SUSE-SU-2017:2257-1: moderate: Security update for SUSE Manager Server 3.1

Fri Aug 25 10:10:22 MDT 2017

   SUSE Security Update: Security update for SUSE Manager Server 3.1
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:2257-1
Rating:             moderate
References:         #1009118 #1017513 #1019759 #1028098 #1030898 
                    #1031143 #1031602 #1032324 #1032350 #1033999 
                    #1035728 #1037609 #1038321 #1039458 #1039579 
                    #1039913 #1042199 #1042552 #1042846 #1042975 
                    #1043143 #1043430 #1043795 #1043831 #1044719 
                    #1045152 #1045266 #1045981 #1046176 #1046218 
                    #1046314 #1046865 #1047282 #1047352 #1047513 
                    #1047641 #1047656 #1047680 #1047707 #1048183 
                    #1048968 #1049162 #1049425 #1049471 #1049575 
                    #1049664 #1049665 #1050385 #1051518 #1051719 

Cross-References:   CVE-2017-10807 CVE-2017-7538
Affected Products:
                    SUSE Manager Server 3.1
______________________________________________________________________________

   An update that solves two vulnerabilities and has 48 fixes
   is now available.

Description:

   This update for the SUSE Manager Server 3.1 provides several fixes and
   improvements.

   The following security issues have been fixed:

   jabberd:

   - Fix offered SASL mechanism check. (bsc#1047282, CVE-2017-10807)

   spacewalk-java:

   - Do not allow XSS as Organization name. (bsc#1048968, CVE-2017-7538)

   Additionally, the following non-security issues have been fixed:

   cobbler:

   - Fix missing arguments and location for Xen. (bsc#1048183)

   jabberd:

   - Fix memory leak in pgsql storage driver.
   - Fix two double-frees caused by dangling pointers.
   - wss:// (WebSocket over SSL) support in c2s.
   - Allow BareJID S10N packets.
   - SQLite postconnect SQL support.
   - Support WebSocket fragmented packets.
   - Module to verify users using e-mail.
   - Use OpenSSL functions for base64 en/decoding when available.
   - Option to dump packet-filter matched packets to file.
   - bcrypt support for PostgreSQL and MySQL storage.
   - Option to set authreg module per realm.
   - WebSocket C2S SX plugin.
   - Support for RSA/DH/ECDH key agreement.
   - For a detailed description of all fixes, please refer to the changelog.

   osad:

   - Reduce maximal size of osad log before rotating.
   - Perform osad restart in posttrans. (bsc#1039913)

   salt-netapi-client:

   - Fix date format for Schedule.
   - Fix sending kwarg in payload in RunnerCall.
   - Better error handling in Runner and Wheel calls.
   - Increase the default SOCKET_TIMEOUT to 20 seconds.

   smdba:

   - Add support for postgresql96. (bsc#1045152)

   spacecmd:

   - Configchannel export binary flag to json. (bsc#1044719)

   spacewalk-backend:

   - Make master_label static to keep its value when retrying. (bsc#1038321)
   - Adapt for the new gpgcheck flag for the channels.

   spacewalk-branding:

   - Fix overlapping of elements. (bsc#1031143)
   - Fix overlapping text narrow window. (bsc#1009118)
   - Fix formulas action buttons position. (bsc#1047513)
   - Fix broken link. (bsc#1033999)
   - Alphabar: Change title to 'Select first character'. (bsc#1042199)

   spacewalk-certs-tools:

   - Improve text for bootstrap. (bsc#1032324)

   spacewalk-java:

   - Don't add default channel if AK is not valid. (bsc#1047656)
   - Add 'Enable GPG check' function for channels.
   - No legend icon for Activity Ocurring. (bsc#1051719)
   - Implement API call for bootstrapping systems.
   - Fix product ids reported for SUSE Manager Server to the subscription
     matcher.
   - Fix adding products when assigning channels. (bsc#1049664)
   - Set default memory size for SLES 12 installations to 1024MB.
     (bsc#1047707)
   - Enable remote-command for Salt clients in SSM. (bsc#1050385)
   - Add missing help icons/links. (bsc#1049425)
   - Fix invalid help links. (bsc#1049425)
   - Fix wrong openscap xid. (bsc#1030898)
   - Fix overlapping text narrow window. (bsc#1009118)
   - Fixes alignment on the orgdetails. (bsc#1017513)
   - Fix text for activation key buttons. (bsc#1042975)
   - Correctly set, check and cut textarea maxlength. (bsc#1043430)
   - MinionActionExecutor: Raise skip timeout. (bsc#1046865)
   - Update channels.xml with OpenStack Cloud Continuous Delivery 6.
     (bsc#1039458)
   - Do not create VirtualInstance duplicates for the same 'uuid'.
   - Add taskomatic task to cleanup duplicated uuids for same system id.
   - Handle possible wrong UUIDs on SLE11 minions. (bsc#1046218)
   - Removed duplicate overview menu item. (bsc#1045981)
   - Enable act-key name empty on creation. (bsc#1032350)
   - Fix NPE when there's not udev results. (bsc#1042552)
   - Alphabar: Change title to 'Select first character'. (bsc#1042199)
   - Duplicate Systems: Correct language not to mention 'profiles'.
     (bsc#1035728)
   - Fix list filters to work with URL special characters. (bsc#1042846)
   - Use getActive() instead of isActive() for JavaBeans compliance.
     (bsc#1043143)
   - Fix hide non-org event details. (bsc#1039579)

   spacewalk-search:

   - Remove executable bit from service files. (bsc#1051518)

   spacewalk-utils:

   - Don't show password on input in spacewalk-manage-channel-lifecycle.
     (bsc#1043795)

   spacewalk-web:

   - Fix overlapping of elements. (bsc#1031143)
   - Fix formulas action buttons position. (bsc#1047513)
   - Do not show old messages. (bsc#1043831)
   - Add a dynamic counter of the remaining textarea length.
   - Confirm if navigating away while bootstrapping.

   susemanager:

   - Assert correct java version. (bsc#1049575)
   - Create bootstrap repository for SLES for SAP 11 SP1. (bsc#1049471)
   - Adjust the bootstrap repository with SLE 12 SP3 repositories.

   susemanager-docs_en:

   - Improve Icinga services example. (bsc#1019759)
   - Make Section reference Configuration Management more clear. (bsc#1047352)
   - Add missing "host_name" in service definition example for Icinga.
     (bsc#1049162)
   - Fix documentation on moving database. (bsc#1031602)
   - Add missing Autoinstallation page in Advanced Topics guide. (bsc#1047680)
   - Make API documentation available online. (bsc#1047641)
   - Fix Reference Guide Documentation issues. (bsc#1045266)
   - Update online documentation components. (bsc#1046314)
   - Update online documentation. (bsc#1046176)

   susemanager-schema:

   - Adapt for the new gpgcheck flag for the channels.

   susemanager-sync-data:

   - Add support for SLE 12 SP3 product family, SUSE Enterprise Storage 5,
     OpenStack Cloud 6 Continuous Delivery and Public Cloud for ppc64le.
     (bsc#1028098, bsc#1039458, bsc#1037609, bsc#1049665)

   How to apply this update: 1. Log in as root user to the SUSE Manager
   server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the
   patch using either zypper patch or YaST Online Update. 4. Upgrade the
   database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service:
   spacewalk-service start

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Manager Server 3.1:

      zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2017-1387=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Manager Server 3.1 (ppc64le s390x x86_64):

      jabberd-2.6.1-3.3.1
      jabberd-db-2.6.1-3.3.1
      jabberd-db-debuginfo-2.6.1-3.3.1
      jabberd-debuginfo-2.6.1-3.3.1
      jabberd-debugsource-2.6.1-3.3.1
      jabberd-sqlite-2.6.1-3.3.1
      jabberd-sqlite-debuginfo-2.6.1-3.3.1
      smdba-1.5.8-0.2.3.1
      spacewalk-branding-2.7.2.7-2.3.1
      susemanager-3.1.8-2.3.1
      susemanager-tools-3.1.8-2.3.1

   - SUSE Manager Server 3.1 (noarch):

