SUSE-SU-2020:2832-1: moderate: Security update for SUSE Manager Server 4.1

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Oct 2 07:44:57 MDT 2020


   SUSE Security Update: Security update for SUSE Manager Server 4.1
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:2832-1
Rating:             moderate
References:         #1151557 #1165287 #1165829 #1171836 #1172079 
                    #1172263 #1173073 #1173520 #1173603 #1173621 
                    #1174025 #1174254 #1174357 #1174423 #1174636 
                    #1175103 #1175512 #1175529 #1175545 #1175556 
                    #1175889 #1176500 #1176503 #1176844 #1176862 
                    #1176913 
Cross-References:   CVE-2019-14900
Affected Products:
                    SUSE Linux Enterprise Module for SUSE Manager Server 4.1
______________________________________________________________________________

   An update that solves one vulnerability and has 25 fixes is
   now available.

Description:


   This update fixes the following issues:

   golang-github-QubitProducts-exporter_exporter:

   - Pin Golang version to 1.14

   golang-github-prometheus-node_exporter:

   - Update to 1.0.1
     * Changes to build specification
       + Modify spec: update golang version to 1.14
       + Remove update tarball script
       + Add _service file to allow for updates via `osc service disabledrun`
     * Bug fixes
       + [BUGFIX] filesystem_freebsd: Fix label values #1728
       + [BUGFIX] Update prometheus/procfs to fix log noise #1735
       + [BUGFIX] Fix build tags for collectors #1745
       + [BUGFIX] Handle no data from powersupplyclass #1747, #1749
   - Update to 1.0.0
     * Bug fixes
       + [BUGFIX] Read /proc/net files with a single read syscall #1380
       + [BUGFIX] Renamed label state to name on
         node_systemd_service_restart_total. #1393
       + [BUGFIX] Fix netdev nil reference on Darwin #1414
       + [BUGFIX] Strip path.rootfs from mountpoint labels #1421
       + [BUGFIX] Fix seconds reported by schedstat #1426
       + [BUGFIX] Fix empty string in path.rootfs #1464
       + [BUGFIX] Fix typo in cpufreq metric names #1510
       + [BUGFIX] Read /proc/stat in one syscall #1538
       + [BUGFIX] Fix OpenBSD cache memory information #1542
       + [BUGFIX] Refactor textfile collector to avoid looping defer #1549
       + [BUGFIX] Fix network speed math #1580
       + [BUGFIX] collector/systemd: use regexp to extract systemd version
         #1647
       + [BUGFIX] Fix initialization in perf collector when using multiple
         CPUs #1665
       + [BUGFIX] Fix accidentally empty lines in meminfo_linux #1671
     * Several enhancements
       + See https://github.com/prometheus/node_exporter/releases/tag/v1.0.0
   - Update to 1.0.0-rc.0
     * The netdev collector CLI argument --collector.netdev.ignored-devices
       was renamed to --collector.netdev.device-blacklist in order to conform
       with the systemd collector. #1279
     * The label named state on node_systemd_service_restart_total metrics
       was changed to name to better describe the metric. #1393
     * Refactoring of the mdadm collector changes several metrics
       node_md_disks_active is removed node_md_disks now has a state label
       for "fail", "spare", "active" disks. node_md_is_active is replaced by
       node_md_state with a state set of "active", "inactive", "recovering",
       "resync".
     * Additional label mountaddr added to NFS device metrics to distinguish
       mounts from the same URL, but different IP addresses. #1417
     * Metrics node_cpu_scaling_frequency_min_hrts and
       node_cpu_scaling_frequency_max_hrts of the cpufreq collector were
       renamed to node_cpu_scaling_frequency_min_hertz and
       node_cpu_scaling_frequency_max_hertz. #1510
     * Collectors that are enabled, but are unable to find data to collect,
       now return 0 for node_scrape_collector_success.
   - Add missing sysconfig file in rpm  bsc#1151557

   hibernate5:

   - Address CVE-2019-14900 (bsc#1172079)
   - Add patch:

   hub-xmlrpc-api:

   - One configuration flag was renamed for clarity
   - Added USE_SSL flag to https insted of plain http
   - Updated docs
   - Bugfixes
   - Changed configuration to plain variables
   - Bugfixes

   patterns-suse-manager:

   - Change PostgreSQL requirements to require at least PostgreSQL 12

   prometheus-exporters-formula:

   - Bugfix: More robust handling of NoneType arguments (bsc#1176844)
   - Bugfix: Handle <NoneType> arguments (bsc#1176844)

   salt-netapi-client:

   - Fix text resource usage

   spacecmd:

   - Fix softwarechannel_listlatestpackages throwing error on empty channels
     (bsc#1175889)

   spacewalk-backend:

   - Fix strings (mentions of Satellite, replace SUSE Manager with
     PRODUCT_NAME, etc)
   - Only regenerate bootstrap repositories when linking new packages
     (bsc#1174636)
   - Support installer_updates flag in ISS
   - Remove duplicate languages and update translation strings

   spacewalk-branding:

   - Re-enable language picker for user creation

   spacewalk-certs-tools:

   - Add option --nostricthostkeychecking to spacewalk-ssh-push-init
   - Fix the fallback to RES bootstrap repo for Centos (bsc#1174423)

   spacewalk-client-tools:

   - Remove duplicated languages and update translation strings

   spacewalk-java:

   - Force disable SPA for non-navigation links (bsc#1175512)
   - Fix strings (mentions of Satellite, replace SUSE Manager with
     PRODUCT_NAME, etc)
   - Pass the log level parameter to matcher
   - Add language picker to user preferences and user creation
   - Detect client organization from connected proxy (bsc#1175545)
   - Fix EntityExistsException on migration from traditional to salt minion
     via proxy (bsc#1175556)
   - Fix: use quiet API method when using spacewalk-common-channels
     (bsc#1175529)
   - Add java.allow_adding_patches_via_api to allow adding errata to vendor
     channels
   - Fix alignment on icon on entitlement page
   - Support installer update channels during autoinstallation
   - Filter machines not in maintenance mode for remote commands
   - Reset the server path on minion registration (bsc#1174254)
   - Data null means the sync never ran yet (bsc#1174357)

   spacewalk-utils:

   - Avoid exceptions on the logs when looking for channels that do not exist
     (bsc#1175529)

   spacewalk-web:

   - Fix the jQuery selector in SP Migration page (bsc#1176500)
   - Fix JavaScript error caused by SPA navigation event with empty event
     field (bsc#1176503)
   - Force disable SPA for non-navigation links (bsc#1175512)
   - Add translation support for react t() function
   - Fix striping on react tables
   - Update translation strings

   subscription-matcher:

   - Allow matching any guest products for Unlimited Virtualization
     subscriptions (bsc#1165287)
   - Only report confirmed matches in the output.json
   - Expose the log level setting to the command line
   - In the subscriptions CSV output, print the active subscriptions first

   susemanager:

   - Add missing packages to SLE12 >= SP1 bootstrap data to fix JeOS
     bootstrap problems (bsc#1176913)
   - Fix strings (mentions of Satellite, replace SUSE Manager with
     PRODUCT_NAME, etc)
   - Support installer update channels during autoinstallation

   susemanager-build-keys:

   - Trust PackageHub key (bsc#1175103)

   susemanager-doc-indexes:

   - Fix contrast problem for visited links (bsc#1176862)
   - Remove old certs before renaming in Administration Guide (bsc#1171836)
   - Reference example scripts for SP Mass Migration in Upgrade Guide
   - Move PoS Terminal Requirements to the Requirements sections in the
     Retail Guide
   - Updated SP Mass Migration section in Upgrade Guide for clarity
   - Documented Proxy Y Upgrade (SP Migration) in Upgrade Guide
   - In the Upgrade Guide, use Major, Minor, and Patch Level terminology for
     versioning.
   - Align SUSE Manager and Uyuni Proxy installation in the Installation Guide
   - New section Upgrade Uyuni Proxy in Upgrade Guide
   - New section Upgrade Uyuni Server in Upgrade Guide
   - Add GPG information about Oracle clients to SUMA (bsc#1173520)
   - Add hostname admonition to public cloud sections (bsc#1173621)
   - Add error wording to Taskomatic troubleshooting (bsc#1172263)
   - Add required URLs to Installation Guide
   - Replaces removed instructions for adding channels on older Ubuntu
     clients using the CLI in SUMA (bsc#1174025)
   - Added more concepts to Client Cfg
   - Documented maintenance windows feature in Admin Guide
   - Some reorganization of Client Cfg & Admin Guides
   - Updates storage device requirements in Install Guide
   - Adds new section for SUMA formulas in the Salt Guide
   - Updates storage device requirements in Install Guide
   - Added reverse proxy information to Monitoring in Admin Guide
   - Add note about accessibility to index
   - Add note about CentOS upstream repository (bsc#1173603)
   - Add firewall troubleshooting to Admin Guide
   - Fix Azure command in Install Guide (thanks Rahul-CTS)
   - Fix broken links in Auto-Install Proxy in Client Cfg (thanks shirocco88)
   - Adds Ubuntu 20.04 supported features for Uyuni in Client Cfg
   - Adds Uyuni Config Modules to the Salt Guide as tech preview

   susemanager-docs_en:

   - Fix contrast problem for visited links (bsc#1176862)
   - Remove old certs before renaming in Administration Guide (bsc#1171836)
   - Reference example scripts for SP Mass Migration in Upgrade Guide
   - Move PoS Terminal Requirements to the Requirements sections in the
     Retail Guide
   - Updated SP Mass Migration section in Upgrade Guide for clarity
   - Documented Proxy Y Upgrade (SP Migration) in Upgrade Guide
   - In the Upgrade Guide, use Major, Minor, and Patch Level terminology for
     versioning.
   - Align SUSE Manager and Uyuni Proxy installation in the Installation Guide
   - New section Upgrade Uyuni Proxy in Upgrade Guide
   - New section Upgrade Uyuni Server in Upgrade Guide
   - Add GPG information about Oracle clients to SUMA (bsc#1173520)
   - Add hostname admonition to public cloud sections (bsc#1173621)
   - Add error wording to Taskomatic troubleshooting (bsc#1172263)
   - Add required URLs to Installation Guide
   - Replaces removed instructions for adding channels on older Ubuntu
     clients using the CLI in SUMA (bsc#1174025)
   - Added more concepts to Client Cfg
   - Documented maintenance windows feature in Admin Guide
   - Some reorganization of Client Cfg & Admin Guides
   - Updates storage device requirements in Install Guide
   - Adds new section for SUMA formulas in the Salt Guide
   - Updates storage device requirements in Install Guide
   - Added reverse proxy information to Monitoring in Admin Guide
   - Add note about accessibility to index
   - Add note about CentOS upstream repository (bsc#1173603)
   - Add firewall troubleshooting to Admin Guide
   - Fix Azure command in Install Guide (thanks Rahul-CTS)
   - Fix broken links in Auto-Install Proxy in Client Cfg (thanks shirocco88)
   - Adds Ubuntu 20.04 supported features for Uyuni in Client Cfg
   - Adds Uyuni Config Modules to the Salt Guide as tech preview

   susemanager-schema:

   - Support installer update channels during autoinstallation
   - Prevent a deadlock error involving delete_server and update_needed_cache
     (bsc#1173073)

   susemanager-sls:

   - Add uyuni-config-modules subpackage with Salt modules to configure
     Servers
   - Fix reporting of missing products in product.all_installed (bsc#1165829)

   How to apply this update: 1. Log in as root user to the SUSE Manager
   server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the
   patch using either zypper patch or YaST Online Update. 4. Upgrade the
   database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service:
   spacewalk-service start


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.1:

      zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2020-2832=1



Package List:

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (ppc64le s390x x86_64):

      golang-github-QubitProducts-exporter_exporter-0.4.0-6.9.4
      golang-github-prometheus-node_exporter-1.0.1-3.3.4
      hub-xmlrpc-api-0.7-3.3.3
      hub-xmlrpc-api-debuginfo-0.7-3.3.3
      patterns-suma_retail-4.1-6.6.3
      patterns-suma_server-4.1-6.6.3
      spacewalk-branding-4.1.10-3.6.3
      susemanager-4.1.20-3.8.3
      susemanager-tools-4.1.20-3.8.3

