Bug 1181400 - AUDIT-TASK: Evaluate systemd hardenings and get more services to use them
AUDIT-TASK: Evaluate systemd hardenings and get more services to use them
Status: IN_PROGRESS
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Audits
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Johannes Segitz
Security Team bot
:
Depends on: 1193118 1193149 1191614 1195288 1195289
Blocks:
  Show dependency treegraph
 
Reported: 2021-01-26 07:51 UTC by Johannes Segitz
Modified: 2022-08-16 13:18 UTC (History)
15 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2021-01-26 07:51:23 UTC
Analyze service:
systemd-analyze security smartd.service

E.g. settings options like NoNewPrivileges in as many services as possible. We could also have this in rpmlint that it warns if you don't have some default set of options and we carry a whitelist for services that really can't have those
Comment 1 Marcus Meissner 2021-01-26 12:55:29 UTC
originated from DIrk Muellers post on opensuse-factory
Comment 5 Johannes Segitz 2021-03-04 12:41:58 UTC
I will start to work on this. Will probably turn into a longer project
Comment 6 Johannes Segitz 2021-07-27 08:00:15 UTC
I'm working on a script that can submit these changes in mass. Documentation:
https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
Comment 7 Johannes Segitz 2021-07-28 12:17:54 UTC
I've sent the first 10 submissions, lets see how this goes
Comment 8 Richard Brown 2021-08-31 12:55:40 UTC
A number of this submissions hit packages which ONLY exist for use within containers in Kubic.

The documentation states that "that many of these sandboxing features are gracefully turned off on systems where the underlying security mechanism is not available. For example, ProtectSystem= has no effect if the kernel is built without file system namespacing or if the service manager runs in a container manager that makes file system namespacing unavailable to its payload"

Are we sure all of these parameters are safe to use and/or noops when run in containers?
Comment 9 Johannes Segitz 2021-09-01 09:02:32 UTC
no, we're not (although I would assume that it is safe). I can exclude these packages (I assume coredns) if necessary. I rely on packager testing as I do this for all of Factory and can't test them individually
Comment 10 Jan Engelhardt 2021-09-01 09:19:30 UTC
Take note that ProtectClock= implies a DeviceAllow= line, which implies a device *restriction* for every other device (minus the obvious /dev/null and a few).
Comment 11 Johannes Segitz 2021-09-01 12:34:13 UTC
Yes I know. In the default list I use PrivateDevices is included, so that's already covered
Comment 12 Archie Cobbs 2021-09-14 15:49:28 UTC
Great idea but on systems with systemd < 244 this will generate one or more warnings like this to syslog:

    Unknown key name 'XXX' in section 'Service', ignoring.

I've inventoried when newer options were introduced. Ideally any unsupported options could be removed from the patched file during the %prep step.

244 - ProtectKernelLogs

242 - ProtectHostname

239 - PrivateMounts

232 - ProtectKernelModules, ProtectKernelTunables, ProtectControlGroups

231 - RestrictRealtime
Comment 13 Johannes Segitz 2021-09-15 07:25:36 UTC
thanks for the suggestions. I'm concentrating on Factory for now. I'll check if I can find a way to add statements that modify the patches depending on the build target, but that might be difficult to do for arbitrary packages
Comment 14 Archie Cobbs 2021-09-15 14:41:53 UTC
> thanks for the suggestions. I'm concentrating on Factory for now. I'll check if I can find a way to add statements that modify the patches depending on the build target, but that might be difficult to do for arbitrary packages

Understood - this is probably easier said than done.

FWIW here's my hack for this:

# Avoid "Unknown key name 'XXX' in section 'Service', ignoring." warnings from systemd on older releases
%if 0%{?is_opensuse} && 0%{?sle_version} < 150300
sed -r -i '/^(Protect(Home|Hostname|KernelLogs)|PrivateMounts)=/d' src/unit/fonehome.service
%endif
Comment 15 Johannes Segitz 2021-09-16 06:05:14 UTC
yes it unfortunately is. For now I added it to the FAQ at
https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
so that interested maintainers can add it manually
Comment 16 Archie Cobbs 2021-09-16 15:20:04 UTC
Perfect - thanks.
Comment 17 Enzo Matsumiya 2021-09-17 23:39:03 UTC
Hello. I just noticed (a bit late, I admit) "ProtectSystem=full" have broken audit package.

What broke
==========

# rm -rf /etc/audit/audit.rules
# systemctl start auditd.service

> Sep 17 19:54:33 cyberdelia systemd[1]: Starting Security Auditing Service...
> Sep 17 19:54:33 cyberdelia auditd[18786]: No plugins found, not dispatching events
> Sep 17 19:54:33 cyberdelia auditd[18786]: Init complete, auditd 3.0.3 listening for events (startup state enable)
> Sep 17 19:54:33 cyberdelia augenrules[18798]: cp: cannot create regular file '/etc/audit/audit.rules': Read-only file system
> Sep 17 19:54:33 cyberdelia augenrules[18799]: chmod: cannot access '/etc/audit/audit.rules': No such file or directory
> Sep 17 19:54:33 cyberdelia systemd[1]: Started Security Auditing Service.

augenrules will try to merge all the rules from all files in /etc/audit/rules.d and put them all into /etc/audit/audit.rules file.


