Security update for supportutils SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:3803-1 Final 1 1 2023-09-27T12:35:44Z current 2023-09-27T12:35:44Z 2023-09-27T12:35:44Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for supportutils This update for supportutils fixes the following issues: Security Fixes: - CVE-2022-45154: Removed iSCSI passwords (bsc#1207598). Other fixes: - Changes in version 3.1.26 + powerpc plugin to collect the slots and active memory (bsc#1210950) + A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154 + supportconfig: collect BPF information (pr#154) + Added additional iscsi information (pr#155) - Added run time detection (bsc#1213127) - Changes for supportutils version 3.1.25 + Removed iSCSI passwords CVE-2022-45154 (bsc#1207598) + powerpc: Collect lsslot,amsstat, and opal elogs (pr#149) + powerpc: collect invscout logs (pr#150) + powerpc: collect RMC status logs (pr#151) + Added missing nvme nbft commands (bsc#1211599) + Fixed invalid nvme commands (bsc#1211598) + Added missing podman information (PED-1703, bsc#1181477) + Removed dependency on sysfstools + Check for systool use (bsc#1210015) + Added selinux checking (bsc#1209979) + Updated SLES_VER matrix - Fixed missing status detail for apparmor (bsc#1196933) - Corrected invalid argument list in docker.txt (bsc#1206608) - Applies limit equally to sar data and text files (bsc#1207543) - Collects hwinfo hardware logs (bsc#1208928) - Collects lparnumascore logs (issue#148) - Add dependency to `numactl` on ppc64le and `s390x`, this enforces that `numactl --hardware` data is provided in supportconfigs - Changes to supportconfig.rc version 3.1.11-35 + Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402) - Changes to supportconfig version 3.1.11-46.4 + Added plymouth_info - Changes to getappcore version 1.53.02 + The location of chkbin was updated earlier. This documents that change (bsc#1205533, bsc#1204942) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES15-SP1-SAP-Azure-LI-BYOS-Production-2023-3803,Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production-2023-3803,Image SLES15-SP2-BYOS-Azure-2023-3803,Image SLES15-SP2-HPC-BYOS-Azure-2023-3803,Image SLES15-SP2-SAP-Azure-2023-3803,Image SLES15-SP2-SAP-Azure-LI-BYOS-Production-2023-3803,Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production-2023-3803,Image SLES15-SP2-SAP-BYOS-Azure-2023-3803,Image SLES15-SP2-SAP-BYOS-EC2-HVM-2023-3803,Image SLES15-SP2-SAP-BYOS-GCE-2023-3803,Image SLES15-SP2-SAP-EC2-HVM-2023-3803,Image SLES15-SP2-SAP-GCE-2023-3803,SUSE-2023-3803,SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3803,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3803,SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3803,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3803,SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3803,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3803,SUSE-Storage-7-2023-3803 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20233803-1/ Link for SUSE-SU-2023:3803-1 https://lists.suse.com/pipermail/sle-updates/2023-September/031719.html E-Mail link for SUSE-SU-2023:3803-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1181477 SUSE Bug 1181477 https://bugzilla.suse.com/1196933 SUSE Bug 1196933 https://bugzilla.suse.com/1204942 SUSE Bug 1204942 https://bugzilla.suse.com/1205533 SUSE Bug 1205533 https://bugzilla.suse.com/1206402 SUSE Bug 1206402 https://bugzilla.suse.com/1206608 SUSE Bug 1206608 https://bugzilla.suse.com/1207543 SUSE Bug 1207543 https://bugzilla.suse.com/1207598 SUSE Bug 1207598 https://bugzilla.suse.com/1208928 SUSE Bug 1208928 https://bugzilla.suse.com/1209979 SUSE Bug 1209979 https://bugzilla.suse.com/1210015 SUSE Bug 1210015 https://bugzilla.suse.com/1210950 SUSE Bug 1210950 https://bugzilla.suse.com/1211598 SUSE Bug 1211598 https://bugzilla.suse.com/1211599 SUSE Bug 1211599 https://bugzilla.suse.com/1213127 SUSE Bug 1213127 https://www.suse.com/security/cve/CVE-2022-45154/ SUSE CVE CVE-2022-45154 page Image SLES15-SP1-SAP-Azure-LI-BYOS-Production Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production Image SLES15-SP2-BYOS-Azure Image SLES15-SP2-HPC-BYOS-Azure Image SLES15-SP2-SAP-Azure Image SLES15-SP2-SAP-Azure-LI-BYOS-Production Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production Image SLES15-SP2-SAP-BYOS-Azure Image SLES15-SP2-SAP-BYOS-EC2-HVM Image SLES15-SP2-SAP-BYOS-GCE Image SLES15-SP2-SAP-EC2-HVM Image SLES15-SP2-SAP-GCE SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise Server 15 SP1-LTSS SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 supportutils-3.1.26-150000.5.50.1 supportutils-3.1.26-150000.5.50.1 as a component of Image SLES15-SP1-SAP-Azure-LI-BYOS-Production supportutils-3.1.26-150000.5.50.1 as a component of Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production supportutils-3.1.26-150000.5.50.1 as a component of Image SLES15-SP2-BYOS-Azure supportutils-3.1.26-150000.5.50.1 as a component of Image SLES15-SP2-HPC-BYOS-Azure supportutils-3.1.26-150000.5.50.1 as a component of Image SLES15-SP2-SAP-Azure supportutils-3.1.26-150000.5.50.1 as a component of Image SLES15-SP2-SAP-Azure-LI-BYOS-Production supportutils-3.1.26-150000.5.50.1 as a component of Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production supportutils-3.1.26-150000.5.50.1 as a component of Image SLES15-SP2-SAP-BYOS-Azure supportutils-3.1.26-150000.5.50.1 as a component of Image SLES15-SP2-SAP-BYOS-EC2-HVM supportutils-3.1.26-150000.5.50.1 as a component of Image SLES15-SP2-SAP-BYOS-GCE supportutils-3.1.26-150000.5.50.1 as a component of Image SLES15-SP2-SAP-EC2-HVM supportutils-3.1.26-150000.5.50.1 as a component of Image SLES15-SP2-SAP-GCE supportutils-3.1.26-150000.5.50.1 as a component of SUSE Enterprise Storage 7 supportutils-3.1.26-150000.5.50.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS supportutils-3.1.26-150000.5.50.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS supportutils-3.1.26-150000.5.50.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS supportutils-3.1.26-150000.5.50.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS supportutils-3.1.26-150000.5.50.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 supportutils-3.1.26-150000.5.50.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions. CVE-2022-45154 Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:supportutils-3.1.26-150000.5.50.1 Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:supportutils-3.1.26-150000.5.50.1 Image SLES15-SP2-BYOS-Azure:supportutils-3.1.26-150000.5.50.1 Image SLES15-SP2-HPC-BYOS-Azure:supportutils-3.1.26-150000.5.50.1 Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:supportutils-3.1.26-150000.5.50.1 Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:supportutils-3.1.26-150000.5.50.1 Image SLES15-SP2-SAP-Azure:supportutils-3.1.26-150000.5.50.1 Image SLES15-SP2-SAP-BYOS-Azure:supportutils-3.1.26-150000.5.50.1 Image SLES15-SP2-SAP-BYOS-EC2-HVM:supportutils-3.1.26-150000.5.50.1 Image SLES15-SP2-SAP-BYOS-GCE:supportutils-3.1.26-150000.5.50.1 Image SLES15-SP2-SAP-EC2-HVM:supportutils-3.1.26-150000.5.50.1 Image SLES15-SP2-SAP-GCE:supportutils-3.1.26-150000.5.50.1 SUSE Enterprise Storage 7:supportutils-3.1.26-150000.5.50.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:supportutils-3.1.26-150000.5.50.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:supportutils-3.1.26-150000.5.50.1 SUSE Linux Enterprise Server 15 SP1-LTSS:supportutils-3.1.26-150000.5.50.1 SUSE Linux Enterprise Server 15 SP2-LTSS:supportutils-3.1.26-150000.5.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:supportutils-3.1.26-150000.5.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:supportutils-3.1.26-150000.5.50.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233803-1/ https://www.suse.com/security/cve/CVE-2022-45154.html CVE-2022-45154 https://bugzilla.suse.com/1207598 SUSE Bug 1207598