1208046 – (CVE-2022-46146) VUL-0: CVE-2022-46146: TRACKERBUG: prometheus/exporter-toolkit: authentication bypass via cache poisoning

Bug 1208046 (CVE-2022-46146) - VUL-0: CVE-2022-46146: TRACKERBUG: prometheus/exporter-toolkit: authentication bypass via cache poisoning

Summary: VUL-0: CVE-2022-46146: TRACKERBUG: prometheus/exporter-toolkit: authenticatio...

Status:	RESOLVED FIXED

Alias:	CVE-2022-46146

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/349120/
Whiteboard:	CVSSv3.1:SUSE:CVE-2022-46146:8.8:(AV:...
Keywords:

Depends on:	1208047 1208049 1208051 1208060 1208062 1208064 1208065
Blocks:
	Show dependency tree / graph

Clone This Bug

Reported:	2023-02-08 10:40 UTC by Gabriele Sonnu
Modified:	2024-05-03 14:03 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Gabriele Sonnu 2023-02-08 10:40:03 UTC

CVE-2022-46146

Prometheus Exporter Toolkit is a utility package to build exporters. Prior to
versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and
users' bcrypted passwords, they can bypass security by poisoning the built-in
authentication cache. Versions 0.7.2 and 0.8.2 contain a fix for the issue.
There is no workaround, but attacker must have access to the hashed password to
use this functionality.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46146
https://bugzilla.redhat.com/show_bug.cgi?id=2149436
http://www.openwall.com/lists/oss-security/2022/11/29/2
https://seclists.org/oss-sec/2022/q4/159
http://www.openwall.com/lists/oss-security/2022/11/29/1
http://www.openwall.com/lists/oss-security/2022/11/29/4
https://github.com/prometheus/exporter-toolkit/security/advisories/GHSA-7rg2-cxvp-9p7p
https://github.com/prometheus/exporter-toolkit/commit/5b1eab34484ddd353986bce736cd119d863e4ff5
https://www.cve.org/CVERecord?id=CVE-2022-46146

Comment 1 Gabriele Sonnu 2023-02-10 09:05:48 UTC

We ship a vulnerable prometheus/exporter-toolkit in:

prometheus-ha_cluster_exporter (bug 1208047):

- SUSE:SLE-12-SP3:Update/prometheus-ha_cluster_exporter
- SUSE:SLE-15:Update/prometheus-ha_cluster_exporter
- SUSE:SLE-15-SP2:Update/prometheus-ha_cluster_exporter
- openSUSE:Factory/prometheus-ha_cluster_exporter

golang-github-prometheus-prometheus (bug 1208049):

- SUSE:SLE-12:Update/golang-github-prometheus-prometheus
- SUSE:SLE-12:Update:Products:ManagerToolsBeta:Update/golang-github-prometheus-prometheus
- SUSE:SLE-15-SP1:Update/golang-github-prometheus-prometheus
- SUSE:SLE-15:Update/golang-github-prometheus-prometheus
- SUSE:SLE-15:Update:Products:ManagerToolsBeta:Update/golang-github-prometheus-prometheus

golang-github-prometheus-alertmanager (bug 1208051):

- SUSE:SLE-12:Update/golang-github-prometheus-alertmanager
- SUSE:SLE-12:Update:Products:ManagerToolsBeta:Update/golang-github-prometheus-alertmanager
- SUSE:SLE-15-SP1:Update/golang-github-prometheus-alertmanager
- SUSE:SLE-15:Update:Products:ManagerToolsBeta:Update/golang-github-prometheus-alertmanager
- openSUSE:Factory/golang-github-prometheus-alertmanager

prometheus-postgres_exporter (bug 1208060):

- SUSE:EL-9:Update:Products:ManagerTools:Update/prometheus-postgres_exporter
- SUSE:RES-7:Update/prometheus-postgres_exporter
- SUSE:RES-7:Update:Products:ManagerToolsBeta:Update/prometheus-postgres_exporter
- SUSE:RES-8:Update:Products:ManagerTools:Update/prometheus-postgres_exporter
- SUSE:RES-8:Update:Products:ManagerToolsBeta:Update/prometheus-postgres_exporter
- SUSE:SLE-12:Update/prometheus-postgres_exporter
- SUSE:SLE-12:Update:Products:ManagerToolsBeta:Update/prometheus-postgres_exporter
- SUSE:SLE-15-SP4:Update:Products:Manager43:Update/prometheus-postgres_exporter
- SUSE:SLE-15:Update/prometheus-postgres_exporter
- SUSE:SLE-15:Update:Products:ManagerToolsBeta:Update/prometheus-postgres_exporter
- openSUSE:Factory/prometheus-postgres_exporter

prometheus-blackbox_exporter (bug 12080620): 