Why this wasn't caught earlier
==============================

Since the audit spec file will create both files upon installation, my tests didn't caught this.
Only when changing the rules and/or /etc/audit/audit.rules is removed that this can be observed.
Also since audit-testsuite changes/creates the rules dynamically (through auditctl), this couldn't be observed as well.

And it's also surprinsing nobody has reported this earlier.

How to fix
==========

I'd suggest removing the ProtectSystem directive altogether. (and  PrivateDevices=true as well)

If that's too blunt, we can consider adding:

ReadWritePaths=/etc/audit

as an initial measure. But still, considering audit's purpose and design, I'd like to insist on removing the entries mentioned above completely.

Please let me know of your thoughts.
Comment 18 Johannes Segitz 2021-09-20 08:10:59 UTC
Thanks for the detailed writeup.
ReadWritePaths=/etc/audit
would be my preferred way ff that works. Removing the entries would be only a last resort. Is that okay for you?
Comment 19 Enzo Matsumiya 2021-09-20 13:37:15 UTC
(In reply to Johannes Segitz from comment #18)
> Thanks for the detailed writeup.
> ReadWritePaths=/etc/audit
> would be my preferred way ff that works. Removing the entries would be only
> a last resort. Is that okay for you?

Ok, I'll submit with the v3.0.5 I'm preparing.

Just FTR, this assumes users:

- won't set log_file to anywhere in /etc
- won't try to monitor something in /dev

These are hard assumptions, but I've seem some crazy rules around :P
Comment 20 Johannes Segitz 2021-09-20 14:06:47 UTC
Writing logs to /etc is (hopefully) uncommon, but monitoring /dev could be a real usecase, so PrivateDevices should be dropped. Do you want me to resubmit?
Comment 21 Enzo Matsumiya 2021-09-20 14:11:00 UTC
(In reply to Johannes Segitz from comment #20)
> Writing logs to /etc is (hopefully) uncommon, but monitoring /dev could be a
> real usecase, so PrivateDevices should be dropped. Do you want me to
> resubmit?

Ok, I'll drop it then.

I haven't submitted yet. AFAIK I revoked my last submission from last week. Please confirm.
Comment 22 OBSbugzilla Bot 2021-09-22 16:40:07 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/920996 Factory / gpsd
Comment 23 OBSbugzilla Bot 2021-09-23 08:40:06 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/921079 Factory / gpsd
Comment 25 OBSbugzilla Bot 2021-09-27 12:40:11 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/921732 Factory / gpsd
Comment 28 OBSbugzilla Bot 2021-10-07 14:40:06 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/923735 Factory / gerbera
Comment 29 Ludwig Nussel 2021-10-12 13:55:33 UTC
Wrt hardening auditd it may make sense to split off the augenrules part into a separate service. The running auditd does not need write permissions on /etc/audit so shouldn't have it either.
Comment 30 OBSbugzilla Bot 2021-10-14 12:40:06 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/925223 Factory / oidentd
Comment 31 OBSbugzilla Bot 2021-10-15 16:40:06 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/925491 Factory / nginx
Comment 32 OBSbugzilla Bot 2021-10-17 20:40:06 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/925880 Factory / parkverbot
Comment 33 OBSbugzilla Bot 2021-10-20 10:40:14 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/926513 15.2 / hylafax+
https://build.opensuse.org/request/show/926514 15.3 / hylafax+
Comment 35 OBSbugzilla Bot 2021-10-24 16:40:07 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/927197 Factory / lighttpd
Comment 38 OBSbugzilla Bot 2021-10-26 16:40:09 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/927550 Backports:SLE-15-SP3 / gpsd
https://build.opensuse.org/request/show/927551 Backports:SLE-15-SP2 / gpsd
https://build.opensuse.org/request/show/927552 15.2 / gpsd
Comment 40 Takashi Iwai 2021-10-28 11:12:46 UTC
The change in pulseaudio seems problematic, now in openQA, PA couldn't see devices.
  https://build.opensuse.org/request/show/927428
Comment 41 Swamp Workflow Management 2021-10-31 20:42:31 UTC
openSUSE-RU-2021:1421-1: An update that has two recommended fixes can now be installed.

Category: recommended (moderate)
Bug References: 1181400,1191571
CVE References: 
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    hylafax+-7.0.4-lp152.3.12.1
Comment 42 Swamp Workflow Management 2021-11-04 02:18:57 UTC
openSUSE-RU-2021:1447-1: An update that has two recommended fixes can now be installed.

