SUSE-SU-2016:1367-1: moderate: Security update for SUSE Manager Server 2.1
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Thu May 19 18:11:40 MDT 2016
SUSE Security Update: Security update for SUSE Manager Server 2.1
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:1367-1
Rating: moderate
References: #922740 #924298 #958923 #961002 #961565 #962253
#966622 #966737 #966890 #968257 #968406 #968851
#970223 #970425 #970550 #970672 #970901 #970989
#971237 #972341 #973162 #973432 #973550 #974010
#974011 #974315 #976194 #976826 #978166
Cross-References: CVE-2015-0284 CVE-2016-2103 CVE-2016-2104
CVE-2016-3079 CVE-2016-3097
Affected Products:
SUSE Manager 2.1
______________________________________________________________________________
An update that solves 5 vulnerabilities and has 24 fixes is
now available.
Description:
This update for SUSE Manager Server 2.1 fixes the following issues:
cobbler:
- Add logrotate file for cobbler (bsc#976826)
- Fix cobbler yaboot handling (bsc#968406, bsc#966622)
osad:
- Fix file permissions (bsc#970550)
rhnlib:
- Use TLSv1_METHOD in SSL Context (bsc#970989)
spacewalk-backend:
- Mgr_ncc_sync: Adapt to bulk scheduling introduced in
scheduleSingleSatRepoSync
spacewalk-branding:
- Fix link to "Schedule patch updates" (bsc#973432)
- Fix link to scheduled action for SP migration (bsc#968257, bsc#974315)
- Fix: 'Advanced Search' title consistency
spacewalk-certs-tools:
- Fix file permissions (bsc#970550)
spacewalk-java:
- Recreate upgrade paths on every refresh (bsc#978166)
- Call cobbler sync after cobbler command is finished (bsc#966890)
- Under high load, the service wrapper may incorrectly interpret the
inability to get a response in time from taskomatic and kill it
(bsc#962253)
- Log permissions problems on channel access while SP migration
(bsc#970223)
- Unittests: support SLE-POS 11 SP3 as addon for SLES 11 SP4 (bsc#976194)
- Mgr-sync: use bulk channel reposync (bsc#961002)
- Double the backslashes when reading the config files from java
(bsc#958923)
- When generating repo metadata for a cloned channel, recursively fetch
keywords from the original channel (bsc#970901)
- Better logging for SP Migration feature (bsc#970223)
- Fix: 'Advanced Search' title consistency
- CVE-2015-0284: XSS when altering user details and going somewhere where
you are choosing user (bsc#922740)
- CVE-2016-3079, CVE-2016-2103, CVE-2016-2104, CVE-2016-3097: Fix multiple
XSS vulnerabilities (bsc#973162, bsc#974011, bsc#974010, bsc#973550)
- BugFix: 'Systems > Advanced Search' title and description consistency
(bsc#966737)
- Fix: correct behavior with visibility conditions of sub-tabs in
Systems/Misc page
- BugFix: add missing url mapping (bsc#961565)
- Fix kernel and initrd pathes for creating autoinstallation tries
(bsc#966622)
- Fix tests for HAE-GEO on SLES 4 SAP (bsc#970425)
- Add unit tests for SLE-Live-Patching12 (bsc#924298)
spacewalk-utils:
- Bugfix: don't repeat channel labels
- Taskotop: a utility to monitor what Taskomatic is doing
- Fix file permissions (bsc#970550)
suseRegisterInfo:
- Fix file permissions (bsc#970550)
susemanager:
- Add packages to bootstrap repo (bsc#971237)
- Mgr-sync: use bulk channel reposync (bsc#961002)
- Mgr_ncc_sync: adapt to bulk scheduling introduced in
scheduleSingleSatRepoSync
- Add SLES 4 SAP to mgr-create-bootstap-repo as an option (bsc#972341)
- Put packages only available in SLE12 SP1 in a seperate list (bsc#970672)