- SUSE:SLE-12:Update/prometheus-blackbox_exporter
- SUSE:SLE-12:Update:Products:ManagerToolsBeta:Update/prometheus-blackbox_exporter
- SUSE:SLE-15:Update/prometheus-blackbox_exporter
- SUSE:SLE-15:Update:Products:ManagerToolsBeta:Update/prometheus-blackbox_exporter
- openSUSE:Factory/prometheus-blackbox_exporter

golang-github-prometheus-node_exporter (bug 1208064): 

- SUSE:RES-7:Update:Products:ManagerToolsBeta:Update/golang-github-prometheus-node_exporter
- SUSE:RES-8:Update:Products:ManagerToolsBeta:Update/golang-github-prometheus-node_exporter
- SUSE:RES-8:Update:Products:ManagerTools:Update/golang-github-prometheus-node_exporter
- SUSE:EL-9:Update:Products:ManagerTools:Update/golang-github-prometheus-node_exporter
- SUSE:RES-7:Update/golang-github-prometheus-node_exporter
- SUSE:SLE-12-SP2:Update/golang-github-prometheus-node_exporter
- SUSE:SLE-12:Update/golang-github-prometheus-node_exporter
- SUSE:SLE-12:Update:Products:ManagerToolsBeta:Update/golang-github-prometheus-node_exporter
- SUSE:SLE-15-SP1:Update/golang-github-prometheus-node_exporter
- SUSE:SLE-15:Update/golang-github-prometheus-node_exporter
- SUSE:SLE-15:Update:Products:ManagerToolsBeta:Update/golang-github-prometheus-node_exporter

grafana (bug 1208065):

- SUSE:SLE-12:Update/grafana
- SUSE:SLE-15-SP1:Update:Products:SES6:Update/grafana
- SUSE:SLE-15-SP2:Update/grafana
- SUSE:SLE-15:Update/grafana
- SUSE:SLE-15:Update:Products:ManagerToolsBeta:Update/grafana
- openSUSE:Factory/grafana

Comment 3 Swamp Workflow Management 2023-02-20 17:19:11 UTC

SUSE-SU-2023:0460-1: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 1208046,1208047
CVE References: CVE-2022-46146
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for SAP Applications 15-SP1 (src):    prometheus-ha_cluster_exporter-1.3.1+git.1676027782.ad3c0e9-150000.1.24.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 4 Swamp Workflow Management 2023-02-20 23:17:57 UTC

SUSE-SU-2023:0465-1: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 1208046,1208047
CVE References: CVE-2022-46146
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    prometheus-ha_cluster_exporter-1.3.1+git.1676027782.ad3c0e9-150200.3.21.1
SUSE Linux Enterprise Module for SAP Applications 15-SP4 (src):    prometheus-ha_cluster_exporter-1.3.1+git.1676027782.ad3c0e9-150200.3.21.1
SUSE Linux Enterprise Module for SAP Applications 15-SP3 (src):    prometheus-ha_cluster_exporter-1.3.1+git.1676027782.ad3c0e9-150200.3.21.1
SUSE Linux Enterprise Module for SAP Applications 15-SP2 (src):    prometheus-ha_cluster_exporter-1.3.1+git.1676027782.ad3c0e9-150200.3.21.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 5 Maintenance Automation 2023-02-21 12:30:13 UTC

SUSE-SU-2023:0467-1: An update that solves one vulnerability and has one fix can now be installed.

Category: security (important)
Bug References: 1208046, 1208047
CVE References: CVE-2022-46146
Sources used:
SUSE Linux Enterprise Server for SAP Applications 12 SP4 (src): prometheus-ha_cluster_exporter-1.3.1+git.1676027782.ad3c0e9-4.26.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): prometheus-ha_cluster_exporter-1.3.1+git.1676027782.ad3c0e9-4.26.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 6 Maintenance Automation 2023-02-21 12:30:19 UTC

SUSE-SU-2023:0465-1: An update that solves one vulnerability and has one fix can now be installed.