Category: recommended (moderate)
Bug References: 1181400,1191571
CVE References: 
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP2 (src):    hylafax+-7.0.4-bp152.3.12.1
Comment 43 Johannes Segitz 2021-11-11 14:45:02 UTC
(In reply to Takashi Iwai from comment #40)
sorry for that, PrivateDevices should definitely not be in there. I'll need to do more testing with users services. Thanks for reverting
Comment 47 OBSbugzilla Bot 2021-11-16 11:40:45 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/931724 15.3 / gnuhealth
Comment 48 OBSbugzilla Bot 2021-11-18 15:40:07 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/932263 Factory / shadow
Comment 49 William Brown 2021-11-19 00:59:11 UTC
Hey there, would be happy to have this on 389-ds, as well as some other protections too. I think that it's service file is upstream though, so I'd be happy to coordinate this with them :)
Comment 51 OBSbugzilla Bot 2021-11-23 09:40:07 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/933217 Factory / spamassassin
Comment 52 OBSbugzilla Bot 2021-11-29 13:40:12 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/934541 Backports:SLE-15-SP4 / shairport-sync
Comment 54 Stefan Seyfried 2021-12-06 11:28:58 UTC
klog.service cannot work.

Has anybody even looked at the changes before blindly committing them?


ProtectKernelLogs=true
...
ExecStart=/bin/sh -c "/bin/dmesg -r > /var/log/boot.msg"


m)
Comment 55 Stefan Seyfried 2021-12-06 11:45:20 UTC
Additionally, 

StandardError=tty
StandardOutput=tty

is broken by 

PrivateDevices=true
ProtectClock=true

So either change Standard{Output,Error} to something different or remove the ProtectClock / PrivateDevices settings from klog.service, please.
Comment 56 Johannes Segitz 2021-12-06 15:08:33 UTC
(In reply to Stefan Seyfried from comment #54)
Have a look at bsc#1193172/sr#934727

Apart from that: You're very welcome in helping testing these changes.
Comment 57 Stefan Seyfried 2021-12-07 07:32:57 UTC
Is there a repo I could add that contains tumbleweed + upcoming hardening changes to test this?
Comment 60 Alexander Kanevskiy 2021-12-08 14:15:42 UTC
I've noticed that this hardening broken the vtysh operation in frr package: it cant anymore save updated configs.

Adding ReadWritePaths=/etc/frr solved the issue.
Comment 62 Johannes Segitz 2021-12-09 08:37:44 UTC
(In reply to Stefan Seyfried from comment #57)
yes :) home:jsegitz:branches:systemdhardening contains all of the upcoming hardenings. I also try to use it for the packages where I have to do manual fixing, but I'm not 100% consistent. I'll try to use only this project from now on
Comment 63 Stefan Seyfried 2021-12-09 09:34:52 UTC
> osc ls home:jsegitz:branches:systemdhardening
Server returned an error: HTTP Error 404: Not Found
Project not found: home:jsegitz:branches:systemdhardening

maybe it is on a different OBS instance?
Comment 64 Marcus Meissner 2021-12-09 10:20:24 UTC
its a hierarchy, they are subprojects below that.

obs ls |grep home:jsegitz:branches:systemdhardening
Comment 65 Stefan Seyfried 2021-12-09 11:58:03 UTC
Yes, but then there is not "one repo to add" but lots of repos to add, which is not really feasible.
So I'll wait for the stuff to arrive in factory.
Comment 66 OBSbugzilla Bot 2021-12-10 19:30:07 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/939443 Factory / sysprof
Comment 67 Swamp Workflow Management 2021-12-14 11:19:25 UTC
openSUSE-SU-2021:4018-1: An update that solves two vulnerabilities, contains three features and has four fixes is now available.

Category: security (moderate)
Bug References: 1152964,1174075,1181400,1188875,1190069,1190896
CVE References: CVE-2021-36386,CVE-2021-39272
JIRA References: SLE-17903,SLE-18059,SLE-18159
Sources used:
openSUSE Leap 15.3 (src):    fetchmail-6.4.22-20.20.1
Comment 68 Swamp Workflow Management 2021-12-14 11:24:23 UTC
SUSE-SU-2021:4018-1: An update that solves two vulnerabilities, contains three features and has four fixes is now available.

Category: security (moderate)
Bug References: 1152964,1174075,1181400,1188875,1190069,1190896
CVE References: CVE-2021-36386,CVE-2021-39272
JIRA References: SLE-17903,SLE-18059,SLE-18159
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    fetchmail-6.4.22-20.20.1
SUSE Linux Enterprise Server for SAP 15 (src):    fetchmail-6.4.22-20.20.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    fetchmail-6.4.22-20.20.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    fetchmail-6.4.22-20.20.1
SUSE Linux Enterprise Server 15-LTSS (src):    fetchmail-6.4.22-20.20.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src):    fetchmail-6.4.22-20.20.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (src):    fetchmail-6.4.22-20.20.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    fetchmail-6.4.22-20.20.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    fetchmail-6.4.22-20.20.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    fetchmail-6.4.22-20.20.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    fetchmail-6.4.22-20.20.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    fetchmail-6.4.22-20.20.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    fetchmail-6.4.22-20.20.1
SUSE Enterprise Storage 6 (src):    fetchmail-6.4.22-20.20.1
SUSE CaaS Platform 4.0 (src):    fetchmail-6.4.22-20.20.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 69 OBSbugzilla Bot 2021-12-15 13:10:05 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/940718 Factory / sbd
Comment 70 Swamp Workflow Management 2021-12-17 14:18:40 UTC
openSUSE-SU-2021:1591-1: An update that solves two vulnerabilities, contains three features and has four fixes is now available.

