{"affected":[{"ecosystem_specific":{"binaries":[{"golang-github-QubitProducts-exporter_exporter":"0.4.0-1.6.1","golang-github-lusitaniae-apache_exporter":"1.0.0-1.8.1","golang-github-prometheus-node_exporter":"1.5.0-1.9.2","prometheus-postgres_exporter":"0.10.1-1.9.2","scap-security-guide":"0.1.69-1.12.2","scap-security-guide-debian":"0.1.69-1.12.2","scap-security-guide-redhat":"0.1.69-1.12.2","scap-security-guide-ubuntu":"0.1.69-1.12.2","spacecmd":"4.3.23-1.18.2"}]},"package":{"ecosystem":"SUSE:EL-9:Update:Products:ManagerTools:Update","name":"golang-github-QubitProducts-exporter_exporter","purl":"pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE:EL-9:Update:Products:ManagerTools:Update"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.4.0-1.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"golang-github-QubitProducts-exporter_exporter":"0.4.0-1.6.1","golang-github-lusitaniae-apache_exporter":"1.0.0-1.8.1","golang-github-prometheus-node_exporter":"1.5.0-1.9.2","prometheus-postgres_exporter":"0.10.1-1.9.2","scap-security-guide":"0.1.69-1.12.2","scap-security-guide-debian":"0.1.69-1.12.2","scap-security-guide-redhat":"0.1.69-1.12.2","scap-security-guide-ubuntu":"0.1.69-1.12.2","spacecmd":"4.3.23-1.18.2"}]},"package":{"ecosystem":"SUSE:EL-9:Update:Products:ManagerTools:Update","name":"golang-github-lusitaniae-apache_exporter","purl":"pkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE:EL-9:Update:Products:ManagerTools:Update"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.0-1.8.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"golang-github-QubitProducts-exporter_exporter":"0.4.0-1.6.1","golang-github-lusitaniae-apache_exporter":"1.0.0-1.8.1","golang-github-prometheus-node_exporter":"1.5.0-1.9.2","prometheus-postgres_exporter":"0.10.1-1.9.2","scap-security-guide":"0.1.69-1.12.2","scap-security-guide-debian":"0.1.69-1.12.2","scap-security-guide-redhat":"0.1.69-1.12.2","scap-security-guide-ubuntu":"0.1.69-1.12.2","spacecmd":"4.3.23-1.18.2"}]},"package":{"ecosystem":"SUSE:EL-9:Update:Products:ManagerTools:Update","name":"golang-github-prometheus-node_exporter","purl":"pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE:EL-9:Update:Products:ManagerTools:Update"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.5.0-1.9.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"golang-github-QubitProducts-exporter_exporter":"0.4.0-1.6.1","golang-github-lusitaniae-apache_exporter":"1.0.0-1.8.1","golang-github-prometheus-node_exporter":"1.5.0-1.9.2","prometheus-postgres_exporter":"0.10.1-1.9.2","scap-security-guide":"0.1.69-1.12.2","scap-security-guide-debian":"0.1.69-1.12.2","scap-security-guide-redhat":"0.1.69-1.12.2","scap-security-guide-ubuntu":"0.1.69-1.12.2","spacecmd":"4.3.23-1.18.2"}]},"package":{"ecosystem":"SUSE:EL-9:Update:Products:ManagerTools:Update","name":"prometheus-postgres_exporter","purl":"pkg:rpm/suse/prometheus-postgres_exporter&distro=SUSE:EL-9:Update:Products:ManagerTools:Update"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.10.1-1.9.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"golang-github-QubitProducts-exporter_exporter":"0.4.0-1.6.1","golang-github-lusitaniae-apache_exporter":"1.0.0-1.8.1","golang-github-prometheus-node_exporter":"1.5.0-1.9.2","prometheus-postgres_exporter":"0.10.1-1.9.2","scap-security-guide":"0.1.69-1.12.2","scap-security-guide-debian":"0.1.69-1.12.2","scap-security-guide-redhat":"0.1.69-1.12.2","scap-security-guide-ubuntu":"0.1.69-1.12.2","spacecmd":"4.3.23-1.18.2"}]},"package":{"ecosystem":"SUSE:EL-9:Update:Products:ManagerTools:Update","name":"scap-security-guide","purl":"pkg:rpm/suse/scap-security-guide&distro=SUSE:EL-9:Update:Products:ManagerTools:Update"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.1.69-1.12.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"golang-github-QubitProducts-exporter_exporter":"0.4.0-1.6.1","golang-github-lusitaniae-apache_exporter":"1.0.0-1.8.1","golang-github-prometheus-node_exporter":"1.5.0-1.9.2","prometheus-postgres_exporter":"0.10.1-1.9.2","scap-security-guide":"0.1.69-1.12.2","scap-security-guide-debian":"0.1.69-1.12.2","scap-security-guide-redhat":"0.1.69-1.12.2","scap-security-guide-ubuntu":"0.1.69-1.12.2","spacecmd":"4.3.23-1.18.2"}]},"package":{"ecosystem":"SUSE:EL-9:Update:Products:ManagerTools:Update","name":"spacecmd","purl":"pkg:rpm/suse/spacecmd&distro=SUSE:EL-9:Update:Products:ManagerTools:Update"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.3.23-1.18.