SUSE update for Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-29409 |
| CWE-ID | CWE-295 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
SUSE Manager Proxy Module Operating systems & Components / Operating system SUSE Manager Server Module Operating systems & Components / Operating system SUSE Manager Retail Branch Server Operating systems & Components / Operating system SUSE Manager Server Operating systems & Components / Operating system SUSE Manager Proxy Operating systems & Components / Operating system susemanager-tools Operating systems & Components / Operating system package or component inter-server-sync-debuginfo Operating systems & Components / Operating system package or component prometheus-postgres_exporter Operating systems & Components / Operating system package or component susemanager Operating systems & Components / Operating system package or component hub-xmlrpc-api Operating systems & Components / Operating system package or component inter-server-sync Operating systems & Components / Operating system package or component spacewalk-backend-sql Operating systems & Components / Operating system package or component spacewalk-java-postgresql Operating systems & Components / Operating system package or component spacewalk-backend-config-files Operating systems & Components / Operating system package or component spacewalk-backend-xmlrpc Operating systems & Components / Operating system package or component spacewalk-backend-config-files-tool Operating systems & Components / Operating system package or component spacewalk-backend-sql-postgresql Operating systems & Components / Operating system package or component grafana-formula Operating systems & Components / Operating system package or component susemanager-sls Operating systems & Components / Operating system package or component spacewalk-html Operating systems & Components / Operating system package or component spacewalk-backend-tools Operating systems & Components / Operating system package or component spacewalk-backend-app Operating systems & Components / Operating system package or component spacewalk-backend-server Operating systems & Components / Operating system package or component uyuni-config-modules Operating systems & Components / Operating system package or component spacewalk-setup Operating systems & Components / Operating system package or component supportutils-plugin-susemanager Operating systems & Components / Operating system package or component spacewalk-backend-iss-export Operating systems & Components / Operating system package or component spacewalk-taskomatic Operating systems & Components / Operating system package or component spacewalk-java Operating systems & Components / Operating system package or component spacewalk-admin Operating systems & Components / Operating system package or component image-sync-formula Operating systems & Components / Operating system package or component spacewalk-backend-iss Operating systems & Components / Operating system package or component cobbler Operating systems & Components / Operating system package or component saltboot-formula Operating systems & Components / Operating system package or component susemanager-schema-utility Operating systems & Components / Operating system package or component susemanager-docs_en Operating systems & Components / Operating system package or component spacewalk-java-config Operating systems & Components / Operating system package or component spacewalk-backend-config-files-common Operating systems & Components / Operating system package or component spacewalk-backend-xml-export-libs Operating systems & Components / Operating system package or component spacewalk-backend-package-push-server Operating systems & Components / Operating system package or component spacewalk-java-lib Operating systems & Components / Operating system package or component billing-data-service Operating systems & Components / Operating system package or component spacewalk-backend-applet Operating systems & Components / Operating system package or component prometheus-exporters-formula Operating systems & Components / Operating system package or component spacewalk-config Operating systems & Components / Operating system package or component spacewalk-base Operating systems & Components / Operating system package or component susemanager-schema Operating systems & Components / Operating system package or component susemanager-docs_en-pdf Operating systems & Components / Operating system package or component python3-uyuni-common-libs Operating systems & Components / Operating system package or component supportutils-plugin-susemanager-proxy Operating systems & Components / Operating system package or component spacewalk-base-minimal Operating systems & Components / Operating system package or component spacewalk-certs-tools Operating systems & Components / Operating system package or component spacecmd Operating systems & Components / Operating system package or component spacewalk-backend Operating systems & Components / Operating system package or component supportutils-plugin-susemanager-client Operating systems & Components / Operating system package or component python3-spacewalk-certs-tools Operating systems & Components / Operating system package or component spacewalk-base-minimal-config Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Improper Certificate Validation
EUVDB-ID: #VU78913
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-29409
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to verifying certificate chains containing large RSA keys is slow. A remote attacker can cause a client/server to expend significant CPU time verifying signatures.
MitigationUpdate the affected package Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server to the latest version.