Category: security (important)
Bug References: 1208046, 1208047
CVE References: CVE-2022-46146
Sources used:
openSUSE Leap 15.4 (src): prometheus-ha_cluster_exporter-1.3.1+git.1676027782.ad3c0e9-150200.3.21.1
SAP Applications Module 15-SP2 (src): prometheus-ha_cluster_exporter-1.3.1+git.1676027782.ad3c0e9-150200.3.21.1
SAP Applications Module 15-SP3 (src): prometheus-ha_cluster_exporter-1.3.1+git.1676027782.ad3c0e9-150200.3.21.1
SAP Applications Module 15-SP4 (src): prometheus-ha_cluster_exporter-1.3.1+git.1676027782.ad3c0e9-150200.3.21.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 7 Maintenance Automation 2023-02-21 12:30:29 UTC

SUSE-SU-2023:0460-1: An update that solves one vulnerability and has one fix can now be installed.

Category: security (important)
Bug References: 1208046, 1208047
CVE References: CVE-2022-46146
Sources used:
SAP Applications Module 15-SP1 (src): prometheus-ha_cluster_exporter-1.3.1+git.1676027782.ad3c0e9-150000.1.24.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 14 Maintenance Automation 2023-09-28 12:31:04 UTC

SUSE-SU-2023:3875-1: An update that solves four vulnerabilities, contains four features and has one security fix can now be installed.

Category: security (important)
Bug References: 1204501, 1208046, 1208270, 1213691, 1213880
CVE References: CVE-2022-32149, CVE-2022-41723, CVE-2022-46146, CVE-2023-29409
Jira References: ECO-3319, MSQA-699, PED-5405, SLE-24791
Sources used:
SUSE Manager Client Tools for RHEL, Liberty and Clones 9 (src): golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1, prometheus-postgres_exporter-0.10.1-1.9.2, golang-github-lusitaniae-apache_exporter-1.0.0-1.8.1, golang-github-prometheus-node_exporter-1.5.0-1.9.2, spacecmd-4.3.23-1.18.2, scap-security-guide-0.1.69-1.12.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 15 Maintenance Automation 2023-09-28 12:31:24 UTC

SUSE-SU-2023:3868-1: An update that solves four vulnerabilities, contains three features and has three security fixes can now be installed.

Category: security (important)
Bug References: 1204501, 1208046, 1208270, 1208298, 1208692, 1211525, 1213880
CVE References: CVE-2022-32149, CVE-2022-41723, CVE-2022-46146, CVE-2023-29409
Jira References: MSQA-699, PED-5405, PED-5406
Sources used:
openSUSE Leap 15.4 (src): golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.18.3, golang-github-lusitaniae-apache_exporter-1.0.0-150000.1.17.2, prometheus-postgres_exporter-0.10.1-150000.1.14.3, spacecmd-4.3.23-150000.3.104.2, prometheus-blackbox_exporter-0.24.0-150000.1.23.3, supportutils-plugin-susemanager-client-4.3.3-150000.3.21.2
openSUSE Leap 15.5 (src): golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.18.3, golang-github-lusitaniae-apache_exporter-1.0.0-150000.1.17.2, prometheus-postgres_exporter-0.10.1-150000.1.14.3, spacecmd-4.3.23-150000.3.104.2, prometheus-blackbox_exporter-0.24.0-150000.1.23.3, supportutils-plugin-susemanager-client-4.3.3-150000.3.21.2
SUSE Manager Client Tools for SLE 15 (src): golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.18.3, golang-github-lusitaniae-apache_exporter-1.0.0-150000.1.17.2, prometheus-postgres_exporter-0.10.1-150000.1.14.3, spacecmd-4.3.23-150000.3.104.2, python-pyvmomi-6.7.3-150000.1.6.2, supportutils-plugin-susemanager-client-4.3.3-150000.3.21.2, grafana-9.5.5-150000.1.54.3, golang-github-prometheus-prometheus-2.45.0-150000.3.50.3, prometheus-blackbox_exporter-0.24.0-150000.1.23.3, uyuni-common-libs-4.3.9-150000.1.36.2
SUSE Manager Client Tools for SLE Micro 5 (src): golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.18.3, prometheus-blackbox_exporter-0.24.0-150000.1.23.3
SUSE Manager Proxy 4.2 Module 4.2 (src): golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.18.3, golang-github-lusitaniae-apache_exporter-1.0.0-150000.1.17.2, prometheus-blackbox_exporter-0.24.0-150000.1.23.3
SUSE Manager Proxy 4.3 Module 4.3 (src): golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.18.3, golang-github-lusitaniae-apache_exporter-1.0.0-150000.1.17.2, prometheus-blackbox_exporter-0.24.0-150000.1.23.3
SUSE Manager Server 4.2 Module 4.2 (src): golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.18.3, golang-github-lusitaniae-apache_exporter-1.0.0-150000.1.17.2, prometheus-postgres_exporter-0.10.1-150000.1.14.3
SUSE Manager Server 4.3 Module 4.3 (src): golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.18.3, golang-github-lusitaniae-apache_exporter-1.0.0-150000.1.17.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 16 Maintenance Automation 2023-09-28 12:31:29 UTC

SUSE-SU-2023:3867-1: An update that solves four vulnerabilities, contains three features and has three security fixes can now be installed.

