SUSE-SU-2015:0928-1: important: Security update for SUSE Manager Server 1.7

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu May 21 16:05:32 MDT 2015


   SUSE Security Update: Security update for SUSE Manager Server 1.7
______________________________________________________________________________

Announcement ID:    SUSE-SU-2015:0928-1
Rating:             important
References:         #799068 #809927 #814954 #864246 #870159 #879904 
                    #881111 #896238 #896244 #898426 #900956 #901108 
                    #902915 #903723 #906850 #912886 #922525 
Cross-References:   CVE-2014-7811 CVE-2014-7812 CVE-2014-8162
                   
Affected Products:
                    SUSE Manager 1.7 for SLE 11 SP2
______________________________________________________________________________

   An update that solves three vulnerabilities and has 14
   fixes is now available. It includes 9 new package versions.

Description:


   This collective update for SUSE Manager 1.7 provides several fixes and
   enhancements.

   smdba:

       * Space reclamation caused ORA-00942 (table or view does not exist).
         (bsc#906850)
       * Optimized space reclamation for Oracle.
       * Implement fully hot operations for PostgreSQL.
       * System check breaks backup and other configuration.
       * Implement rotating PostgreSQL backup feature. (bsc#896244)
       * Set PostgreSQL max connections to the same value as for Oracle.

   sm-ncc-sync-data:

       * Add ATI and nVidia channels for SLED11-SP3. (bsc#901108)

   spacecmd:

       * Fix call to setCustomOptions(). (bsc#879904)

   spacewalk-backend:

       * Fix encoding of submit message.
       * Trigger generation of metadata if the repository contains no
         packages. (bsc#870159)

   spacewalk-branding:

       * Update default Spacewalk entitlement certificate.

   spacewalk-java:

       * Introduce improved parser for xmlrpc. (CVE-2014-8162, bsc#922525)
       * Fix more cross-site scripting bugs. (CVE-2014-7811, bsc#902915)
       * Ffix CVE audit in case of multiversion package installed and patch
         in multi channels. (bsc#903723)
       * Fix automatic configuration file deployment via snippet. (bsc#898426)
       * Download CSV button does not export all columns ("Base Channel"
         missing). (bsc#896238)
       * Fix cross-site scripting in system-group. (CVE-2014-7812, bsc#912886)

   spacewalk-setup:

       * Fix XML RPC API External Entities file disclosure. (CVE-2014-8162,
         bsc#922525)
       * No activation if db population should be skipped. (bsc#900956)

   susemanager-schema:

       * Fix evr_t schema upgrade. (bsc#881111)

   susemanager:

       * Add tool to update the spacewalk public cert in the DB.
       * Fix the test for the mirror credentials. (bsc#864246)

   How to apply this update:

   1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk
   service: spacewalk-service stop 3. Apply the patch using either zypper
   patch or YaST Online Update. 4. Upgrade the database schema with
   spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service
   start

   Security Issues:

       * CVE-2014-7811
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7811>
       * CVE-2014-7812
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7812>
       * CVE-2014-8162
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8162>


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Manager 1.7 for SLE 11 SP2:

      zypper in -t patch sleman17sp2-sm-ncc-sync-data=10671

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Manager 1.7 for SLE 11 SP2 (x86_64) [New Version: 1.5,1.7.1.13,1.7.30,1.7.38.34 and 1.7.7.12]:

      smdba-1.5-0.6.2.1
      spacecmd-1.7.7.12-0.5.1
      spacewalk-backend-1.7.38.34-0.5.1
      spacewalk-backend-app-1.7.38.34-0.5.1
      spacewalk-backend-applet-1.7.38.34-0.5.1
      spacewalk-backend-config-files-1.7.38.34-0.5.1
      spacewalk-backend-config-files-common-1.7.38.34-0.5.1
      spacewalk-backend-config-files-tool-1.7.38.34-0.5.1
      spacewalk-backend-iss-1.7.38.34-0.5.1
      spacewalk-backend-iss-export-1.7.38.34-0.5.1
      spacewalk-backend-libs-1.7.38.34-0.5.1
      spacewalk-backend-package-push-server-1.7.38.34-0.5.1
      spacewalk-backend-server-1.7.38.34-0.5.1
      spacewalk-backend-sql-1.7.38.34-0.5.1
      spacewalk-backend-sql-oracle-1.7.38.34-0.5.1
      spacewalk-backend-sql-postgresql-1.7.38.34-0.5.1
      spacewalk-backend-tools-1.7.38.34-0.5.1
      spacewalk-backend-xml-export-libs-1.7.38.34-0.5.1
      spacewalk-backend-xmlrpc-1.7.38.34-0.5.1
      spacewalk-backend-xp-1.7.38.34-0.5.1
      spacewalk-branding-1.7.1.13-0.5.1
      susemanager-1.7.30-0.5.2
      susemanager-tools-1.7.30-0.5.2

   - SUSE Manager 1.7 for SLE 11 SP2 (noarch) [New Version: 1.7.21,1.7.54.34,1.7.56.24 and 1.7.9.12]:

      sm-ncc-sync-data-1.7.21-0.5.1
      spacewalk-java-1.7.54.34-0.5.1
      spacewalk-java-config-1.7.54.34-0.5.1
      spacewalk-java-lib-1.7.54.34-0.5.1
      spacewalk-java-oracle-1.7.54.34-0.5.1
      spacewalk-java-postgresql-1.7.54.34-0.5.1
      spacewalk-setup-1.7.9.12-0.5.1
      spacewalk-taskomatic-1.7.54.34-0.5.1
      susemanager-schema-1.7.56.24-0.7.1


References:

   https://www.suse.com/security/cve/CVE-2014-7811.html
   https://www.suse.com/security/cve/CVE-2014-7812.html
   https://www.suse.com/security/cve/CVE-2014-8162.html
   https://bugzilla.suse.com/799068
   https://bugzilla.suse.com/809927
   https://bugzilla.suse.com/814954
   https://bugzilla.suse.com/864246
   https://bugzilla.suse.com/870159
   https://bugzilla.suse.com/879904
   https://bugzilla.suse.com/881111
   https://bugzilla.suse.com/896238
   https://bugzilla.suse.com/896244
   https://bugzilla.suse.com/898426
   https://bugzilla.suse.com/900956
   https://bugzilla.suse.com/901108
   https://bugzilla.suse.com/902915
   https://bugzilla.suse.com/903723
   https://bugzilla.suse.com/906850
   https://bugzilla.suse.com/912886
   https://bugzilla.suse.com/922525
   https://download.suse.com/patch/finder/?keywords=8028a25587947641ad45132e4992e11d



More information about the sle-security-updates mailing list