:spacewalk-backend, p-cpe:/a:novell:suse_linux:spacewalk-backend-config-files-common, p-cpe:/a:novell:suse_linux:spacewalk-client-tools, p-cpe:/a:novell:suse_linux:spacewalk-java, p-cpe:/a:novell:suse_linux:prometheus-postgres_exporter, p-cpe:/a:novell:suse_linux:spacewalk-utils, p-cpe:/a:novell:suse_linux:liberate-formula, p-cpe:/a:novell:suse_linux:susemanager-sync-data, p-cpe:/a:novell:suse_linux:susemanager-build-keys-web, p-cpe:/a:novell:suse_linux:prometheus-formula, p-cpe:/a:novell:suse_linux:spacewalk-backend-config-files-tool, p-cpe:/a:novell:suse_linux:uyuni-reportdb-schema, p-cpe:/a:novell:suse_linux:spacewalk-backend-sql, p-cpe:/a:novell:suse_linux:spacewalk-java-lib, p-cpe:/a:novell:suse_linux:susemanager, p-cpe:/a:novell:suse_linux:spacewalk-backend-package-push-server, p-cpe:/a:novell:suse_linux:spacewalk-backend-sql-postgresql

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2/15/2024

Vulnerability Publication Date: 10/25/2023

Reference Information

CVE: CVE-2023-31582, CVE-2023-32189

SuSE: SUSE-SU-2024:0485-1