Category: security (important)
Bug References: 1204501, 1208046, 1208270, 1208298, 1208692, 1211525, 1213880
CVE References: CVE-2022-32149, CVE-2022-41723, CVE-2022-46146, CVE-2023-29409
Jira References: MSQA-699, PED-5405, PED-5406
Sources used:
SUSE Manager Client Tools for SLE 12 (src): golang-github-QubitProducts-exporter_exporter-0.4.0-1.12.2, uyuni-common-libs-4.3.9-1.36.3, golang-github-prometheus-alertmanager-0.23.0-1.21.2, golang-github-prometheus-node_exporter-1.5.0-1.27.2, prometheus-postgres_exporter-0.10.1-1.14.3, supportutils-plugin-susemanager-client-4.3.3-6.27.2, spacecmd-4.3.23-38.127.3, golang-github-prometheus-prometheus-2.45.0-1.47.3, golang-github-lusitaniae-apache_exporter-1.0.0-1.18.2, prometheus-blackbox_exporter-0.24.0-1.23.2, grafana-9.5.5-1.54.3
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): golang-github-prometheus-node_exporter-1.5.0-1.27.2
SUSE Linux Enterprise Server 12 SP5 (src): golang-github-prometheus-node_exporter-1.5.0-1.27.2
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): golang-github-prometheus-node_exporter-1.5.0-1.27.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 20 Maintenance Automation 2024-01-23 20:30:17 UTC

SUSE-SU-2024:0196-1: An update that solves 44 vulnerabilities, contains 14 features and has 35 security fixes can now be installed.

Category: security (moderate)
Bug References: 1172110, 1176460, 1180816, 1180942, 1181119, 1181935, 1183684, 1187725, 1188061, 1188571, 1189520, 1191454, 1192154, 1192383, 1192696, 1192763, 1193492, 1193686, 1193688, 1197507, 1198903, 1199810, 1200142, 1200480, 1200591, 1200968, 1200970, 1201003, 1201059, 1201535, 1201539, 1202614, 1202945, 1203283, 1203596, 1203597, 1203599, 1204032, 1204126, 1204302, 1204303, 1204304, 1204305, 1204501, 1205207, 1205225, 1205227, 1205599, 1205759, 1207352, 1207749, 1207750, 1207830, 1208046, 1208049, 1208060, 1208062, 1208065, 1208270, 1208293, 1208298, 1208612, 1208692, 1208719, 1208819, 1208821, 1208965, 1209113, 1209645, 1210458, 1210640, 1210907, 1211525, 1212099, 1212100, 1212279, 1212641, 1218843, 1218844
CVE References: CVE-2020-7753, CVE-2021-20178, CVE-2021-20180, CVE-2021-20191, CVE-2021-20228, CVE-2021-3447, CVE-2021-3583, CVE-2021-3620, CVE-2021-36222, CVE-2021-3711, CVE-2021-3807, CVE-2021-3918, CVE-2021-41174, CVE-2021-41244, CVE-2021-43138, CVE-2021-43798, CVE-2021-43813, CVE-2021-43815, CVE-2022-0155, CVE-2022-23552, CVE-2022-27664, CVE-2022-29170, CVE-2022-31097, CVE-2022-31107, CVE-2022-31123, CVE-2022-31130, CVE-2022-32149, CVE-2022-35957, CVE-2022-36062, CVE-2022-39201, CVE-2022-39229, CVE-2022-39306, CVE-2022-39307, CVE-2022-39324, CVE-2022-41715, CVE-2022-41723, CVE-2022-46146, CVE-2023-0507, CVE-2023-0594, CVE-2023-1387, CVE-2023-1410, CVE-2023-2183, CVE-2023-2801, CVE-2023-3128
Jira References: MSQA-718, PED-2145, PED-2617, PED-3576, PED-3694, PED-4556, PED-5405, PED-5406, SLE-23422, SLE-23439, SLE-23631, SLE-24133, SLE-24565, SLE-24791
Sources used:
SUSE Manager Client Tools Beta for SLE Micro 5 (src): golang-github-QubitProducts-exporter_exporter-0.4.0-159000.4.6.1, prometheus-blackbox_exporter-0.24.0-159000.3.6.1, uyuni-proxy-systemd-services-5.0.1-159000.3.9.1, dracut-saltboot-0.1.1681904360.84ef141-159000.3.30.1
SUSE Manager Client Tools Beta for SLE 15 (src): python-pyvmomi-6.7.3-159000.3.6.1, golang-github-QubitProducts-exporter_exporter-0.4.0-159000.4.6.1, supportutils-plugin-salt-1.2.2-159000.5.9.1, uyuni-proxy-systemd-services-5.0.1-159000.3.9.1, mgr-push-5.0.1-159000.4.21.1, golang-github-lusitaniae-apache_exporter-1.0.0-159000.4.12.1, rhnlib-5.0.1-159000.6.30.1, golang-github-prometheus-prometheus-2.45.0-159000.6.33.1, spacewalk-client-tools-5.0.1-159000.6.48.1, uyuni-common-libs-5.0.1-159000.3.33.1, dracut-saltboot-0.1.1681904360.84ef141-159000.3.30.1, golang-github-boynux-squid_exporter-1.6-159000.4.9.1, ansible-2.9.27-159000.3.9.1, prometheus-postgres_exporter-0.10.1-159000.3.6.1, grafana-9.5.8-159000.4.24.1, spacecmd-5.0.1-159000.6.42.1, python-hwdata-2.3.5-159000.5.13.1, prometheus-blackbox_exporter-0.24.0-159000.3.6.1, supportutils-plugin-susemanager-client-5.0.1-159000.6.15.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 21 Maintenance Automation 2024-01-23 20:30:47 UTC

