SUSE-SU-2019:1006-1: moderate: Security update for SUSE Manager Server 3.2

sle-updates at lists.suse.com sle-updates at lists.suse.com
Wed Apr 24 09:44:09 MDT 2019


   SUSE Security Update: Security update for SUSE Manager Server 3.2
______________________________________________________________________________

Announcement ID:    SUSE-SU-2019:1006-1
Rating:             moderate
References:         #1070731 #1109316 #1120242 #1121195 #1122230 
                    #1122381 #1122837 #1124290 #1125600 #1125744 
                    #1126075 #1126099 #1126518 #1127542 #1128228 
                    #1128724 #1128781 #1129765 #1129851 #1129956 
                    #1130658 #1131490 #1131677 #1131721 #1132579 
                    
Cross-References:   CVE-2017-7957
Affected Products:
                    SUSE Manager Server 3.2
                    SUSE Manager Proxy 3.2
______________________________________________________________________________

   An update that solves one vulnerability and has 24 fixes is
   now available.

Description:


   This update includes the following new features:

     to the repository metadata (fate#325676)

   This update fixes the following issues:

   apache-commons-lang3:

   - Run fdupes on javadoc
   - Specify java target and source level 1.6 to make package compatible with
     JDK >= 1.8

   cobbler:

   - Fixes case where distribution detection returns None (bsc#1130658)
   - SUSE texmode fix (bsc#1109316)

   drools:

   - Update Drools to 7.17.0
   - Release Notes: https://issues.jboss.org/secure/ReleaseNote.jspa
   - Fixes for SLE 15 compatibility

   guava:

   - Updated from 13.0.1 to 27.0.1
   - Changes between 13.0.1 and 23.0:
     https://github.com/google/guava/wiki/Release14
     https://github.com/google/guava/wiki/Release15
     https://github.com/google/guava/wiki/Release16
     https://github.com/google/guava/wiki/Release17
     https://github.com/google/guava/wiki/Release18
     https://github.com/google/guava/wiki/Release19
     https://github.com/google/guava/wiki/Release23
   - Changes between 23.0 and 27.0.1: see
     https://github.com/google/guava/releases

   jade4j:

   - Conditional java/java-devel requires based on os version
   - Update dependency version for commons-lang3 to 3.4
   - Fix building javadoc

   kie-api:

   - Update KIE to 7.17.0
   - Release notes: https://issues.jboss.org/secure/ReleaseNote.jspa

   optaplanner:

   - Update Optaplanner to 7.17.0

   py26-compat-salt:

   - Fix minion arguments assign via sysctl (bsc#1124290)

   smdba:

   - Make 'smdba space-overview' postgresql version agnostic (bsc#1129956)
   - Fix version mismatch

   spacecmd:

   - Fix system_delete with SSM (bsc#1125744)

   spacewalk-admin:

   - Fix encoding bug in salt event processing (bsc#1129851)

   spacewalk-backend:

   - Fix linking of packages in reposync (bsc#1131677)
   - Fix: handle non-standard filenames for comps.xml (bsc#1120242)
   - Mgr-sign-metadata can optionally clear-sign metadata files

   spacewalk-branding:

   - Introduce a description label for the new 'minion-checkin' Taskomatic
     job (bsc#1122837)

   spacewalk-certs-tools:

   - Add support for Ubuntu to bootstrap script
   - Clean up downloaded gpg keys after bootstrap (bsc#1126075)

   spacewalk-java:

   - Fix base channel selection for Ubuntu systems (bsc#1132579)
   - Fix retrieval of build time for .deb repositories (bsc#1131721)
   - Allow access to susemanager tools channels without res subscription
     (bsc#1127542)
   - Add support for SLES 15 live patches in CVE audit
   - Add a Taskomatic job to perform minion check-in regularly, drop use of
     Salt's Mine (bsc#1122837)
   - Fix errata_details to return details correctly (bsc#1128228)
   - Support ubuntu products and debian architectures in mgr-sync
   - Adapt check for available repositories to debian style repositories
   - Add support for custom username when bootstrapping with Salt-SSH
   - Read and update running kernel release value at each startup of minion
     (bsc#1122381)
   - Add error message on sync refresh when there are no scc credentials
   - Fix apidoc issues
   - Fix deleting server when minion_formulas.json is empty (bsc#1122230)
   - Minion-action-cleanup Taskomatic task: do not clean actions younger than
     one hour
   - Schedule full package refresh only once per action chain if needed
     (bsc#1126518)
   - Check and schedule package refresh in response to events independently
     of what originates them (bsc#1126099)
   - Add configuration option to limit the number of changelog entries added
     to the repository metadata (fate#325676)
   - Generate InRelease file for Debian/Ubuntu repos when metadata signing is
     enabled

   spacewalk-web:

