SUSE update for Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server

Published: 2023-12-27

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2023-22644
CWE-ID	CWE-532
Exploitation vector	Local
Public exploit	N/A
Vulnerable software Subscribe	Public Cloud Module Operating systems & Components / Operating system SUSE Manager Proxy Module Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 Operating systems & Components / Operating system SUSE Manager Server Module Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system SUSE Manager Retail Branch Server Operating systems & Components / Operating system SUSE Manager Server Operating systems & Components / Operating system SUSE Manager Proxy Operating systems & Components / Operating system spacewalk-backend-app Operating systems & Components / Operating system package or component spacewalk-backend-package-push-server Operating systems & Components / Operating system package or component uyuni-config-modules Operating systems & Components / Operating system package or component spacewalk-backend-applet Operating systems & Components / Operating system package or component spacewalk-backend-tools Operating systems & Components / Operating system package or component billing-data-service Operating systems & Components / Operating system package or component spacewalk-java-postgresql Operating systems & Components / Operating system package or component spacewalk-java-lib Operating systems & Components / Operating system package or component subscription-matcher Operating systems & Components / Operating system package or component spacewalk-backend-server Operating systems & Components / Operating system package or component spacewalk-java Operating systems & Components / Operating system package or component uyuni-reportdb-schema Operating systems & Components / Operating system package or component spacewalk-backend-sql Operating systems & Components / Operating system package or component spacewalk-backend-config-files Operating systems & Components / Operating system package or component spacewalk-java-config Operating systems & Components / Operating system package or component spacewalk-backend-xml-export-libs Operating systems & Components / Operating system package or component spacewalk-backend-iss-export Operating systems & Components / Operating system package or component susemanager-schema-utility Operating systems & Components / Operating system package or component spacewalk-backend-xmlrpc Operating systems & Components / Operating system package or component spacewalk-html Operating systems & Components / Operating system package or component susemanager-sls Operating systems & Components / Operating system package or component susemanager-docs_en Operating systems & Components / Operating system package or component spacewalk-taskomatic Operating systems & Components / Operating system package or component spacewalk-backend-iss Operating systems & Components / Operating system package or component susemanager-schema Operating systems & Components / Operating system package or component spacewalk-base Operating systems & Components / Operating system package or component spacewalk-backend-sql-postgresql Operating systems & Components / Operating system package or component susemanager-docs_en-pdf Operating systems & Components / Operating system package or component spacewalk-backend-config-files-common Operating systems & Components / Operating system package or component susemanager-sync-data Operating systems & Components / Operating system package or component spacewalk-search Operating systems & Components / Operating system package or component spacewalk-backend-config-files-tool Operating systems & Components / Operating system package or component inter-server-sync-debuginfo Operating systems & Components / Operating system package or component susemanager Operating systems & Components / Operating system package or component susemanager-tools Operating systems & Components / Operating system package or component inter-server-sync Operating systems & Components / Operating system package or component spacewalk-base-minimal-config Operating systems & Components / Operating system package or component susemanager-tftpsync-recv Operating systems & Components / Operating system package or component spacewalk-base-minimal Operating systems & Components / Operating system package or component spacewalk-client-tools Operating systems & Components / Operating system package or component python3-spacewalk-client-setup Operating systems & Components / Operating system package or component spacewalk-proxy-package-manager Operating systems & Components / Operating system package or component spacewalk-proxy-management Operating systems & Components / Operating system package or component spacewalk-check Operating systems & Components / Operating system package or component spacewalk-proxy-salt Operating systems & Components / Operating system package or component spacewalk-backend Operating systems & Components / Operating system package or component spacewalk-proxy-common Operating systems & Components / Operating system package or component spacewalk-proxy-broker Operating systems & Components / Operating system package or component python3-spacewalk-check Operating systems & Components / Operating system package or component spacewalk-client-setup Operating systems & Components / Operating system package or component spacewalk-proxy-redirect Operating systems & Components / Operating system package or component python3-spacewalk-client-tools Operating systems & Components / Operating system package or component spacecmd Operating systems & Components / Operating system package or component apache2-mod_wsgi-debuginfo Operating systems & Components / Operating system package or component apache2-mod_wsgi Operating systems & Components / Operating system package or component apache2-mod_wsgi-debugsource Operating systems & Components / Operating system package or component
Vendor	SUSE

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Inclusion of Sensitive Information in Log Files

EUVDB-ID: #VU84791

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22644

CWE-ID: CWE-532 - Information Exposure Through Log Files

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to software stores sensitive information into log files. A local user can read the log files and gain access to sensitive data.