Category: security (moderate)
Bug References: 1152964,1174075,1181400,1188875,1190069,1190896
CVE References: CVE-2021-36386,CVE-2021-39272
JIRA References: SLE-17903,SLE-18059,SLE-18159
Sources used:
openSUSE Leap 15.2 (src):    fetchmail-6.4.22-lp152.6.12.1
Comment 71 OBSbugzilla Bot 2021-12-21 15:51:25 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/941864 Factory / parsec
Comment 73 OBSbugzilla Bot 2022-01-04 16:30:03 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/943792 Backports:SLE-15-SP3 / prosody
Comment 76 Swamp Workflow Management 2022-01-08 20:16:24 UTC
openSUSE-RU-2022:0009-1: An update that has two recommended fixes can now be installed.

Category: recommended (important)
Bug References: 1181400,1192126
CVE References: 
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    ovmf-202008-10.11.1
openSUSE Backports SLE-15-SP3 (src):    prosody-0.11.11-bp153.2.9.1
Comment 77 OBSbugzilla Bot 2022-01-10 09:20:03 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/945229 Factory / wireguard-tools
Comment 78 OBSbugzilla Bot 2022-01-10 15:40:03 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/945357 Factory / watchman
Comment 79 OBSbugzilla Bot 2022-01-10 17:10:03 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/945374 Factory / vhostmd
Comment 80 OBSbugzilla Bot 2022-01-11 13:00:03 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/945580 15.2 / watchman
Comment 82 OBSbugzilla Bot 2022-01-17 12:40:03 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/946942 Backports:SLE-15-SP3 / watchman
Comment 83 Swamp Workflow Management 2022-01-17 23:19:19 UTC
openSUSE-SU-2022:0016-1: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 1181400,1194470
CVE References: CVE-2022-21944
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP3 (src):    watchman-4.9.0-bp153.2.3.1
Comment 86 OBSbugzilla Bot 2022-01-22 15:30:05 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/948120 Backports:SLE-15-SP3 / lighttpd
Comment 89 OBSbugzilla Bot 2022-01-25 09:10:04 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/948944 Backports:SLE-15-SP1 / zabbix
https://build.opensuse.org/request/show/948946 Backports:SLE-15-SP2 / zabbix
https://build.opensuse.org/request/show/948947 Backports:SLE-15-SP4 / zabbix
Comment 90 OBSbugzilla Bot 2022-01-25 10:20:06 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/948969 15.1 / zabbix
https://build.opensuse.org/request/show/948975 15.3 / zabbix
Comment 94 Emanuel Castelo 2022-01-27 17:49:32 UTC
the package mbpfan had security hardening added, post hardening the service refused to start, i remarked out the added hardening and service again started normally, i am not sure where the issue arises with hardening added, mbpfan is a must for those of us who have MacBookPro's otherwise linux generally fries the machine

https://susepaste.org/64357756
Comment 96 Marcus Meissner 2022-01-28 08:24:23 UTC
(In reply to Emanuel Castelo from comment #94)
> the package mbpfan had security hardening added, post hardening the service
> refused to start, i remarked out the added hardening and service again
> started normally, i am not sure where the issue arises with hardening added,
> mbpfan is a must for those of us who have MacBookPro's otherwise linux
> generally fries the machine
> 
> https://susepaste.org/64357756

could you try to comment out the hardening lines one by one and see what breaks it?
Comment 97 Johannes Segitz 2022-01-28 09:28:12 UTC
(In reply to Marcus Meissner from comment #96)
I've opened bsc#1195253 to track this
Comment 101 Swamp Workflow Management 2022-02-02 17:17:33 UTC
openSUSE-SU-2022:0024-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (important)
Bug References: 1146452,1181400,1194376
CVE References: CVE-2022-22707
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP3 (src):    lighttpd-1.4.64-bp153.2.3.1
Comment 102 Dirk Weber 2022-02-02 21:11:49 UTC
Todays lighttpd update for openSUSE Leap 15.3 containing the hardening settings broke access to the users public_html directories. Details see bug 1195465.
Comment 104 OBSbugzilla Bot 2022-02-08 12:40:04 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/952678 Factory / killerd
Comment 105 OBSbugzilla Bot 2022-02-13 23:00:08 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/954122 Backports:SLE-15-SP3 / zabbix
Comment 106 OBSbugzilla Bot 2022-02-14 18:30:04 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/954363 Factory / owntone
Comment 107 Swamp Workflow Management 2022-02-16 14:19:46 UTC
openSUSE-SU-2022:0036-1: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1144018,1174253,1181400,1183014,1194681
CVE References: CVE-2020-15803,CVE-2021-27927,CVE-2022-23134
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    zabbix-4.0.37-lp153.2.3.1
Comment 108 OBSbugzilla Bot 2022-02-17 09:20:15 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/955587 15.3 / gnuhealth
Comment 112 Swamp Workflow Management 2022-02-28 20:27:47 UTC
SUSE-FU-2022:0599-1: An update that has one feature fix and contains one feature can now be installed.

