| Description: | Summary:
The remote host is missing an update for the 'SUSE Manager Client Tools' package(s) announced via the SUSE-SU-2024:1509-1 advisory.
Vulnerability Insight:
This update fixes the following issues:
POS_Image-Graphical7 was updated to version 0.1.1710765237.46af599:
- Version 0.1.1710765237.46af599
* Moved image services to dracut-saltboot package
* Use salt bundle
- Version 0.1.1645440615.7f1328c
* Removed deprecated kiwi functions
POS_Image-JeOS7 was updated to version 0.1.1710765237.46af599:
- Version 0.1.1710765237.46af599
* Moved image services to dracut-saltboot package
* Use salt bundle
- Version 0.1.1645440615.7f1328c
* Removed deprecated kiwi functions
ansible received the following fixes:
- Security issues fixed:
* CVE-2023-5764: Address issues where internal templating can cause unsafe
variables to lose their unsafe designation (bsc#1216854)
+ Breaking changes:
assert - Nested templating may result in an inability for the conditional
to be evaluated. See the porting guide for more information.
* CVE-2024-0690: Address issue where ANSIBLE_NO_LOG was ignored (bsc#1219002)
* CVE-2020-14365: Ensure that packages are GPG validated (bsc#1175993)
* CVE-2020-10744: Fixed insecure temporary directory creation (bsc#1171823)
* CVE-2018-10874: Fixed inventory variables loading from current working directory when running ad-hoc command that
can lead to code execution (bsc#1099805)
- Bugs fixed:
* Don't Require python-coverage, it is needed only for testing (bsc#1177948)
dracut-saltboot was updated to version 0.1.1710765237.46af599:
- Version 0.1.1710765237.46af599
* Load only first available leaseinfo (bsc#1221092)
- Version 0.1.1681904360.84ef141
grafana was updated to version 9.5.18:
- Grafana now requires Go 1.20
- Security issues fixed:
* CVE-2024-1313: Require same organisation when deleting snapshots (bsc#1222155)
* CVE-2023-6152: Add email verification when updating user email (bsc#1219912)
- Other non-security related changes:
* Version 9.5.17:
+ [FEATURE] Alerting: Backport use Alertmanager API v2
* Version 9.5.16:
+ [BUGFIX] Annotations: Split cleanup into separate queries and
deletes to avoid deadlocks on MySQL
* Version 9.5.15:
+ [FEATURE] Alerting: Attempt to retry retryable errors
* Version 9.5.14:
+ [BUGFIX] Alerting: Fix state manager to not keep
datasource_uid and ref_id labels in state after Error
+ [BUGFIX] Transformations: Config overrides being lost when
config from query transform is applied
+ [BUGFIX] LDAP: Fix enable users on successfull login
* Version 9.5.13:
+ [BUGFIX] BrowseDashboards: Only remember the most recent
expanded folder
+ [BUGFIX] Licensing: Pass func to update env variables when
starting plugin
* Version 9.5.12:
+ [FEATURE] Azure: Add support for Workload Identity
authentication
* Version 9.5.9:
+ [FEATURE] SSE: Fix DSNode to not panic when response has empty
response
+ [FEATURE] Prometheus: Handle the response with different field
key order
+ [BUGFIX] LDAP: Fix user disabling
mgr-daemon was updated to ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS:
'SUSE Manager Client Tools' package(s) on openSUSE Leap 15.5.
Solution:
Please install the updated package(s).
CVSS Score:
9.3
CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