SUSE-SU-2024:0191-1: An update that solves 45 vulnerabilities, contains 17 features and has 30 security fixes can now be installed.

Category: security (moderate)
Bug References: 1047218, 1172110, 1188571, 1189520, 1191454, 1192154, 1192383, 1192696, 1192763, 1193492, 1193686, 1193688, 1194873, 1195726, 1195727, 1195728, 1196338, 1196652, 1197507, 1198903, 1199810, 1200480, 1200591, 1200725, 1201003, 1201059, 1201535, 1201539, 1203283, 1203596, 1203597, 1203599, 1204032, 1204089, 1204126, 1204302, 1204303, 1204304, 1204305, 1204501, 1205207, 1205225, 1205227, 1205759, 1207352, 1207749, 1207750, 1207830, 1208046, 1208049, 1208051, 1208060, 1208062, 1208064, 1208065, 1208270, 1208293, 1208298, 1208612, 1208692, 1208719, 1208819, 1208821, 1208965, 1209113, 1209645, 1210458, 1210907, 1211525, 1212099, 1212100, 1212279, 1212641, 1218843, 1218844
CVE References: CVE-2020-7753, CVE-2021-36222, CVE-2021-3711, CVE-2021-3807, CVE-2021-3918, CVE-2021-39226, CVE-2021-41174, CVE-2021-41244, CVE-2021-43138, CVE-2021-43798, CVE-2021-43813, CVE-2021-43815, CVE-2022-0155, CVE-2022-21673, CVE-2022-21698, CVE-2022-21702, CVE-2022-21703, CVE-2022-21713, CVE-2022-23552, CVE-2022-27191, CVE-2022-27664, CVE-2022-29170, CVE-2022-31097, CVE-2022-31107, CVE-2022-31123, CVE-2022-31130, CVE-2022-32149, CVE-2022-35957, CVE-2022-36062, CVE-2022-39201, CVE-2022-39229, CVE-2022-39306, CVE-2022-39307, CVE-2022-39324, CVE-2022-41715, CVE-2022-41723, CVE-2022-46146, CVE-2023-0507, CVE-2023-0594, CVE-2023-1387, CVE-2023-1410, CVE-2023-2183, CVE-2023-2801, CVE-2023-3128, CVE-2023-40577
Jira References: MSQA-718, PED-2145, PED-2617, PED-3576, PED-3578, PED-3694, PED-4556, PED-5405, PED-5406, PED-7353, SLE-23422, SLE-23439, SLE-24238, SLE-24239, SLE-24565, SLE-24791, SUMA-114
Sources used:
SUSE Manager Client Tools Beta for SLE 12 (src): rhnlib-5.0.1-24.30.3, spacecmd-5.0.1-41.42.3, grafana-9.5.8-4.21.2, prometheus-postgres_exporter-0.10.1-3.6.4, golang-github-prometheus-node_exporter-1.5.0-4.15.4, golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2, system-user-grafana-1.0.0-3.7.2, kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2, golang-github-prometheus-prometheus-2.45.0-4.33.3, supportutils-plugin-susemanager-client-5.0.1-9.15.2, uyuni-common-libs-5.0.1-3.33.3, prometheus-blackbox_exporter-0.24.0-3.6.3, golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4, golang-github-prometheus-alertmanager-0.26.0-4.12.4, system-user-prometheus-1.0.0-3.7.2, python-hwdata-2.3.5-15.12.2, golang-github-boynux-squid_exporter-1.6-4.9.2, supportutils-plugin-salt-1.2.2-9.9.2, golang-github-prometheus-promu-0.14.0-4.12.2, mgr-push-5.0.1-4.21.4