Category: feature (moderate)
Bug References: 1181400
CVE References: 
JIRA References: SLE-22863
Sources used:
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (src):    golang-github-prometheus-prometheus-2.32.1-4.3.2
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (src):    golang-github-prometheus-prometheus-2.32.1-4.3.2
SUSE Enterprise Storage 6 (src):    golang-github-prometheus-prometheus-2.32.1-4.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 113 Swamp Workflow Management 2022-02-28 20:29:02 UTC
SUSE-FU-2022:0601-1: An update that has one feature fix and contains one feature can now be installed.

Category: feature (moderate)
Bug References: 1181400
CVE References: 
JIRA References: SLE-22863
Sources used:
SUSE Manager Tools 15 (src):    golang-github-prometheus-prometheus-2.32.1-3.35.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 114 Swamp Workflow Management 2022-02-28 20:33:06 UTC
SUSE-FU-2022:0600-1: An update that has one feature fix and contains one feature can now be installed.

Category: feature (moderate)
Bug References: 1181400
CVE References: 
JIRA References: SLE-22863
Sources used:
SUSE Manager Tools 12 (src):    golang-github-prometheus-prometheus-2.32.1-1.32.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 115 Swamp Workflow Management 2022-02-28 20:37:59 UTC
openSUSE-FU-2022:0599-1: An update that has one feature fix and contains one feature can now be installed.

Category: feature (moderate)
Bug References: 1181400
CVE References: 
JIRA References: SLE-22863
Sources used:
openSUSE Leap 15.4 (src):    golang-github-prometheus-prometheus-2.32.1-4.3.2
openSUSE Leap 15.3 (src):    golang-github-prometheus-prometheus-2.32.1-4.3.2
Comment 116 Swamp Workflow Management 2022-03-01 20:22:01 UTC
openSUSE-RU-2022:0059-1: An update that has one recommended fix can now be installed.

Category: recommended (moderate)
Bug References: 1181400
CVE References: 
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    gnuhealth-3.8.0-lp153.4.3.1
Comment 117 Swamp Workflow Management 2022-03-01 20:24:09 UTC
openSUSE-SU-2022:0058-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1144018,1181400,1194020,1194215,1194681
CVE References: CVE-2020-15803,CVE-2021-27927,CVE-2021-4126,CVE-2021-44538,CVE-2022-23134
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    MozillaThunderbird-91.4.1-8.48.1
openSUSE Backports SLE-15-SP3 (src):    zabbix-4.0.38-bp153.2.3.1
Comment 118 Swamp Workflow Management 2022-03-02 14:23:44 UTC
SUSE-RU-2022:0655-1: An update that has 11 recommended fixes can now be installed.

Category: recommended (moderate)
Bug References: 1042673,1070653,1083705,1089088,1125951,1144062,1179553,1180314,1181400,1187188,786024
CVE References: 
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    vsftpd-3.0.5-48.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 119 OBSbugzilla Bot 2022-03-07 12:40:04 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/959871 Backports:SLE-15-SP3 / minidlna
Comment 120 Swamp Workflow Management 2022-03-08 17:20:03 UTC
SUSE-SU-2022:0751-1: An update that fixes 12 vulnerabilities, contains three features is now available.

Category: security (moderate)
Bug References: 1097531,1181400,1190462,1193357,1194363,1194873,1195625,1195726,1195727,1195728
CVE References: CVE-2021-36222,CVE-2021-3711,CVE-2021-39226,CVE-2021-41174,CVE-2021-41244,CVE-2021-43798,CVE-2021-43813,CVE-2021-43815,CVE-2022-21673,CVE-2022-21702,CVE-2022-21703,CVE-2022-21713
JIRA References: SLE-22863,SLE-23422,SLE-23439
Sources used:
SUSE Manager Tools 15-BETA (src):    golang-github-prometheus-prometheus-2.32.1-159000.6.24.1, grafana-8.3.5-159000.4.21.1, salt-3004-159000.8.50.1, spacecmd-4.3.7-159000.6.33.1, spacewalk-client-tools-4.3.6-159000.6.39.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 121 Swamp Workflow Management 2022-03-08 17:21:35 UTC
SUSE-FU-2022:0750-1: An update that solves one vulnerability, contains one feature and has 8 fixes is now available.

Category: feature (moderate)
Bug References: 1097531,1181400,1190462,1190781,1193357,1193565,1193671,1194363,1195906
CVE References: CVE-2021-45083
JIRA References: SLE-22863
Sources used:
SUSE Manager Tools 12-BETA (src):    cobbler-2.6.6-52.12.1, golang-github-prometheus-prometheus-2.32.1-4.24.1, mgr-cfg-4.3.4-4.21.1, salt-3000-53.5.1, spacecmd-4.3.7-41.33.1, spacewalk-client-tools-4.3.6-55.39.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 122 Ali Abdallah 2022-03-09 11:46:44 UTC
(In reply to Archie Cobbs from comment #14)
> # Avoid "Unknown key name 'XXX' in section 'Service', ignoring." warnings
> from systemd on older releases
> %if 0%{?is_opensuse} && 0%{?sle_version} < 150300
> sed -r -i '/^(Protect(Home|Hostname|KernelLogs)|PrivateMounts)=/d'
> src/unit/fonehome.service
> %endif

I got a customer complaining about these warnings they are getting from their 12-SP5 system for vsftpd...

