SUSE-SU-2017:2964-1: moderate: Security update for SUSE Manager Server 3.0

Fri Nov 10 01:10:07 MST 2017

   SUSE Security Update: Security update for SUSE Manager Server 3.0
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:2964-1
Rating:             moderate
References:         #1019097 #1021432 #1032065 #1032122 #1038862 
                    #1040420 #1041489 #1042265 #1043880 #1044719 
                    #1045152 #1048294 #1048295 #1049139 #1053038 
                    #1054044 #1054902 #1055292 #1055467 #1056358 
                    #1056678 #1057126 #1057599 #1059201 #1059319 
                    #1059388 #1059524 #1059568 #1061548 #1061574 
                    #1061576 #1062094 #1062476 #1063590 #1065085 
                    #729910 #971785 #971916 #989991 
Cross-References:   CVE-2017-7514
Affected Products:
                    SUSE Manager Server 3.0
______________________________________________________________________________

   An update that solves one vulnerability and has 38 fixes is
   now available.

Description:

   This update fixes the following issues:

   nutch:

   - Log Hadoop into proper log dir (bsc#1061574):
     change-default-log-location.patch

   salt-netapi-client:

     See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.13.0

   spacecmd:

   - Configchannel export binary flag to json (bsc#1044719)

   spacewalk:

   - Support postgresql 9.6 (bsc#1045152)

   spacewalk-backend:

   - Add hostname to duplicate machine_id email (bsc#1055292)
   - Fix link to manual and described procedure
   - Fix SP migration for traditional clients which were registered by a
     currently disabled user (bsc#1057126)

   spacewalk-branding:

   - Disallow entering multiple identical mirror credentials (bsc#971785)
   - Fix ISE error with invalid custom key id (bsc#1048294)

   spacewalk-certs-tools:

   - Do not use registration keys from last autoinstallation (bsc#1057599)

   spacewalk-java:

   - Disallow entering multiple identical mirror credentials (bsc#971785)
   - Fix ISE error with invalid custom key id (bsc#1048294)
   - Skip the server if no channel can be guessed (bsc#1040420)
   - Keep the GPG Check value if validation fails (bsc#1061548)
   - Make systems in system group list selectable by the group admins
     (bsc#1021432)
   - Hide non-relevant typed systems in SystemCurrency (bsc#1019097)
   - Exclude salt systems from the list of target systems for traditional
     configuration stack installation
   - Start registration for accepted minions only on the minion start event,
     not automatically on any event (bsc#1054044)
   - Extract proxy version from named installed product (bsc#1055467)
   - Install update stack erratas as a package list (bsc#1049139)
   - Schedule one action for all selected patches on RHEL (bsc#1038862)
   - Improve duplicate hostname and transaction handling in minion
     registration
   - Display GUI message after successfully deleting custom key (bsc#1048295)
   - Harmonize presentation of patch information (bsc#1032065)
   - Fix links on schedule pages (bsc#1059201)
   - Fix duplicate machine id in event history on minion restart (bsc#1059388)
   - Show link in message when rescheduling actions (bsc#1032122)
   - Prevent ISE when distribution does not exist (bsc#1059524)
   - Do not store registration-keys during autoinstallation (bsc#1057599)
   - Fix cloning Kickstart Profiles with Custom Options (bsc#1061576)
   - Checkin the foreign host if a s390 minion finished a job (bsc#971916)
   - Increase max length of hardware address to 32 bytes (bsc#989991)
   - Adapt Salt runner and wheel calls to the new error handling introduced
     in salt-netapi-client-0.12.0
   - Change log level and event history for duplicate machine id
     (bsc#1041489)
   - Trim spaces around the target expression in the Salt remote command page
     (bsc#1056678)
   - Fix a ConstraintViolationException when refreshing hardware with changed
     network interfaces or IP addresses
   - Check entitlement usage based on grains when onboarding a minion
     (bsc#1043880)
   - Escape failure-text of failed-actions (CVE-2017-7514, bsc#1042265)
   - Fix minor UI issues on overview page (bsc#1063590)

   spacewalk-reports:

   - Add machine_id and minion_id to system-profiles and inventory report
     (bsc#1054902)

   spacewalk-web:

   - Disallow entering multiple identical mirror credentials (bsc#971785)

   supportutils-plugin-susemanager:

   - Use correct function validate_rpm for supportconfig (bsc#1062094)

   susemanager:

   - Add 'yum-plugin-security' package to RES6 bootstrap rep (bsc#1059319)
   - Ensure postgres db template uses unicode (bsc#1062476)

   susemanager-docs_en:

   - Update text and image files.
   - Fix some version strings (bsc#1065085)

   release-notes-susemanager:

   - Enable SUSE Linux Enterprise 12 SP3 as base OS

   susemanager-schema:

   - Re-create unique index on minion_id (bsc#1059568, bsc#1056358)
   - Increase max length of hardware address to 32 bytes (bsc#989991)

   susemanager-sls:

   - Targeting patches instead of packages for non Zypper patch installation
     (bsc#1038862)
   - Support xccdf 1.2 namespace in openscap result file (bsc#1059319)
   - Fix create empty top.sls with no-op (bsc#1053038)
   - Enabling certificate deployment for Leap 42.3 clients which is needed
     for bootstrapping