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 22 Maintenance Automation 2024-02-27 11:33:09 UTC

SUSE-RU-2023:2592-1: An update that solves two vulnerabilities, contains one feature and has 90 recommended fixes can now be installed.

Category: recommended (important)
Bug References: 1201059, 1201063, 1203599, 1204089, 1204186, 1204270, 1204900, 1205011, 1205088, 1205600, 1205759, 1206060, 1206146, 1206191, 1206423, 1206520, 1206562, 1206725, 1206783, 1206800, 1206817, 1206861, 1206932, 1206963, 1206973, 1206979, 1206981, 1207063, 1207087, 1207141, 1207297, 1207352, 1207595, 1207792, 1207799, 1207814, 1207829, 1207830, 1207838, 1207867, 1207883, 1208046, 1208119, 1208288, 1208321, 1208325, 1208427, 1208522, 1208536, 1208540, 1208550, 1208586, 1208611, 1208661, 1208687, 1208719, 1208772, 1208908, 1209119, 1209143, 1209149, 1209215, 1209220, 1209231, 1209253, 1209259, 1209277, 1209369, 1209386, 1209395, 1209434, 1209508, 1209557, 1209926, 1209938, 1209993, 1210086, 1210094, 1210101, 1210107, 1210154, 1210162, 1210349, 1210437, 1210458, 1210776, 1210835, 1211956, 1211958, 1212096, 1212363, 1212516
CVE References: CVE-2022-46146, CVE-2023-22644
Jira References: MSQA-666
Sources used:
openSUSE Leap 15.4 (src): release-notes-susemanager-proxy-4.3.6-150400.3.55.4, release-notes-susemanager-4.3.6-150400.3.63.2
SUSE Manager Proxy 4.3 (src): release-notes-susemanager-proxy-4.3.6-150400.3.55.4
SUSE Manager Retail Branch Server 4.3 (src): release-notes-susemanager-proxy-4.3.6-150400.3.55.4
SUSE Manager Server 4.3 (src): release-notes-susemanager-4.3.6-150400.3.63.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 23 Maintenance Automation 2024-02-27 12:00:04 UTC

SUSE-SU-2023:2594-1: An update that solves two vulnerabilities, contains one feature and has 35 security fixes can now be installed.

Category: security (important)
Bug References: 1179747, 1186011, 1203599, 1205600, 1206423, 1207550, 1207814, 1207941, 1208046, 1208984, 1209220, 1209231, 1209277, 1209386, 1209434, 1209508, 1209877, 1209915, 1209926, 1210011, 1210086, 1210101, 1210107, 1210154, 1210162, 1210232, 1210311, 1210406, 1210437, 1210458, 1210659, 1210835, 1210957, 1211330, 1212096, 1212363, 1212517
CVE References: CVE-2022-46146, CVE-2023-22644
Jira References: MSQA-674
Sources used:
SUSE Manager Retail Branch Server 4.2 (src): release-notes-susemanager-proxy-4.2.13-150300.3.64.2
SUSE Manager Server 4.2 (src): release-notes-susemanager-4.2.13-150300.3.81.1
openSUSE Leap 15.3 (src): release-notes-susemanager-4.2.13-150300.3.81.1, release-notes-susemanager-proxy-4.2.13-150300.3.64.2
SUSE Manager Proxy 4.2 (src): release-notes-susemanager-proxy-4.2.13-150300.3.64.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 24 Robert Frohl 2024-05-03 14:03:26 UTC

done, closing