   - Show undetected subscription-matching message object as a string anyway
     (bsc#1125600)
   - Fix action scheduler time picker prefill when the server is on
     "UTC/GMT" timezone (bsc#1121195)
   - Allow username input on bootstrap page when using Salt-SSH
   - Add cache buster for static files (js/css) to fix caching issues after
     upgrading.

   subscription-matcher:

   - Update dependencies (Drools, Optaplanner, Guava, Xstream)
   - Make the java and java-devel requirements variable
   - Relax the requirement condition on apache-commons-lang3

   susemanager:

   - Support creating bootstrap repos for Ubuntu 18.04 and 16.04.
   - Allow alternative names for bootstrap packages, to allow using old
     client tools after package renames
   - Feat: create Ubuntu empty repository
   - Fix creation of bootstrap repositories for SLE12 (no SP) by requiring
     python-setuptools only for SLE12 >= SP1 (bsc#1129765)
   - Add bootstrap repo definition for SLE15 SP1

   susemanager-docs_en:

   - Update text and image files.
   - Fix bad link.
   - Update Manual Backup and smdba sections.
   - Troubleshooting Salt clients.
   - Fix package endpoint in salt pillar content.
   - Ubuntu Clients supported.
   - Change License to GFL 1.2, as it is the real license for the doc since
     3.2.0

   susemanager-schema:

   - Add a Taskomatic job to perform minion check-in regularly, drop use of
     Salt's Mine (bsc#1122837)
   - Fix performance regression in inter-server-sync (bsc#1128781)
   - Set minion-action-cleanup run frequency from hourly to daily at midnight

   susemanager-sls:

   - Update get_kernel_live_version module to support older Salt versions
     (bsc#1131490)
   - Update get_kernel_live_version module to support SLES 15 live patches
   - Do not configure Salt Mine in newly registered minions (bsc#1122837)
   - Fix Salt error related to remove_traditional_stack when bootstrapping an
     Ubuntu minion (bsc#1128724)
   - Automatically trust SUSE GPG key for client tools channels on Ubuntu
     systems
   - Util.systeminfo sls has been added to perform different actions at
     minion startup(bsc#1122381)

   susemanager-sync-data:

   - Allow access to susemanager tools channels without res subscription
     (bsc#1127542)
   - Add Ubuntu product definitions
   - Adapt to SCC changes
   - Add CaaSP 4 Toolchain

   xstream:

   - Update xstream to 1.4.10
   - Major changes:
   - CVE-2017-7957: XStream could cause a Denial of Service when
     unmarshalling void. (bsc#1070731)
   - New XStream artifact with -java7 appended as version suffix for a
     library explicitly without the Java 8 stuff (lambda expression support,
     converters for java.time.* package).
   - Improve performance by minimizing call stack of mapper chain.
   - XSTR-774: Add converters for types of java.time, java.time.chrono, and
     java.time.temporal packages (converters for LocalDate, LocalDateTime,
     LocalTime, OffsetDateTime, and ZonedDateTime by Matej Cimbora).
   - JavaBeanConverter does not respect ignored unknown elements.
   - Add XStream.setupDefaultSecurity to initialize security framework with
     defaults of XStream 1.5.x.
   - Emit error warning if security framework has not been initialized and
     the XStream instance is vulnerable to known exploits.
   - Feat: modify patch to be compatible with JDK 11 building
   - Fixes for SLE 15 compatibility


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Manager Server 3.2:

      zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-1006=1

   - SUSE Manager Proxy 3.2:

      zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-1006=1



Package List:

   - SUSE Manager Server 3.2 (ppc64le s390x x86_64):

      reprepro-5.3.0-2.3.3
      smdba-1.6.4-0.3.9.3
      spacewalk-branding-2.8.5.15-3.19.3
      susemanager-3.2.17-3.22.4
      susemanager-tools-3.2.17-3.22.4