   How to apply this update: 1. Log in as root user to the SUSE Manager
   server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the
   patch using either zypper patch or YaST Online Update. 4. Upgrade the
   database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service:
   spacewalk-service start

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Manager Server 3.0:

      zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2017-1840=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Manager Server 3.0 (s390x x86_64):

      release-notes-susemanager-3.0.9-0.53.9.2
      spacewalk-branding-2.5.2.15-16.6.4
      susemanager-3.0.24-25.6.4
      susemanager-tools-3.0.24-25.6.4

   - SUSE Manager Server 3.0 (noarch):

      nutch-1.0-0.9.5.4
      salt-netapi-client-0.13.0-16.6.4
      spacecmd-2.5.5.9-16.9.4
      spacewalk-backend-2.5.24.14-26.11.4
      spacewalk-backend-app-2.5.24.14-26.11.4
      spacewalk-backend-applet-2.5.24.14-26.11.4
      spacewalk-backend-config-files-2.5.24.14-26.11.4
      spacewalk-backend-config-files-common-2.5.24.14-26.11.4
      spacewalk-backend-config-files-tool-2.5.24.14-26.11.4
      spacewalk-backend-iss-2.5.24.14-26.11.4
      spacewalk-backend-iss-export-2.5.24.14-26.11.4
      spacewalk-backend-libs-2.5.24.14-26.11.4
      spacewalk-backend-package-push-server-2.5.24.14-26.11.4
      spacewalk-backend-server-2.5.24.14-26.11.4
      spacewalk-backend-sql-2.5.24.14-26.11.4
      spacewalk-backend-sql-oracle-2.5.24.14-26.11.4
      spacewalk-backend-sql-postgresql-2.5.24.14-26.11.4
      spacewalk-backend-tools-2.5.24.14-26.11.4
      spacewalk-backend-xml-export-libs-2.5.24.14-26.11.4
      spacewalk-backend-xmlrpc-2.5.24.14-26.11.4
      spacewalk-base-2.5.7.19-25.9.4
      spacewalk-base-minimal-2.5.7.19-25.9.4
      spacewalk-base-minimal-config-2.5.7.19-25.9.4
      spacewalk-certs-tools-2.5.1.11-21.6.4
      spacewalk-common-2.5.0.7-4.6.4
      spacewalk-html-2.5.7.19-25.9.4
      spacewalk-java-2.5.59.18-27.9.4
      spacewalk-java-config-2.5.59.18-27.9.4
      spacewalk-java-lib-2.5.59.18-27.9.4
      spacewalk-java-oracle-2.5.59.18-27.9.4
      spacewalk-java-postgresql-2.5.59.18-27.9.4
      spacewalk-oracle-2.5.0.7-4.6.4
      spacewalk-postgresql-2.5.0.7-4.6.4
      spacewalk-reports-2.5.1.3-4.3.4
      spacewalk-taskomatic-2.5.59.18-27.9.4
      supportutils-plugin-susemanager-3.0.5-2.3.4
      susemanager-advanced-topics_en-pdf-3-25.8.2
      susemanager-best-practices_en-pdf-3-25.8.2
      susemanager-docs_en-3-25.8.2
      susemanager-getting-started_en-pdf-3-25.8.2
      susemanager-jsp_en-3-25.8.2
      susemanager-reference_en-pdf-3-25.8.2
      susemanager-schema-3.0.22-25.6.4
      susemanager-sls-0.1.24-27.9.4

References:

   https://www.suse.com/security/cve/CVE-2017-7514.html
   https://bugzilla.suse.com/1019097
   https://bugzilla.suse.com/1021432
   https://bugzilla.suse.com/1032065
   https://bugzilla.suse.com/1032122
   https://bugzilla.suse.com/1038862
   https://bugzilla.suse.com/1040420
   https://bugzilla.suse.com/1041489
   https://bugzilla.suse.com/1042265
   https://bugzilla.suse.com/1043880
   https://bugzilla.suse.com/1044719
   https://bugzilla.suse.com/1045152
   https://bugzilla.suse.com/1048294
   https://bugzilla.suse.com/1048295
   https://bugzilla.suse.com/1049139
   https://bugzilla.suse.com/1053038
   https://bugzilla.suse.com/1054044
   https://bugzilla.suse.com/1054902
   https://bugzilla.suse.com/1055292
   https://bugzilla.suse.com/1055467
   https://bugzilla.suse.com/1056358
   https://bugzilla.suse.com/1056678
   https://bugzilla.suse.com/1057126
   https://bugzilla.suse.com/1057599
   https://bugzilla.suse.com/1059201
   https://bugzilla.suse.com/1059319
   https://bugzilla.suse.com/1059388
   https://bugzilla.suse.com/1059524
   https://bugzilla.suse.com/1059568
   https://bugzilla.suse.com/1061548
   https://bugzilla.suse.com/1061574
   https://bugzilla.suse.com/1061576
   https://bugzilla.suse.com/1062094
   https://bugzilla.suse.com/1062476
   https://bugzilla.suse.com/1063590
   https://bugzilla.suse.com/1065085
   https://bugzilla.suse.com/729910
   https://bugzilla.suse.com/971785
   https://bugzilla.suse.com/971916
   https://bugzilla.suse.com/989991