Overview

File _patchinfo of Package patchinfo.27404

<patchinfo incident="27404">
  <issue tracker="bnc" id="1172110">Salt minion does not exit on SIGTERM</issue>
  <issue tracker="bnc" id="1204032">rhn_check consuming a lot of CPU</issue>
  <issue tracker="bnc" id="1204126">Product Migration using 'spacecmd -- system_scheduleproductmigration' does not work.</issue>
  <issue tracker="bnc" id="1204302">VUL-0: CVE-2022-31123: grafana: plugin signature bypass</issue>
  <issue tracker="bnc" id="1204303">VUL-0: CVE-2022-39201: grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins</issue>
  <issue tracker="bnc" id="1204304">VUL-0: CVE-2022-39229: grafana: using email as a username can block other users from signing in</issue>
  <issue tracker="bnc" id="1204305">VUL-0: CVE-2022-31130: grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins</issue>
  <issue tracker="bnc" id="1205207">API to retrieve "Vendor Advisory" info?</issue>
  <issue tracker="bnc" id="1205225">VUL-0: CVE-2022-39306: grafana: email addresses and usernames cannot be trusted</issue>
  <issue tracker="bnc" id="1205227">VUL-0: CVE-2022-39307: grafana: user enumeration via forget password</issue>
  <issue tracker="bnc" id="1205599">minion fails on saltboot using dhcp server from Windows machine</issue>
  <issue tracker="bnc" id="1206470">Fix invalid logrotate configurations</issue>
  <issue tracker="jsc" id="PED-2617"/>
  <issue tracker="cve" id="2022-39306"/>
  <issue tracker="cve" id="2022-39307"/>
  <issue tracker="cve" id="2022-39201"/>
  <issue tracker="cve" id="2022-31130"/>
  <issue tracker="cve" id="2022-31123"/>
  <issue tracker="cve" id="2022-39229"/>
  <packager>juliogonzalezgil</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for SUSE Manager Client Tools</summary>
  <description>
This update fixes the following issues:

dracut-saltboot:

- Update to version 0.1.1673279145.e7616bd 
  * Add failsafe stop file when salt-minion does not stop (bsc#1172110)
  * Copy existing wicked config instead of generating new (bsc#1205599)
  
grafana:

- Update to version 8.5.15 (jsc#PED-2617):
  * CVE-2022-39306: Fix for privilege escalation (bsc#1205225)
  * CVE-2022-39307: Omit error from http response when user does not exists (bsc#1205227)
- Update to version 8.5.14:
  * CVE-2022-39201: Fix do not forward login cookie in outgoing requests (bsc#1204303)
  * CVE-2022-31130: Make proxy endpoints not leak sensitive HTTP headers (bsc#1204305)
  * CVE-2022-31123: Fix plugin signature bypass (bsc#1204302)
  * CVE-2022-39229: Fix blocknig other users from signing in (bsc#1204304)
    
mgr-osad:

- Version 4.3.7-1
  * Updated logrotate configuration (bsc#1206470)

mgr-push:

- Version 4.3.5-1
  * Update translation strings

rhnlib:

- Version 4.3.5-1
  * Don't get stuck at the end of SSL transfers (bsc#1204032)

spacecmd:

- Version 4.3.18-1
  * Add python-dateutil dependency, required to process date values in
    spacecmd api calls
- Version 4.3.17-1
  * Remove python3-simplejson dependency
  * Correctly understand 'ssm' keyword on scap scheduling
  * Add vendor_advisory information to errata_details call (bsc#1205207)
  * Added two missing options to schedule product migration: allow-vendor-change
    and remove-products-without-successor (bsc#1204126)
  * Changed schedule product migration to use the correct API method
  * Change default port of "Containerized Proxy configuration" 8022

spacewalk-client-tools:

- Version 4.3.14-1
  * Update translation strings

uyuni-common-libs:

- Version 4.3.7-1
  * unify user notification code on java side

</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places