Vulnerable software versionsSUSE Manager Proxy Module: 4.3
SUSE Manager Server Module: 4.3
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
susemanager-tools: before 4.3.31-150400.3.36.12
inter-server-sync-debuginfo: before 0.3.0-150400.3.21.15
prometheus-postgres_exporter: before 0.10.1-150400.3.6.17
susemanager: before 4.3.31-150400.3.36.12
hub-xmlrpc-api: before 0.7-150400.5.9.15
inter-server-sync: before 0.3.0-150400.3.21.15
spacewalk-backend-sql: before 4.3.23-150400.3.27.19
spacewalk-java-postgresql: before 4.3.66-150400.3.60.1
spacewalk-backend-config-files: before 4.3.23-150400.3.27.19
spacewalk-backend-xmlrpc: before 4.3.23-150400.3.27.19
spacewalk-backend-config-files-tool: before 4.3.23-150400.3.27.19
spacewalk-backend-sql-postgresql: before 4.3.23-150400.3.27.19
grafana-formula: before 0.9.0-150400.3.12.1
susemanager-sls: before 4.3.35-150400.3.31.12
spacewalk-html: before 4.3.33-150400.3.27.16
spacewalk-backend-tools: before 4.3.23-150400.3.27.19
spacewalk-backend-app: before 4.3.23-150400.3.27.19
spacewalk-backend-server: before 4.3.23-150400.3.27.19
uyuni-config-modules: before 4.3.35-150400.3.31.12
spacewalk-setup: before 4.3.18-150400.3.27.13
supportutils-plugin-susemanager: before 4.3.9-150400.3.15.13
spacewalk-backend-iss-export: before 4.3.23-150400.3.27.19
spacewalk-taskomatic: before 4.3.66-150400.3.60.1
spacewalk-java: before 4.3.66-150400.3.60.1
spacewalk-admin: before 4.3.13-150400.3.12.13
image-sync-formula: before 0.1.1692188980.9aa0455-150400.3.15.13
spacewalk-backend-iss: before 4.3.23-150400.3.27.19
cobbler: before 3.3.3-150400.5.33.13
saltboot-formula: before 0.1.1692188980.9aa0455-150400.3.12.13
susemanager-schema-utility: before 4.3.20-150400.3.24.17
susemanager-docs_en: before 4.3-150400.9.38.2
spacewalk-java-config: before 4.3.66-150400.3.60.1
spacewalk-backend-config-files-common: before 4.3.23-150400.3.27.19
spacewalk-backend-xml-export-libs: before 4.3.23-150400.3.27.19
spacewalk-backend-package-push-server: before 4.3.23-150400.3.27.19
spacewalk-java-lib: before 4.3.66-150400.3.60.1
billing-data-service: before 0.3-150400.10.6.13
spacewalk-backend-applet: before 4.3.23-150400.3.27.19
prometheus-exporters-formula: before 1.3.0-150400.3.3.13
spacewalk-config: before 4.3.11-150400.3.9.13
spacewalk-base: before 4.3.33-150400.3.27.16
susemanager-schema: before 4.3.20-150400.3.24.17
susemanager-docs_en-pdf: before 4.3-150400.9.38.2
python3-uyuni-common-libs: before 4.3.9-150400.3.15.13
supportutils-plugin-susemanager-proxy: before 4.3.3-150400.3.3.13
spacewalk-base-minimal: before 4.3.33-150400.3.27.16
spacewalk-certs-tools: before 4.3.19-150400.3.18.13
spacecmd: before 4.3.23-150400.3.24.13
spacewalk-backend: before 4.3.23-150400.3.27.19
supportutils-plugin-susemanager-client: before 4.3.3-150400.3.3.13
python3-spacewalk-certs-tools: before 4.3.19-150400.3.18.13
spacewalk-base-minimal-config: before 4.3.33-150400.3.27.16
CPE2.3- cpe:2.3:o:suse:suse_manager_proxy_module:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server_module:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:a:suse:susemanager-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:inter-server-sync-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:prometheus-postgres_exporter:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:susemanager:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:hub-xmlrpc-api:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:inter-server-sync:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-backend-sql:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-java-postgresql:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-backend-config-files:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-backend-xmlrpc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-backend-config-files-tool:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-backend-sql-postgresql:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grafana-formula:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:susemanager-sls:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-html:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-backend-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-backend-app:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-backend-server:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:uyuni-config-modules:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-setup:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:supportutils-plugin-susemanager:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-backend-iss-export:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-taskomatic:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-java:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-admin:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:image-sync-formula:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-backend-iss:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cobbler:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:saltboot-formula:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:susemanager-schema-utility:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:susemanager-docs_en:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-java-config:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-backend-config-files-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-backend-xml-export-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-backend-package-push-server:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-java-lib:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:billing-data-service:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-backend-applet:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:prometheus-exporters-formula:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-config:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:susemanager-schema:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:susemanager-docs_en-pdf:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python3-uyuni-common-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:supportutils-plugin-susemanager-proxy:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-base-minimal:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-certs-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacecmd:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-backend:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:supportutils-plugin-susemanager-client:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python3-spacewalk-certs-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-base-minimal-config:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2023/suse-su-20233861-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