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"golang-github-QubitProducts-exporter_exporter":"0.4.0-1.6.1","golang-github-lusitaniae-apache_exporter":"1.0.0-1.8.1","golang-github-prometheus-node_exporter":"1.5.0-1.9.2","prometheus-postgres_exporter":"0.10.1-1.9.2","scap-security-guide-redhat":"0.1.69-1.12.2","spacecmd":"4.3.23-1.18.2"}]},"package":{"ecosystem":"SUSE:Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS","name":"golang-github-QubitProducts-exporter_exporter","purl":"pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Client%20Tools%20for%20RHEL,%20Liberty%20and%20Clones%209-CLIENT-TOOLS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.4.0-1.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"golang-github-QubitProducts-exporter_exporter":"0.4.0-1.6.1","golang-github-lusitaniae-apache_exporter":"1.0.0-1.8.1","golang-github-prometheus-node_exporter":"1.5.0-1.9.2","prometheus-postgres_exporter":"0.10.1-1.9.2","scap-security-guide-redhat":"0.1.69-1.12.2","spacecmd":"4.3.23-1.18.2"}]},"package":{"ecosystem":"SUSE:Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS","name":"golang-github-lusitaniae-apache_exporter","purl":"pkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Client%20Tools%20for%20RHEL,%20Liberty%20and%20Clones%209-CLIENT-TOOLS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.0-1.8.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"golang-github-QubitProducts-exporter_exporter":"0.4.0-1.6.1","golang-github-lusitaniae-apache_exporter":"1.0.0-1.8.1","golang-github-prometheus-node_exporter":"1.5.0-1.9.2","prometheus-postgres_exporter":"0.10.1-1.9.2","scap-security-guide-redhat":"0.1.69-1.12.2","spacecmd":"4.3.23-1.18.2"}]},"package":{"ecosystem":"SUSE:Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS","name":"golang-github-prometheus-node_exporter","purl":"pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Manager%20Client%20Tools%20for%20RHEL,%20Liberty%20and%20Clones%209-CLIENT-TOOLS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.5.0-1.9.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"golang-github-QubitProducts-exporter_exporter":"0.4.0-1.6.1","golang-github-lusitaniae-apache_exporter":"1.0.0-1.8.1","golang-github-prometheus-node_exporter":"1.5.0-1.9.2","prometheus-postgres_exporter":"0.10.1-1.9.2","scap-security-guide-redhat":"0.1.69-1.12.2","spacecmd":"4.3.23-1.18.2"}]},"package":{"ecosystem":"SUSE:Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS","name":"prometheus-postgres_exporter","purl":"pkg:rpm/suse/prometheus-postgres_exporter&distro=SUSE%20Manager%20Client%20Tools%20for%20RHEL,%20Liberty%20and%20Clones%209-CLIENT-TOOLS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.10.1-1.9.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"golang-github-QubitProducts-exporter_exporter":"0.4.0-1.6.1","golang-github-lusitaniae-apache_exporter":"1.0.0-1.8.1","golang-github-prometheus-node_exporter":"1.5.0-1.9.2","prometheus-postgres_exporter":"0.10.1-1.9.2","scap-security-guide-redhat":"0.1.69-1.12.2","spacecmd":"4.3.23-1.18.2"}]},"package":{"ecosystem":"SUSE:Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS","name":"scap-security-guide","purl":"pkg:rpm/suse/scap-security-guide&distro=SUSE%20Manager%20Client%20Tools%20for%20RHEL,%20Liberty%20and%20Clones%209-CLIENT-TOOLS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.1.69-1.12.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"golang-github-QubitProducts-exporter_exporter":"0.4.0-1.6.1","golang-github-lusitaniae-apache_exporter":"1.0.0-1.8.1","golang-github-prometheus-node_exporter":"1.5.0-1.9.2","prometheus-postgres_exporter":"0.10.1-1.9.2","scap-security-guide-redhat":"0.1.69-1.12.2","spacecmd":"4.3.23-1.18.2"}]},"package":{"ecosystem":"SUSE:Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS","name":"spacecmd","purl":"pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%20for%20RHEL,%20Liberty%20and%20Clones%209-CLIENT-TOOLS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.3.23-1.18.