      cobbler-2.6.6-5.3.1
      osa-common-5.11.80.3-2.3.1
      osa-dispatcher-5.11.80.3-2.3.1
      rhnpush-5.5.104.3-2.3.2
      salt-netapi-client-0.12.0-3.3.1
      spacecmd-2.7.8.6-2.3.1
      spacewalk-backend-2.7.73.7-2.3.1
      spacewalk-backend-app-2.7.73.7-2.3.1
      spacewalk-backend-applet-2.7.73.7-2.3.1
      spacewalk-backend-config-files-2.7.73.7-2.3.1
      spacewalk-backend-config-files-common-2.7.73.7-2.3.1
      spacewalk-backend-config-files-tool-2.7.73.7-2.3.1
      spacewalk-backend-iss-2.7.73.7-2.3.1
      spacewalk-backend-iss-export-2.7.73.7-2.3.1
      spacewalk-backend-libs-2.7.73.7-2.3.1
      spacewalk-backend-package-push-server-2.7.73.7-2.3.1
      spacewalk-backend-server-2.7.73.7-2.3.1
      spacewalk-backend-sql-2.7.73.7-2.3.1
      spacewalk-backend-sql-oracle-2.7.73.7-2.3.1
      spacewalk-backend-sql-postgresql-2.7.73.7-2.3.1
      spacewalk-backend-tools-2.7.73.7-2.3.1
      spacewalk-backend-xml-export-libs-2.7.73.7-2.3.1
      spacewalk-backend-xmlrpc-2.7.73.7-2.3.1
      spacewalk-base-2.7.1.10-2.3.1
      spacewalk-base-minimal-2.7.1.10-2.3.1
      spacewalk-base-minimal-config-2.7.1.10-2.3.1
      spacewalk-certs-tools-2.7.0.7-2.3.1
      spacewalk-html-2.7.1.10-2.3.1
      spacewalk-java-2.7.46.5-2.3.1
      spacewalk-java-config-2.7.46.5-2.3.1
      spacewalk-java-lib-2.7.46.5-2.3.1
      spacewalk-java-oracle-2.7.46.5-2.3.1
      spacewalk-java-postgresql-2.7.46.5-2.3.1
      spacewalk-search-2.7.3.2-2.3.4
      spacewalk-taskomatic-2.7.46.5-2.3.1
      spacewalk-utils-2.7.10.5-2.3.1
      susemanager-advanced-topics_en-pdf-3-10.3.1
      susemanager-best-practices_en-pdf-3-10.3.1
      susemanager-docs_en-3-10.3.1
      susemanager-getting-started_en-pdf-3-10.3.1
      susemanager-jsp_en-3-10.3.1
      susemanager-reference_en-pdf-3-10.3.1
      susemanager-schema-3.1.9-2.3.1
      susemanager-sync-data-3.1.6-2.3.1

References:

   https://www.suse.com/security/cve/CVE-2017-10807.html
   https://www.suse.com/security/cve/CVE-2017-7538.html
   https://bugzilla.suse.com/1009118
   https://bugzilla.suse.com/1017513
   https://bugzilla.suse.com/1019759
   https://bugzilla.suse.com/1028098
   https://bugzilla.suse.com/1030898
   https://bugzilla.suse.com/1031143
   https://bugzilla.suse.com/1031602
   https://bugzilla.suse.com/1032324
   https://bugzilla.suse.com/1032350
   https://bugzilla.suse.com/1033999
   https://bugzilla.suse.com/1035728
   https://bugzilla.suse.com/1037609
   https://bugzilla.suse.com/1038321
   https://bugzilla.suse.com/1039458
   https://bugzilla.suse.com/1039579
   https://bugzilla.suse.com/1039913
   https://bugzilla.suse.com/1042199
   https://bugzilla.suse.com/1042552
   https://bugzilla.suse.com/1042846
   https://bugzilla.suse.com/1042975
   https://bugzilla.suse.com/1043143
   https://bugzilla.suse.com/1043430
   https://bugzilla.suse.com/1043795
   https://bugzilla.suse.com/1043831
   https://bugzilla.suse.com/1044719
   https://bugzilla.suse.com/1045152
   https://bugzilla.suse.com/1045266
   https://bugzilla.suse.com/1045981
   https://bugzilla.suse.com/1046176
   https://bugzilla.suse.com/1046218
   https://bugzilla.suse.com/1046314
   https://bugzilla.suse.com/1046865
   https://bugzilla.suse.com/1047282
   https://bugzilla.suse.com/1047352
   https://bugzilla.suse.com/1047513
   https://bugzilla.suse.com/1047641
   https://bugzilla.suse.com/1047656
   https://bugzilla.suse.com/1047680
   https://bugzilla.suse.com/1047707
   https://bugzilla.suse.com/1048183
   https://bugzilla.suse.com/1048968
   https://bugzilla.suse.com/1049162
   https://bugzilla.suse.com/1049425
   https://bugzilla.suse.com/1049471
   https://bugzilla.suse.com/1049575
   https://bugzilla.suse.com/1049664
   https://bugzilla.suse.com/1049665
   https://bugzilla.suse.com/1050385
   https://bugzilla.suse.com/1051518
   https://bugzilla.suse.com/1051719