Overview

File _patchinfo of Package patchinfo.29669

<patchinfo incident="29669">
  <rating>moderate</rating>
  <packager>deneb_alpha</packager>
  <category>security</category>
  <summary>Security update for SUSE Manager Client Tools</summary>
  <description>This update fixes the following issues:

python-tornado:
    
- Security fixes:
  * CVE-2023-28370: Fixed an open redirect issue in the static file handler (bsc#1211741)

prometheus-blackbox_exporter:

- Use obscpio for go modules service
- Set version number
- Set build date from SOURCE_DATE_EPOCH
- Update to 0.24.0 (bsc#1212279, jsc#PED-4556)
  * Requires go1.19
- Avoid empty validation script
- Add rc symlink for backwards compatibility

spacecmd:

- Version 4.3.22-1
  * Bypass traditional systems check on older SUMA instances (bsc#1208612)

</description>
  <issue tracker="ijsc" id="MSQA-679"/>
  <issue tracker="bnc" id="1208612">spacecmd from 4.2 client fails with backtrace</issue>
  <issue tracker="bnc" id="1212279">prometheus-blackbox_exporter 0.19 does not support  icmp ttl option</issue>
  <issue tracker="bnc" id="1211741">VUL-0: CVE-2023-28370: python-tornado: open redirect vulnerability in StaticFileHandler under certain   configurations.</issue>
  <issue tracker="jsc" id="PED-3694"/>
  <issue tracker="jsc" id="PED-4556"/>
  <issue tracker="cve" id="2023-28370"/>
</patchinfo>
openSUSE Build Service is sponsored by
Places