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch):

      hibernate5-5.3.7-3.3.4
      prometheus-exporters-formula-0.7.3-3.10.1
      python3-spacewalk-certs-tools-4.1.13-3.6.3
      python3-spacewalk-client-tools-4.1.6-4.3.3
      salt-netapi-client-0.17.0-15.4.3
      spacecmd-4.1.7-4.6.3
      spacewalk-backend-4.1.15-4.8.4
      spacewalk-backend-app-4.1.15-4.8.4
      spacewalk-backend-applet-4.1.15-4.8.4
      spacewalk-backend-config-files-4.1.15-4.8.4
      spacewalk-backend-config-files-common-4.1.15-4.8.4
      spacewalk-backend-config-files-tool-4.1.15-4.8.4
      spacewalk-backend-iss-4.1.15-4.8.4
      spacewalk-backend-iss-export-4.1.15-4.8.4
      spacewalk-backend-package-push-server-4.1.15-4.8.4
      spacewalk-backend-server-4.1.15-4.8.4
      spacewalk-backend-sql-4.1.15-4.8.4
      spacewalk-backend-sql-postgresql-4.1.15-4.8.4
      spacewalk-backend-tools-4.1.15-4.8.4
      spacewalk-backend-xml-export-libs-4.1.15-4.8.4
      spacewalk-backend-xmlrpc-4.1.15-4.8.4
      spacewalk-base-4.1.18-3.6.3
      spacewalk-base-minimal-4.1.18-3.6.3
      spacewalk-base-minimal-config-4.1.18-3.6.3
      spacewalk-certs-tools-4.1.13-3.6.3
      spacewalk-client-tools-4.1.6-4.3.3
      spacewalk-html-4.1.18-3.6.3
      spacewalk-java-4.1.20-3.11.8
      spacewalk-java-config-4.1.20-3.11.8
      spacewalk-java-lib-4.1.20-3.11.8
      spacewalk-java-postgresql-4.1.20-3.11.8
      spacewalk-taskomatic-4.1.20-3.11.8
      spacewalk-utils-4.1.12-3.6.3
      spacewalk-utils-extras-4.1.12-3.6.3
      subscription-matcher-0.26-3.3.3
      susemanager-build-keys-15.2.1-3.3.2
      susemanager-build-keys-web-15.2.1-3.3.2
      susemanager-doc-indexes-4.1-11.12.2
      susemanager-docs_en-4.1-11.12.2
      susemanager-docs_en-pdf-4.1-11.12.2
      susemanager-schema-4.1.13-3.6.3
      susemanager-sls-4.1.15-3.8.4
      susemanager-web-libs-4.1.18-3.6.3
      uyuni-config-formula-0.1-6.3.3
      uyuni-config-modules-4.1.15-3.8.4


References:

   https://www.suse.com/security/cve/CVE-2019-14900.html
   https://bugzilla.suse.com/1151557
   https://bugzilla.suse.com/1165287
   https://bugzilla.suse.com/1165829
   https://bugzilla.suse.com/1171836
   https://bugzilla.suse.com/1172079
   https://bugzilla.suse.com/1172263
   https://bugzilla.suse.com/1173073
   https://bugzilla.suse.com/1173520
   https://bugzilla.suse.com/1173603
   https://bugzilla.suse.com/1173621
   https://bugzilla.suse.com/1174025
   https://bugzilla.suse.com/1174254
   https://bugzilla.suse.com/1174357
   https://bugzilla.suse.com/1174423
   https://bugzilla.suse.com/1174636
   https://bugzilla.suse.com/1175103
   https://bugzilla.suse.com/1175512
   https://bugzilla.suse.com/1175529
   https://bugzilla.suse.com/1175545
   https://bugzilla.suse.com/1175556
   https://bugzilla.suse.com/1175889
   https://bugzilla.suse.com/1176500
   https://bugzilla.suse.com/1176503
   https://bugzilla.suse.com/1176844
   https://bugzilla.suse.com/1176862
   https://bugzilla.suse.com/1176913



More information about the sle-security-updates mailing list