SUSE-SU-2012:0509-1: moderate: Security update for SUSE Manager Server

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Mon Apr 16 09:08:14 MDT 2012


   SUSE Security Update: Security update for SUSE Manager Server
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:0509-1
Rating:             moderate
References:         #681980 #681984 #732538 #751837 #752459 #752467 
                    
Cross-References:   CVE-2011-1550 CVE-2012-1145
Affected Products:
                    SUSE Manager 1.2 for SLE 11 SP1
______________________________________________________________________________

   An update that solves two vulnerabilities and has four
   fixes is now available. It includes one version update.

Description:


   This update implement the following new feature:

   * Deployment of SUSE Studio images

   This update fixes the following issues:

   * Rotate logfiles as user nocpulse/wwwrun
   (CVE-2011-1550)
   * Fix arbitrary package upload (CVE-2012-1145)
   * Replace passwords in debug files
   * Reword All Patches to All Types
   * Remove the page errata/Overview.do as it is a
   duplicate of errata/RelevantErrata.do
   * Add indexes on some database tables
   * Fix rhnServerNeededView to reflect all errata
   * Update bootstrap repositories to latest version

   How to apply this update: 1. Log in as root user to the
   SUSE Manager  server. 2. Stop the Spacewalk service:
   spacewalk-service stop If the SUSE  Manager database is
   running on the same machine as the SUSE Manager server,
   this command also stops the SUSE Manager database instance.
   3. Apply the  patch using either zypper patch or YaST
   Online Update. 4. If the SUSE  Manager database is running
   on the same machine as your SUSE Manager  server, start the
   database instance with /etc/init.d/oracle-xe start 5.
   Upgrade the database schema with spacewalk-schema-upgrade
   6. Start the  Spacewalk service: spacewalk-service start

   Security Issues:

   * CVE-2012-1145
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1145
   >
   * CVE-2011-1550
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1550
   >

Indications:

   Every SUSE Manager user should update

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Manager 1.2 for SLE 11 SP1:

      zypper in -t patch sleman12sp1-suse-manager-201204-6141

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Manager 1.2 for SLE 11 SP1 (x86_64) [New Version: 1.2.74]:

      spacewalk-backend-1.2.74-0.52.1
      spacewalk-backend-app-1.2.74-0.52.1
      spacewalk-backend-applet-1.2.74-0.52.1
      spacewalk-backend-config-files-1.2.74-0.52.1
      spacewalk-backend-config-files-common-1.2.74-0.52.1
      spacewalk-backend-config-files-tool-1.2.74-0.52.1
      spacewalk-backend-iss-1.2.74-0.52.1
      spacewalk-backend-iss-export-1.2.74-0.52.1
      spacewalk-backend-libs-1.2.74-0.52.1
      spacewalk-backend-package-push-server-1.2.74-0.52.1
      spacewalk-backend-server-1.2.74-0.52.1
      spacewalk-backend-sql-1.2.74-0.52.1
      spacewalk-backend-sql-oracle-1.2.74-0.52.1
      spacewalk-backend-tools-1.2.74-0.52.1
      spacewalk-backend-xml-export-libs-1.2.74-0.52.1
      spacewalk-backend-xmlrpc-1.2.74-0.52.1
      spacewalk-backend-xp-1.2.74-0.52.1
      spacewalk-branding-1.2.2-0.22.4
      spacewalk-client-repository-0.1-0.5.209
      spacewalk-client-repository-sle-10-3-0.1-0.7.2
      spacewalk-client-repository-sle-10-4-0.1-0.7.2
      spacewalk-client-repository-sle-11-1-0.1-0.5.209

   - SUSE Manager 1.2 for SLE 11 SP1 (noarch) [New Version: 1.2.74]:

      nocpulse-common-2.1.19-0.12.3
      osa-dispatcher-5.9.44-0.16.3
      simple-xml-2.6.2-0.5.4
      spacewalk-base-1.2.31-0.37.3
      spacewalk-base-minimal-1.2.31-0.37.3
      spacewalk-dobby-1.2.31-0.37.3
      spacewalk-grail-1.2.31-0.37.3
      spacewalk-html-1.2.31-0.37.3
      spacewalk-java-1.2.115-0.56.5
      spacewalk-java-config-1.2.115-0.56.5
      spacewalk-java-lib-1.2.115-0.56.5
      spacewalk-java-oracle-1.2.115-0.56.5
      spacewalk-pxt-1.2.31-0.37.3
      spacewalk-sniglets-1.2.31-0.37.3
      spacewalk-taskomatic-1.2.115-0.56.5
      susemanager-schema-1.2.74-0.3.3
      susestudio-java-client-0.1.2-0.3.4


References:

   http://support.novell.com/security/cve/CVE-2011-1550.html
   http://support.novell.com/security/cve/CVE-2012-1145.html
   https://bugzilla.novell.com/681980
   https://bugzilla.novell.com/681984
   https://bugzilla.novell.com/732538
   https://bugzilla.novell.com/751837
   https://bugzilla.novell.com/752459
   https://bugzilla.novell.com/752467
   http://download.novell.com/patch/finder/?keywords=2693bf7056da7107635b17b003d6f4fb



More information about the sle-security-updates mailing list