English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.856481
Category:openSUSE Local Security Checks
Title:openSUSE Security Advisory (SUSE-SU-2024:3267-1)
Summary:The remote host is missing an update for the 'SUSE Manager Client Tools' package(s) announced via the SUSE-SU-2024:3267-1 advisory.
Description:Summary:
The remote host is missing an update for the 'SUSE Manager Client Tools' package(s) announced via the SUSE-SU-2024:3267-1 advisory.

Vulnerability Insight:
This update fixes the following issues:

golang-github-prometheus-prometheus:

- Security issues fixed:

* CVE-2024-6104: Update go-retryablehttp to version 0.7.7 (bsc#1227038)
* CVE-2023-45142: Updated otelhttp to version 0.46.1 (bsc#1228556)

- Require Go > 1.20 for building
- Migrate from `disabled` to `manual` service mode
- Update to 2.45.6 (jsc#PED-3577):
* Security fixes in dependencies
- Update to 2.45.5:
* [BUGFIX] tsdb/agent: ensure that new series get written to WAL
on rollback.
* [BUGFIX] Remote write: Avoid a race condition when applying
configuration.
- Update to 2.45.4:
* [BUGFIX] Remote read: Release querier resources before encoding
the results.
- Update to 2.45.3:
* [BUGFIX] TSDB: Remove double memory snapshot on shutdown.
- Update to 2.45.2:
* [BUGFIX] TSDB: Fix PostingsForMatchers race with creating new
series.
- Update to 2.45.1:
* [ENHANCEMENT] Hetzner SD: Support larger ID's that will be used
by Hetzner in September.
* [BUGFIX] Linode SD: Cast InstanceSpec values to int64 to avoid
overflows on 386 architecture.
* [BUGFIX] TSDB: Handle TOC parsing failures.

rhnlib:

- Version 5.0.4-0
* Add the old TLS code for very old traditional clients still on
python 2.7 (bsc#1228198)

spacecmd:

- Version 5.0.9-0
* Update translation strings

uyuni-tools:

- Version 0.1.21-0
* mgrpxy: Fix typo on Systemd template
- Version 0.1.20-0
* Update the push tag to 5.0.1
* mgrpxy: expose port on IPv6 network (bsc#1227951)
- Version 0.1.19-0
* Skip updating Tomcat remote debug if conf file is not present
- Version 0.1.18-0
* Setup Confidential Computing container during migration
(bsc#1227588)
* Add the /etc/uyuni/uyuni-tools.yaml path to the config help
* Split systemd config files to not loose configuration at upgrade
(bsc#1227718)
* Use the same logic for image computation in mgradm and mgrpxy
(bsc#1228026)
* Allow building with different Helm and container default
registry paths (bsc#1226191)
* Fix recursion in mgradm upgrade podman list --help
* Setup hub xmlrpc API service in migration to Podman (bsc#1227588)
* Setup disabled hub xmlrpc API service in all cases (bsc#1227584)
* Clean the inspection code to make it faster
* Properly detect IPv6 enabled on Podman network (bsc#1224349)
* Fix the log file path generation
* Write scripts output to uyuni-tools.log file
* Add uyuni-hubxml-rpc to the list of values in
mgradm scale --help
* Use path in mgradm support sql file input (bsc#1227505)
* On Ubuntu build with go1.21 instead of go1.20
* Enforce Cobbler setup (bsc#1226847)
* Expose port on IPv6 network (bsc#1227951)
* show output of podman image search --list-tags command
* Implement mgrpxy support config command
* During migration, ignore /etc/sysconfig/tomcat and
/etc/tomcat/tomcat.conf (bsc#1228183)
* During migration, remove java.annotation,com.sun.xml.bind and
UseConcMarkSweepGC settings
* Disable node ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'SUSE Manager Client Tools' package(s) on openSUSE Leap 15.5, openSUSE Leap 15.6.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2023-45142
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UTRJ54INZG3OC2FTAN6AFB2RYNY2GAD/
https://github.com/advisories/GHSA-cg3q-j54f-5p7p
https://github.com/open-telemetry/opentelemetry-go-contrib/blob/5f7e6ad5a49b45df45f61a1deb29d7f1158032df/instrumentation/net/http/otelhttp/handler.go#L63-L65
https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4277
https://github.com/open-telemetry/opentelemetry-go-contrib/releases/tag/v1.19.0
https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-5r5m-65gx-7vrh
https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr
https://github.com/open-telemetry/opentelemetry-go/blob/38e1b499c3da3107694ad2660b3888eee9c8b896/semconv/internal/v2/http.go#L223
https://github.com/open-telemetry/opentelemetry-go/blob/v1.12.0/semconv/internal/v2/http.go#L159
Common Vulnerability Exposure (CVE) ID: CVE-2024-6104
https://discuss.hashicorp.com/c/security
CopyrightCopyright (C) 2024 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.