Mitigation

Update the affected package Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP4 - 15-SP5

SUSE Manager Proxy Module: 4.3

SUSE Linux Enterprise Server for SAP Applications 15: SP4 - SP5

SUSE Linux Enterprise Server 15: SP4 - SP5

SUSE Linux Enterprise High Performance Computing 15: SP4 - SP5

SUSE Manager Server Module: 4.3

openSUSE Leap: 15.4 - 15.5

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

spacewalk-backend-app: before 4.3.25-150400.3.33.7

spacewalk-backend-package-push-server: before 4.3.25-150400.3.33.7

uyuni-config-modules: before 4.3.37-150400.3.37.5

spacewalk-backend-applet: before 4.3.25-150400.3.33.7

spacewalk-backend-tools: before 4.3.25-150400.3.33.7

billing-data-service: before 4.3.2-150400.10.12.5

spacewalk-java-postgresql: before 4.3.69-150400.3.69.5

spacewalk-java-lib: before 4.3.69-150400.3.69.5

subscription-matcher: before 0.33-150400.3.16.3

spacewalk-backend-server: before 4.3.25-150400.3.33.7

spacewalk-java: before 4.3.69-150400.3.69.5

uyuni-reportdb-schema: before 4.3.8-150400.3.9.6

spacewalk-backend-sql: before 4.3.25-150400.3.33.7

spacewalk-backend-config-files: before 4.3.25-150400.3.33.7

spacewalk-java-config: before 4.3.69-150400.3.69.5

spacewalk-backend-xml-export-libs: before 4.3.25-150400.3.33.7

spacewalk-backend-iss-export: before 4.3.25-150400.3.33.7

susemanager-schema-utility: before 4.3.22-150400.3.30.5

spacewalk-backend-xmlrpc: before 4.3.25-150400.3.33.7

spacewalk-html: before 4.3.36-150400.3.36.7

susemanager-sls: before 4.3.37-150400.3.37.5

susemanager-docs_en: before 4.3-150400.9.50.5

spacewalk-taskomatic: before 4.3.69-150400.3.69.5

spacewalk-backend-iss: before 4.3.25-150400.3.33.7

susemanager-schema: before 4.3.22-150400.3.30.5

spacewalk-base: before 4.3.36-150400.3.36.7

spacewalk-backend-sql-postgresql: before 4.3.25-150400.3.33.7

susemanager-docs_en-pdf: before 4.3-150400.9.50.5

spacewalk-backend-config-files-common: before 4.3.25-150400.3.33.7

susemanager-sync-data: before 4.3.14-150400.3.17.5

spacewalk-search: before 4.3.10-150400.3.15.4

spacewalk-backend-config-files-tool: before 4.3.25-150400.3.33.7

inter-server-sync-debuginfo: before 0.3.1-150400.3.24.5

susemanager: before 4.3.33-150400.3.42.4

susemanager-tools: before 4.3.33-150400.3.42.4

inter-server-sync: before 0.3.1-150400.3.24.5

spacewalk-base-minimal-config: before 4.3.36-150400.3.36.7

susemanager-tftpsync-recv: before 4.3.9-150400.3.9.5

spacewalk-base-minimal: before 4.3.36-150400.3.36.7

spacewalk-client-tools: before 4.3.17-150400.3.21.6

python3-spacewalk-client-setup: before 4.3.17-150400.3.21.6

spacewalk-proxy-package-manager: before 4.3.17-150400.3.23.5

spacewalk-proxy-management: before 4.3.17-150400.3.23.5

spacewalk-check: before 4.3.17-150400.3.21.6

spacewalk-proxy-salt: before 4.3.17-150400.3.23.5

spacewalk-backend: before 4.3.25-150400.3.33.7

spacewalk-proxy-common: before 4.3.17-150400.3.23.5

spacewalk-proxy-broker: before 4.3.17-150400.3.23.5

python3-spacewalk-check: before 4.3.17-150400.3.21.6

spacewalk-client-setup: before 4.3.17-150400.3.21.6

spacewalk-proxy-redirect: before 4.3.17-150400.3.23.5

python3-spacewalk-client-tools: before 4.3.17-150400.3.21.6

spacecmd: before 4.3.25-150400.3.30.5

apache2-mod_wsgi-debuginfo: before 4.7.1-150400.3.9.4

apache2-mod_wsgi: before 4.7.1-150400.3.9.4

apache2-mod_wsgi-debugsource: before 4.7.1-150400.3.9.4

External links

http://www.suse.com/support/update/announcement/2023/suse-su-20234737-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.