I was playing with the spec file of vsftpd, the statement 

%if 0%{?is_opensuse} && 0%{?sle_version} < 150300

is never true on 12-SP5.
Comment 125 Swamp Workflow Management 2022-03-11 02:18:08 UTC
openSUSE-SU-2022:0079-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 1181400,1196814
CVE References: CVE-2022-26505
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP3 (src):    minidlna-1.3.1-bp153.2.3.1
Comment 127 Johannes Segitz 2022-03-11 13:23:06 UTC
(In reply to Ali Abdallah from comment #122)
that is strange. This is intended to be an effort for Factory. I'm surprised to see this being backported to SLE 12. Can you please open a bug for the maintainer? Thanks
Comment 128 Ali Abdallah 2022-03-11 15:18:38 UTC
(In reply to Johannes Segitz from comment #127)
> that is strange. This is intended to be an effort for Factory. I'm surprised
> to see this being backported to SLE 12. Can you please open a bug for the
> maintainer? Thanks

It is already handled in bug 1196918.

See the changelog of [1], for some reason the hardening were added to vsftpd on 12-SP5 as well...

[1] https://build.suse.de/request/show/263827
Comment 132 Swamp Workflow Management 2022-03-16 14:29:46 UTC
SUSE-SU-2022:0872-1: An update that contains security fixes and contains one feature can now be installed.

Category: security (important)
Bug References: 1181400,1182529
CVE References: 
JIRA References: SLE-20679
Sources used:
SUSE Manager Server 4.1 (src):    stunnel-5.62-3.14.1
SUSE Manager Retail Branch Server 4.1 (src):    stunnel-5.62-3.14.1
SUSE Manager Proxy 4.1 (src):    stunnel-5.62-3.14.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    stunnel-5.62-3.14.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    stunnel-5.62-3.14.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    stunnel-5.62-3.14.1
SUSE Linux Enterprise Realtime Extension 15-SP2 (src):    stunnel-5.62-3.14.1
SUSE Linux Enterprise Module for Server Applications 15-SP4 (src):    stunnel-5.62-3.14.1
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    stunnel-5.62-3.14.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    stunnel-5.62-3.14.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    stunnel-5.62-3.14.1
SUSE Enterprise Storage 7 (src):    stunnel-5.62-3.14.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 133 Swamp Workflow Management 2022-03-16 14:32:45 UTC
openSUSE-SU-2022:0872-1: An update that contains security fixes and contains one feature can now be installed.

Category: security (important)
Bug References: 1181400,1182529
CVE References: 
JIRA References: SLE-20679
Sources used:
openSUSE Leap 15.4 (src):    stunnel-5.62-3.14.1
openSUSE Leap 15.3 (src):    stunnel-5.62-3.14.1
Comment 136 OBSbugzilla Bot 2022-03-22 17:40:03 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/964031 Backports:SLE-15-SP4 / gpsd
Comment 139 OBSbugzilla Bot 2022-04-02 17:30:04 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/966560 15.3 / hylafax+
Comment 146 OBSbugzilla Bot 2022-04-20 10:40:10 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/971049 15.3 / xfs
Comment 148 Swamp Workflow Management 2022-04-25 13:18:40 UTC
openSUSE-RU-2022:0118-1: An update that has 5 recommended fixes can now be installed.

Category: recommended (low)
Bug References: 1116053,1159121,1173050,1181400,1198532
CVE References: 
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    xfs-1.2.0-lp153.2.3.1
Comment 149 OBSbugzilla Bot 2022-04-25 14:40:05 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/972616 Backports:SLE-15-SP4 / sshuttle
Comment 150 Swamp Workflow Management 2022-04-25 19:38:45 UTC
SUSE-SU-2022:1396-1: An update that fixes 12 vulnerabilities, contains three features is now available.

Category: security (moderate)
Bug References: 1181400,1194363,1194873,1194909,1195726,1195727,1195728,1197579
CVE References: CVE-2021-36222,CVE-2021-3711,CVE-2021-39226,CVE-2021-41174,CVE-2021-41244,CVE-2021-43798,CVE-2021-43813,CVE-2021-43815,CVE-2022-21673,CVE-2022-21702,CVE-2022-21703,CVE-2022-21713
JIRA References: SLE-23051,SLE-23422,SLE-23439
Sources used:
openSUSE Leap 15.4 (src):    prometheus-postgres_exporter-0.10.0-150000.1.3.1, spacecmd-4.2.16-150000.3.77.1
openSUSE Leap 15.3 (src):    prometheus-postgres_exporter-0.10.0-150000.1.3.1, rhnlib-4.2.6-150000.3.34.1, spacecmd-4.2.16-150000.3.77.1
SUSE Manager Tools 15 (src):    grafana-8.3.5-150000.1.30.1, mgr-cfg-4.2.8-150000.1.24.1, mgr-osad-4.2.8-150000.1.36.1, mgr-push-4.2.5-150000.1.18.2, mgr-virtualization-4.2.4-150000.1.26.1, prometheus-postgres_exporter-0.10.0-150000.1.3.1, rhnlib-4.2.6-150000.3.34.1, spacecmd-4.2.16-150000.3.77.1, spacewalk-client-tools-4.2.18-150000.3.59.1, spacewalk-koan-4.2.6-150000.3.27.1, spacewalk-oscap-4.2.4-150000.3.18.1, suseRegisterInfo-4.2.6-150000.3.21.1
SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (src):    prometheus-postgres_exporter-0.10.0-150000.1.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 151 OBSbugzilla Bot 2022-04-26 16:40:04 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/972919 Backports:SLE-15-SP4 / touchegg
Comment 152 Swamp Workflow Management 2022-05-02 19:16:12 UTC
SUSE-SU-2022:1484-1: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 1181400,1198234
CVE References: CVE-2022-24765
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    git-2.35.3-150300.10.12.1
openSUSE Leap 15.3 (src):    git-2.35.3-150300.10.12.1
SUSE Linux Enterprise Module for Development Tools 15-SP4 (src):    git-2.35.3-150300.10.12.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    git-2.35.3-150300.10.12.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    git-2.35.3-150300.10.12.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    git-2.35.3-150300.10.12.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 154 Swamp Workflow Management 2022-05-04 19:19:45 UTC
SUSE-SU-2022:1531-1: An update that solves 5 vulnerabilities, contains 5 features and has three fixes is now available.