   - SUSE Manager Server 3.2 (noarch):

      apache-commons-lang3-3.4-3.3.3
      cobbler-2.6.6-6.16.3
      drools-7.17.0-3.3.3
      guava-27.0.1-3.3.3
      jade4j-1.0.7-3.3.3
      kie-api-7.17.0-3.3.3
      kie-soup-7.17.0.Final-2.3.3
      optaplanner-7.17.0-3.3.3
      py26-compat-salt-2016.11.10-6.21.3
      python2-spacewalk-certs-tools-2.8.8.7-3.6.3
      spacecmd-2.8.25.10-3.20.3
      spacewalk-admin-2.8.4.4-3.6.3
      spacewalk-backend-2.8.57.14-3.25.3
      spacewalk-backend-app-2.8.57.14-3.25.3
      spacewalk-backend-applet-2.8.57.14-3.25.3
      spacewalk-backend-config-files-2.8.57.14-3.25.3
      spacewalk-backend-config-files-common-2.8.57.14-3.25.3
      spacewalk-backend-config-files-tool-2.8.57.14-3.25.3
      spacewalk-backend-iss-2.8.57.14-3.25.3
      spacewalk-backend-iss-export-2.8.57.14-3.25.3
      spacewalk-backend-libs-2.8.57.14-3.25.3
      spacewalk-backend-package-push-server-2.8.57.14-3.25.3
      spacewalk-backend-server-2.8.57.14-3.25.3
      spacewalk-backend-sql-2.8.57.14-3.25.3
      spacewalk-backend-sql-oracle-2.8.57.14-3.25.3
      spacewalk-backend-sql-postgresql-2.8.57.14-3.25.3
      spacewalk-backend-tools-2.8.57.14-3.25.3
      spacewalk-backend-xml-export-libs-2.8.57.14-3.25.3
      spacewalk-backend-xmlrpc-2.8.57.14-3.25.3
      spacewalk-base-2.8.7.15-3.24.3
      spacewalk-base-minimal-2.8.7.15-3.24.3
      spacewalk-base-minimal-config-2.8.7.15-3.24.3
      spacewalk-certs-tools-2.8.8.7-3.6.3
      spacewalk-html-2.8.7.15-3.24.3
      spacewalk-java-2.8.78.21-3.29.1
      spacewalk-java-config-2.8.78.21-3.29.1
      spacewalk-java-lib-2.8.78.21-3.29.1
      spacewalk-java-oracle-2.8.78.21-3.29.1
      spacewalk-java-postgresql-2.8.78.21-3.29.1
      spacewalk-taskomatic-2.8.78.21-3.29.1
      subscription-matcher-0.23-4.12.3
      susemanager-schema-3.2.18-3.22.3
      susemanager-sls-3.2.23-3.26.3
      susemanager-sync-data-3.2.14-3.20.3
      susemanager-web-libs-2.8.7.15-3.24.3
      xstream-1.4.10-4.3.3

   - SUSE Manager Proxy 3.2 (noarch):

      python2-spacewalk-certs-tools-2.8.8.7-3.6.3
      spacewalk-backend-2.8.57.14-3.25.3
      spacewalk-backend-libs-2.8.57.14-3.25.3
      spacewalk-base-minimal-2.8.7.15-3.24.3
      spacewalk-base-minimal-config-2.8.7.15-3.24.3
      spacewalk-certs-tools-2.8.8.7-3.6.3
      susemanager-web-libs-2.8.7.15-3.24.3


References:

   https://www.suse.com/security/cve/CVE-2017-7957.html
   https://bugzilla.suse.com/1070731
   https://bugzilla.suse.com/1109316
   https://bugzilla.suse.com/1120242
   https://bugzilla.suse.com/1121195
   https://bugzilla.suse.com/1122230
   https://bugzilla.suse.com/1122381
   https://bugzilla.suse.com/1122837
   https://bugzilla.suse.com/1124290
   https://bugzilla.suse.com/1125600
   https://bugzilla.suse.com/1125744
   https://bugzilla.suse.com/1126075
   https://bugzilla.suse.com/1126099
   https://bugzilla.suse.com/1126518
   https://bugzilla.suse.com/1127542
   https://bugzilla.suse.com/1128228
   https://bugzilla.suse.com/1128724
   https://bugzilla.suse.com/1128781
   https://bugzilla.suse.com/1129765
   https://bugzilla.suse.com/1129851
   https://bugzilla.suse.com/1129956
   https://bugzilla.suse.com/1130658
   https://bugzilla.suse.com/1131490
   https://bugzilla.suse.com/1131677
   https://bugzilla.suse.com/1131721
   https://bugzilla.suse.com/1132579



More information about the sle-updates mailing list