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update fixes the following issues:\n\ngolang-github-lusitaniae-apache_exporter:\n\n- Security issues fixed:\n  * CVE-2022-32149: Fix denial of service vulnerability (bsc#1204501)\n  * CVE-2022-41723: Fix uncontrolled resource consumption (bsc#1208270)\n  * CVE-2022-46146: Fix authentication bypass vulnarability (bsc#1208046)\n- Changes and bugs fixed:\n  * Updated to 1.0.0 (jsc#PED-5405)\n    + Improved flag parsing\n    + Added support for custom headers\n  * Changes from 0.13.1\n    + Fix panic caused by missing flagConfig options\n  * Changes from 0.11.0 (jsc#SLE-24791)\n    + Add TLS support\n    + Switch to logger, please check --log.level and --log.format flags\n  * Changes from 0.10.1\n    + Bugfix: Reset ProxyBalancer metrics on each scrape to\n    remove stale data\n  * Changes from 0.10.0\n    + Add Apache Proxy and other metrics\n  * Changes from 0.8.0\n    + Change commandline flags\n    + Add metrics: Apache version, request duration total\n  * Changes from 0.7.0\n    + Handle OS TERM signals\n  * Changes from 0.6.0\n    + Add option to override host name\n  * Added support for Red Hat Enterprise Linux\n  * Added AppArmor profile\n  * Added sandboxing options to systemd service unit\n  * Build using promu\n  * Build with Go 1.19\n  * Exclude s390 architecture\n\ngolang-github-prometheus-node_exporter:\n\n- CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server\n  while validating signatures for extremely large RSA keys. (bsc#1213880)\n  There are no direct source changes. The CVE is fixed rebuilding the sources with the patched Go version.\n\ngolang-github-QubitProducts-exporter_exporter:\n\n- CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server\n  while validating signatures for extremely large RSA keys. (bsc#1213880)\n  There are no direct source changes. The CVE is fixed rebuilding the sources with the patched Go version.\n\nprometheus-postgres_exporter:\n\n- CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server\n  while validating signatures for extremely large RSA keys. (bsc#1213880)\n  There are no direct source changes. The CVE is fixed rebuilding the sources with the patched Go version.\n\nscap-security-guide:\n\n- Updated to 0.1.69 (jsc#ECO-3319)\n  - Introduce a JSON build manifest\n  - Introduce a script to compare ComplianceAsCode versions\n  - Introduce CCN profiles for Red Hat Enterprise Linux 9\n  - Map rules to components\n  - products/anolis23: supports Anolis OS 23\n  - Render components to HTML\n  - Store rendered control files\n  - Test and use rules to components mapping\n  - Use distributed product properties\n-  Revert patch that breaks the SLE hardening (bsc#1213691)\n- Changes from 0.1.68 (jsc#ECO-3319)\n  - Bump OL8 STIG version to V1R6\n  - Introduce a Product class, make the project work with it\n  - Introduce Fedora and Firefox CaC profiles for common workstation users\n  - OL7 DISA STIG v2r11 update\n  - Publish rendered policy artifacts\n  - Update ANSSI BP-028 to version 2.0\n- Changes from 0.1.67 (jsc#ECO-3319)\n  - Add utils/controlrefcheck.py\n  - Red Hat Enterprise Linux 9 STIG Update Q1 2023\n  - Include warning for NetworkManager keyfiles in Red Hat Enterprise Linux 9\n  - OL7 stig v2r10 update\n  - Bump version of OL8 STIG to V1R5\n- Various enhancements to SLE profiles\n\nspacecmd:\n\n- Updated to 4.3.23-1\n  * Update translation strings\n\n","id":"SUSE-SU-2023:3875-1","modified":"2023-09-28T11:45:38Z","published":"2023-09-28T11:45:38Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2023/suse-su-20233875-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1204501"},{"type":"REPORT","url":"https://bugzilla.suse.com/1208046"},{"type":"REPORT","url":"https://bugzilla.suse.com/1208270"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213691"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213880"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-32149"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-41723"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-46146"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-29409"}],"related":["CVE-2022-32149","CVE-2022-41723","CVE-2022-46146","CVE-2023-29409"],"summary":"Security update for SUSE Manager Client Tools","upstream":["CVE-2022-32149","CVE-2022-41723","CVE-2022-46146","CVE-2023-29409"]}