Category: security (important)
Bug References: 1181400,1190535,1196338,1196704,1197042,1197417,1197579,1197689
CVE References: CVE-2020-22935,CVE-2022-21698,CVE-2022-22934,CVE-2022-22936,CVE-2022-22941
JIRA References: SLE-24077,SLE-24138,SLE-24139,SLE-24238,SLE-24239
Sources used:
SUSE Manager Tools 12-BETA (src):    golang-github-prometheus-alertmanager-0.23.0-4.9.1, golang-github-prometheus-node_exporter-1.3.0-4.12.1, golang-github-prometheus-prometheus-2.32.1-4.30.1, golang-github-prometheus-promu-0.13.0-4.9.1, mgr-cfg-4.3.6-4.27.1, mgr-osad-4.3.6-4.27.1, mgr-push-4.3.4-4.18.1, mgr-virtualization-4.3.5-4.18.1, rhnlib-4.3.4-24.27.1, salt-3000-53.11.1, spacecmd-4.3.10-41.39.1, spacewalk-client-tools-4.3.9-55.45.1, spacewalk-koan-4.3.5-27.18.1, spacewalk-oscap-4.3.5-22.18.1, suseRegisterInfo-4.3.3-28.21.1, uyuni-common-libs-4.3.4-3.30.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 155 OBSbugzilla Bot 2022-05-04 20:40:04 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/974990 Backports:SLE-15-SP4 / sshuttle
Comment 156 Swamp Workflow Management 2022-05-05 13:23:04 UTC
SUSE-SU-2022:1545-1: An update that solves 5 vulnerabilities, contains two features and has four fixes is now available.

Category: security (important)
Bug References: 1181400,1196338,1196704,1197042,1197417,1197533,1197579,1197637,1197689
CVE References: CVE-2022-21698,CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941
JIRA References: SLE-24077,SLE-24145
Sources used:
SUSE Manager Tools 15-BETA (src):    golang-github-prometheus-alertmanager-0.23.0-159000.6.9.3, golang-github-prometheus-prometheus-2.32.1-159000.6.30.4, mgr-cfg-4.3.6-159000.4.26.1, mgr-osad-4.3.6-159000.4.27.2, mgr-push-4.3.4-159000.4.18.2, mgr-virtualization-4.3.5-159000.4.18.2, rhnlib-4.3.4-159000.6.27.2, salt-3004-159000.8.56.1, spacecmd-4.3.10-159000.6.39.2, spacewalk-client-tools-4.3.9-159000.6.45.2, spacewalk-koan-4.3.5-159000.6.18.1, spacewalk-oscap-4.3.5-159000.6.18.2, suseRegisterInfo-4.3.3-159000.6.21.2, uyuni-common-libs-4.3.4-159000.3.30.2, uyuni-proxy-systemd-services-4.3.2-159000.3.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 157 OBSbugzilla Bot 2022-05-05 16:40:04 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/975223 15.3 / orthanc
Comment 160 OBSbugzilla Bot 2022-05-16 22:40:11 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/977602 Backports:SLE-15-SP3 / varnish
Comment 161 OBSbugzilla Bot 2022-05-17 10:50:04 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/977679 Backports:SLE-15-SP3 / hostapd
Comment 162 Swamp Workflow Management 2022-05-18 13:21:06 UTC
openSUSE-RU-2022:0137-1: An update that has one recommended fix can now be installed.

Category: recommended (low)
Bug References: 1181400
CVE References: 
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    orthanc-1.10.1-lp153.2.3.1
Comment 163 Swamp Workflow Management 2022-05-27 10:22:23 UTC
openSUSE-SU-2022:0148-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1181400,1188470,1195188
CVE References: CVE-2021-36740,CVE-2022-23959
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP3 (src):    varnish-7.1.0-bp153.2.3.1
Comment 164 Swamp Workflow Management 2022-05-27 13:18:59 UTC
openSUSE-RU-2022:0152-1: An update that has two recommended fixes can now be installed.

