SUSE-SU-2019:2521-1: moderate: Security update for SUSE Manager Server 3.2

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Oct 2 10:19:38 MDT 2019


   SUSE Security Update: Security update for SUSE Manager Server 3.2
______________________________________________________________________________

Announcement ID:    SUSE-SU-2019:2521-1
Rating:             moderate
References:         #1093381 #1096426 #1135957 #1137229 #1138454 
                    #1140644 #1141661 #1142309 #1142764 #1142774 
                    #1143016 #1143562 #1144500 #1144510 #1144515 
                    #1144889 #1145086 #1145119 #1146416 #1146419 
                    #1146869 #1146895 #1147126 #1149409 
Cross-References:   CVE-2019-10088 CVE-2019-10093 CVE-2019-10094
                   
Affected Products:
                    SUSE Manager Server 3.2
______________________________________________________________________________

   An update that solves three vulnerabilities and has 21
   fixes is now available.

Description:


   This update fixes the following issues:

   cobbler:

   - Jinja2 template library fix (bsc#1141661)

   pgjdbc-ng:

   - Allow dots in database name (bsc#1146416)

   py26-compat-salt:

   - Get tornado dependency from the system on SLE12 (bsc#1149409)
   - Catch SSLError for TLS 1.2 bootstraps with RES/RHEL6 and SLE11
     (bsc#1147126)

   spacecmd:

   - Check that a channel doesn't have clones before deleting it (bsc#1138454)

   spacewalk-backend:

   - Remove credentials also from potential rhn.conf backup files in
     spacewalk-debug (bsc#1146419)
   - Do not make 'rhn-satellite-exporter' to crash with "AttributeError"
     (bsc#1146869)
   - Spacewalk-remove-channel check that channel doesn't have cloned channels
     before deleting it (bsc#1138454)
   - Prevent duplicate changelog entries due VARCHAR(3000) db text column
     (bsc#1144889)
   - Avoid traceback on mgr-inter-sync when exception message contains UTF8
     characters or there are problems with the package cache (bsc#1143016)
     registered guest (bsc#1093381)

   spacewalk-branding:

   - Add missing strings for task status page

   spacewalk-client-tools:

   - Invalidate cache 5 minutes before actual expiration(bsc#1143562)

   spacewalk-java:

   - Add UI message when salt-formulas system folders are unreachable
     (bsc#1142309)
   - Don't convert localhost repositories URL in mirror case (bsc#1135957)
   - Check that a channel doesn't have clones before deleting it (bsc#1138454)
   - Improve websocket authentication to prevent errors in logs (bsc#1138454)
   - Normalize date formats for actions, notifications and clm (bsc#1142774)
   - Cloning Errata from a specific channel should not take packages from
     other channels (bsc#1142764)
   - Add susemanager as prerequired for spacewalk-java
   - Improve performance for retrieving the user permissions on channels
     (bsc#1140644)
   - Prerequire salt package to avoid not existing user issues
   - Support partly patched CVEs in CVE audit (bsc#1137229)

   spacewalk-setup:

   - Configure 150 Tomcat workers by default, matching httpds MaxClients

   spacewalk-utils:

   - Common-channels: Fix repo type assignment for type YUM
   - Adds support for Ubuntu and Debian channels to spacewalk-common-channels.

   spacewalk-web:

   - Fix the 'include recommended' button on channels selection in SSM
     (bsc#1145086)
   - Normalize date formats for actions, notifications and clm (bsc#1142774)
   - Add unsupported browser warning when using Internet Explorer

   susemanager:

   - Dmidecode does not exist on s390x (bsc#1145119)

   susemanager-docs_en:

   - Add link to the creation of the bootstrap script (bsc#1146895).
   - Improve adoc tagging.
   - LimitNOFILE back-port.
   - Fix command-line error (bsc#1096426).

   susemanager-schema:

   - Improve performance for retrieving the user permissions on channels
     (bsc#1140644)

   susemanager-sls:

   - Bootstrapping RES6/RHEL6/SLE11 with TLS1.2 now shows error message.
     (bsc#1147126)
   - Dmidecode does not exist on ppc64le and s390x (bsc#1145119)
   - Update susemanager.conf to use adler32 for computing the server_id for
     new minions

   tika-core:

   New upstream version 1.2.2. Fixes security issues:

   - CVE-2019-10088: Fixed an OOM from a crafted Zip File in Apache Tika's
     RecursiveParserWrapper (bsc#1144500).
   - CVE-2019-10093: Fixed a Denial of Service in Apache Tika's 2003ml and
     2006ml Parsers (bsc#1144510).
   - CVE-2019-10094: Fixed a stack overflow from crafted compressed files in
     Apache Tika's RecursiveParserWrapper (bsc#1144515).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Manager Server 3.2:

      zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-2521=1



Package List:

   - SUSE Manager Server 3.2 (ppc64le s390x x86_64):

      spacewalk-branding-2.8.5.16-3.22.1
      susemanager-3.2.20-3.31.2
      susemanager-tools-3.2.20-3.31.2

   - SUSE Manager Server 3.2 (noarch):

      cobbler-2.6.6-6.22.1
      pgjdbc-ng-0.7.1-2.6.1
      py26-compat-salt-2016.11.10-6.32.1
      python2-spacewalk-client-tools-2.8.22.5-3.6.1
      spacecmd-2.8.25.11-3.23.1
      spacewalk-backend-2.8.57.19-3.39.2
      spacewalk-backend-app-2.8.57.19-3.39.2
      spacewalk-backend-applet-2.8.57.19-3.39.2
      spacewalk-backend-config-files-2.8.57.19-3.39.2
      spacewalk-backend-config-files-common-2.8.57.19-3.39.2
      spacewalk-backend-config-files-tool-2.8.57.19-3.39.2
      spacewalk-backend-iss-2.8.57.19-3.39.2
      spacewalk-backend-iss-export-2.8.57.19-3.39.2
      spacewalk-backend-libs-2.8.57.19-3.39.2
      spacewalk-backend-package-push-server-2.8.57.19-3.39.2
      spacewalk-backend-server-2.8.57.19-3.39.2
      spacewalk-backend-sql-2.8.57.19-3.39.2
      spacewalk-backend-sql-oracle-2.8.57.19-3.39.2
      spacewalk-backend-sql-postgresql-2.8.57.19-3.39.2
      spacewalk-backend-tools-2.8.57.19-3.39.2
      spacewalk-backend-xml-export-libs-2.8.57.19-3.39.2
      spacewalk-backend-xmlrpc-2.8.57.19-3.39.2
      spacewalk-base-2.8.7.19-3.36.1
      spacewalk-base-minimal-2.8.7.19-3.36.1
      spacewalk-base-minimal-config-2.8.7.19-3.36.1
      spacewalk-client-tools-2.8.22.5-3.6.1
      spacewalk-html-2.8.7.19-3.36.1
      spacewalk-java-2.8.78.24-3.38.1
      spacewalk-java-config-2.8.78.24-3.38.1
      spacewalk-java-lib-2.8.78.24-3.38.1
      spacewalk-java-oracle-2.8.78.24-3.38.1
      spacewalk-java-postgresql-2.8.78.24-3.38.1
      spacewalk-setup-2.8.7.8-3.19.1
      spacewalk-taskomatic-2.8.78.24-3.38.1
      spacewalk-utils-2.8.18.5-3.9.1
      susemanager-advanced-topics_en-pdf-3.2-11.32.1
      susemanager-best-practices_en-pdf-3.2-11.32.1
      susemanager-docs_en-3.2-11.32.1
      susemanager-getting-started_en-pdf-3.2-11.32.1
      susemanager-jsp_en-3.2-11.32.1
      susemanager-reference_en-pdf-3.2-11.32.1
      susemanager-schema-3.2.21-3.31.1
      susemanager-sls-3.2.27-3.35.1
      susemanager-web-libs-2.8.7.19-3.36.1
      tika-core-1.22-3.9.1


References:

   https://www.suse.com/security/cve/CVE-2019-10088.html
   https://www.suse.com/security/cve/CVE-2019-10093.html
   https://www.suse.com/security/cve/CVE-2019-10094.html
   https://bugzilla.suse.com/1093381
   https://bugzilla.suse.com/1096426
   https://bugzilla.suse.com/1135957
   https://bugzilla.suse.com/1137229
   https://bugzilla.suse.com/1138454
   https://bugzilla.suse.com/1140644
   https://bugzilla.suse.com/1141661
   https://bugzilla.suse.com/1142309
   https://bugzilla.suse.com/1142764
   https://bugzilla.suse.com/1142774
   https://bugzilla.suse.com/1143016
   https://bugzilla.suse.com/1143562
   https://bugzilla.suse.com/1144500
   https://bugzilla.suse.com/1144510
   https://bugzilla.suse.com/1144515
   https://bugzilla.suse.com/1144889
   https://bugzilla.suse.com/1145086
   https://bugzilla.suse.com/1145119
   https://bugzilla.suse.com/1146416
   https://bugzilla.suse.com/1146419
   https://bugzilla.suse.com/1146869
   https://bugzilla.suse.com/1146895
   https://bugzilla.suse.com/1147126
   https://bugzilla.suse.com/1149409



More information about the sle-security-updates mailing list