- Fix file permissions (bsc#970550)
susemanager-sync-data:
- Support SLE-POS 11 SP3 as addon for SLES 11 SP4 (bsc#976194)
- HAE-GEO is an addon product for SLES 4 SAP (bsc#970425)
- Add support for SLE-Live-Patching12 (bsc#924298, bsc#968851)
susemanager-tftpsync:
- Rename change_tftpd_proxies.py to sync_post_tftpd_proxies.py and change
trigger type (bsc#966890)
How to apply this update: 1. Log in as root user to the SUSE Manager
server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the
patch using either zypper patch or YaST Online Update. 4. Start the
Spacewalk service: spacewalk-service start
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Manager 2.1:
zypper in -t patch sleman21-suse-manager-21-201605-12567=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Manager 2.1 (s390x x86_64):
cobbler-2.2.2-0.61.2
rhnlib-2.5.69.8-11.2
spacewalk-backend-2.1.55.25-24.5
spacewalk-backend-app-2.1.55.25-24.5
spacewalk-backend-applet-2.1.55.25-24.5
spacewalk-backend-config-files-2.1.55.25-24.5
spacewalk-backend-config-files-common-2.1.55.25-24.5
spacewalk-backend-config-files-tool-2.1.55.25-24.5
spacewalk-backend-iss-2.1.55.25-24.5
spacewalk-backend-iss-export-2.1.55.25-24.5
spacewalk-backend-libs-2.1.55.25-24.5
spacewalk-backend-package-push-server-2.1.55.25-24.5
spacewalk-backend-server-2.1.55.25-24.5
spacewalk-backend-sql-2.1.55.25-24.5
spacewalk-backend-sql-oracle-2.1.55.25-24.5
spacewalk-backend-sql-postgresql-2.1.55.25-24.5
spacewalk-backend-tools-2.1.55.25-24.5
spacewalk-backend-xml-export-libs-2.1.55.25-24.5
spacewalk-backend-xmlrpc-2.1.55.25-24.5
spacewalk-branding-2.1.33.16-18.2
suseRegisterInfo-2.1.12-14.2
susemanager-2.1.24-23.1
susemanager-tftpsync-2.1.2-11.2
susemanager-tools-2.1.24-23.1
- SUSE Manager 2.1 (noarch):
osa-dispatcher-5.11.33.11-15.2
spacewalk-certs-tools-2.1.6.10-18.3
spacewalk-java-2.1.165.23-20.1
spacewalk-java-config-2.1.165.23-20.1
spacewalk-java-lib-2.1.165.23-20.1
spacewalk-java-oracle-2.1.165.23-20.1
spacewalk-java-postgresql-2.1.165.23-20.1
spacewalk-taskomatic-2.1.165.23-20.1
spacewalk-utils-2.1.27.15-12.7
susemanager-sync-data-2.1.15-30.2
References:
https://www.suse.com/security/cve/CVE-2015-0284.html
https://www.suse.com/security/cve/CVE-2016-2103.html
https://www.suse.com/security/cve/CVE-2016-2104.html
https://www.suse.com/security/cve/CVE-2016-3079.html
https://www.suse.com/security/cve/CVE-2016-3097.html
https://bugzilla.suse.com/922740
https://bugzilla.suse.com/924298
https://bugzilla.suse.com/958923
https://bugzilla.suse.com/961002
https://bugzilla.suse.com/961565
https://bugzilla.suse.com/962253
https://bugzilla.suse.com/966622
https://bugzilla.suse.com/966737
https://bugzilla.suse.com/966890
https://bugzilla.suse.com/968257
https://bugzilla.suse.com/968406
https://bugzilla.suse.com/968851
https://bugzilla.suse.com/970223
https://bugzilla.suse.com/970425
https://bugzilla.suse.com/970550
https://bugzilla.suse.com/970672
https://bugzilla.suse.com/970901
https://bugzilla.suse.com/970989
https://bugzilla.suse.com/971237
https://bugzilla.suse.com/972341
https://bugzilla.suse.com/973162
https://bugzilla.suse.com/973432
https://bugzilla.suse.com/973550
https://bugzilla.suse.com/974010
https://bugzilla.suse.com/974011
https://bugzilla.suse.com/974315
https://bugzilla.suse.com/976194
https://bugzilla.suse.com/976826
https://bugzilla.suse.com/978166
More information about the sle-updates
mailing list