Category: recommended (moderate)
Bug References: 1181400,1192959
CVE References: 
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP3 (src):    hostapd-2.10-bp153.3.3.1
Comment 166 OBSbugzilla Bot 2022-06-17 16:40:04 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/983452 Backports:SLE-12-SP5 / supervisor
Comment 167 Swamp Workflow Management 2022-06-20 16:24:38 UTC
SUSE-SU-2022:2139-1: An update that solves one vulnerability, contains one feature and has one errata is now available.

Category: security (important)
Bug References: 1181400,1196338
CVE References: CVE-2022-21698
JIRA References: SLE-24077
Sources used:
openSUSE Leap 15.4 (src):    golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1
openSUSE Leap 15.3 (src):    golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1
SUSE Manager Tools 15 (src):    golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (src):    golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (src):    golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (src):    golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1
SUSE Enterprise Storage 6 (src):    golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 168 Swamp Workflow Management 2022-06-20 16:39:43 UTC
SUSE-SU-2022:2134-1: An update that fixes 13 vulnerabilities, contains 5 features is now available.

Category: security (important)
Bug References: 1181223,1181400,1190462,1190535,1193600,1194873,1195726,1195727,1195728,1196338,1196704,1197507,1197689
CVE References: CVE-2021-36222,CVE-2021-3711,CVE-2021-39226,CVE-2021-41174,CVE-2021-41244,CVE-2021-43798,CVE-2021-43813,CVE-2021-43815,CVE-2022-21673,CVE-2022-21698,CVE-2022-21702,CVE-2022-21703,CVE-2022-21713
JIRA References: SLE-23422,SLE-23439,SLE-24077,SLE-24238,SLE-24239
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    golang-github-prometheus-node_exporter-1.3.0-1.15.3
SUSE OpenStack Cloud Crowbar 8 (src):    golang-github-prometheus-node_exporter-1.3.0-1.15.3
SUSE OpenStack Cloud 9 (src):    golang-github-prometheus-node_exporter-1.3.0-1.15.3
SUSE OpenStack Cloud 8 (src):    golang-github-prometheus-node_exporter-1.3.0-1.15.3
SUSE Manager Tools 12 (src):    golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1, golang-github-prometheus-alertmanager-0.23.0-1.12.3, golang-github-prometheus-node_exporter-1.3.0-1.15.3, grafana-8.3.5-1.30.3, mgr-cfg-4.3.6-1.27.4, mgr-custom-info-4.3.3-1.18.1, mgr-daemon-4.3.4-1.32.3, mgr-osad-4.3.6-1.39.4, mgr-push-4.3.4-1.21.4, mgr-virtualization-4.3.5-1.29.3, prometheus-blackbox_exporter-0.19.0-1.8.2, prometheus-postgres_exporter-0.10.0-1.8.2, python-hwdata-2.3.5-12.9.1, rhnlib-4.3.4-21.43.3, spacecmd-4.3.11-38.103.3, spacewalk-client-tools-4.3.9-52.71.3, spacewalk-koan-4.3.5-24.33.3, spacewalk-oscap-4.3.5-19.27.1, spacewalk-remote-utils-4.3.3-24.24.3, supportutils-plugin-salt-1.2.0-6.16.1, supportutils-plugin-susemanager-client-4.3.2-6.24.1, suseRegisterInfo-4.3.3-25.27.3, uyuni-common-libs-4.3.4-1.21.3
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    golang-github-prometheus-node_exporter-1.3.0-1.15.3
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    golang-github-prometheus-node_exporter-1.3.0-1.15.3
SUSE Linux Enterprise Server 12-SP5 (src):    golang-github-prometheus-node_exporter-1.3.0-1.15.3
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    golang-github-prometheus-node_exporter-1.3.0-1.15.3
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    golang-github-prometheus-node_exporter-1.3.0-1.15.3
SUSE Linux Enterprise Server 12-SP3-BCL (src):    golang-github-prometheus-node_exporter-1.3.0-1.15.3
HPE Helion Openstack 8 (src):    golang-github-prometheus-node_exporter-1.3.0-1.15.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 169 OBSbugzilla Bot 2022-06-22 18:40:03 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/984580 Backports:SLE-15-SP3 / systemd-zram-service
Comment 171 OBSbugzilla Bot 2022-08-08 08:40:03 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/993692 Backports:SLE-12-SP4+Backports:SLE-15-SP3+Backports:SLE-15-SP4 / exim
Comment 172 OBSbugzilla Bot 2022-08-10 22:40:03 UTC
This is an autogenerated message for OBS integration:
This bug (1181400) was mentioned in
https://build.opensuse.org/request/show/994400 Backports:SLE-15-SP3+Backports:SLE-15-SP4 / proftpd
Comment 173 Swamp Workflow Management 2022-08-16 13:18:43 UTC
openSUSE-RU-2022:10093-1: An update that has one recommended fix can now be installed.

Category: recommended (moderate)
Bug References: 1181400
CVE References: 
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP4 (src):    proftpd-1.3.7e-bp154.3.3.1
openSUSE Backports SLE-15-SP3 (src):    proftpd-1.3.7e-bp153.2.3.1