SUSE-SU-2018:0552-1: moderate: Security update for SUSE Manager Server 3.1

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Feb 27 10:11:21 MST 2018


   SUSE Security Update: Security update for SUSE Manager Server 3.1
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:0552-1
Rating:             moderate
References:         #1015956 #1016377 #1022077 #1022078 #1028285 
                    #1031081 #1036302 #1045289 #1055296 #1061273 
                    #1061574 #1063419 #1063759 #1064258 #1065023 
                    #1065259 #1067608 #1068032 #1069943 #1070161 
                    #1070372 #1070597 #1070782 #1071314 #1071468 
                    #1071526 #1071553 #1072153 #1072157 #1072160 
                    #1072797 #1073474 #1073482 #1073619 #1073713 
                    #1073739 #1074300 #1074430 #1074508 #1074854 
                    #1075044 #1075254 #1075345 #1075408 #1075862 
                    #1076034 #1076201 #1076578 #1077076 #1077730 
                    #1078749 #1079820 #979616 #979633 
Cross-References:   CVE-2017-5715 CVE-2017-5753 CVE-2017-5754
                   
Affected Products:
                    SUSE Manager Server 3.1
______________________________________________________________________________

   An update that solves three vulnerabilities and has 51
   fixes is now available.

Description:

   This update fixes the following issues:

   nutch:

   - Fix hadoop log dir. (bsc#1061574)

   osad, rhnlib:

   - Fix update mechanism when updating the updateservice (bsc#1073619)

   pxe-default-image:

   - Spectre and Meltdown mitigation. (CVE-2017-5753, CVE-2017-5715,
     CVE-2017-5754, bsc#1068032)

   spacecmd:

   - Support multiple FQDNs per system. (bsc#1063419)
   - Added custom JSON encoder in order to parse date fields correctly.
     (bsc#1070372)

   spacewalk-backend:

   - Fix spacewalk-data-fsck restore of broken package database entry.
     (bsc#1071526)
   - Support multiple FQDNs per system. (bsc#1063419)
   - Fix restore hostname and ip*addr in templated documents. (bsc#1075044)
   - Fix directory name in spacewalk-data-fsck.

   spacewalk-branding:

   - Replace custom states with configuration channels.
   - Fix pre formatted code. (bsc#1067608)
   - Fix message about package profile sync. (bsc#1073739)
   - Fix naming of the Tools channel. (bsc#979633)

   spacewalk-client-tools:

   - Support multiple FQDNs per system. (bsc#1063419)
   - Fix update mechanism when updating the updateservice. (bsc#1073619)

   spacewalk-java:

   - Fix the file count for deployed files. (bsc#1074300)
   - Remove previous activation keys when migrating to salt. (bsc#1031081)
   - Improve webui for comparing files. (bsc#1076201)
   - Separate Salt calls based on config revisions and server grouping.
     (bsc#1074854)
   - For minion, no option to modifiy config file but just view.
   - Handle gpg_check correctly. (bsc#1076578)
   - Uniform date formatting in System Details view. (bsc#1045289)
   - Import content of custom states from filesystem to database on startup,
     backup old state files.
   - Change the directory of the (normal) configuration channels from
     mgr_cfg_org_N to manager_org_N.
   - Replace custom states with configuration channels.
   - Hide ownership/permission fields from create/upload config file forms
     for state channels. (bsc#1072153)
   - Hide files from state channels from deploy/compare file lists.
     (bsc#1072160)
   - Disable and hide deploy files tab for state config channels.
     (bsc#1072157)
   - Allow ordering config channels in state revision.
   - Disallow creating 'normal' config channels when a 'state' channel with
     the same name and org already exists and vice versa.
   - UI has been updated to manage state channels.
   - Support multiple FQDNs per system. (bsc#1063419)
   - Setting 'Base Channels' as default tab for 'Channels' tab in SSM
     Overview screen. (bsc#979616)
   - Log triggers that are in ERROR state.
   - Refresh pillar data on formular change. (bsc#1028285)
   - Uniform the notification message when rebooting a system. (bsc#1036302)
   - Avoid use of the potentially-slow rhnServerNeededPackageCache view.
   - Speed up scheduling of package updates through the SSM. (bsc#1076034)
   - Fix encoding/decoding of url_bounce with more parameters. (bsc#1075408)
   - After dry-run, sync channels back with the server. (bsc#1071468)
   - Fix message about package profile sync. (bsc#1073739)
   - On registration, assign server to the organization of the creator when
     activation key is empty. (bsc#1016377)
   - Fix logging issues when saving autoyast profiles. (bsc#1073474)
   - Add VM state as info gathered from VMware. (bsc#1063759)
   - Improve performance of token checking, when RPMs or metadata are
     downloaded from minions. (bsc#1061273)
   - Allow selecting unnamed context in kubeconfig. (bsc#1073482)
   - Fix action names and date formatting in system event history.
     (bsc#1073713)
   - Fix incorrect 'os-release' report after SP migration. (bsc#1071553)
   - Fix failed package installation when in RES 32 and 64 bit packages are
     installed together. (bsc#1071314)
   - Add user preferences in order to change items-per-page. (bsc#1055296)
   - Order salt formulas alphabetically. (bsc#1022077)
   - Improved error message. (bsc#1064258)
   - Display messages about wrong input more end-user friendly. (bsc#1015956)
   - Add api calls for content staging.
   - Fix content refresh when product keys change. (bsc#1069943)
   - Allow 'Package List Refresh' when package arch has changed. (bsc#1065259)
   - New API call for scheduling highstate application.
   - Adding initial version of web ui notifications.
   - Show the time on the event history page in the users preferred timezone.

   spacewalk-reports, spacewalk-search:

   - More rhnServerNetwork refactoring (bsc#1063419)

   spacewalk-utils:

   - Remove restrictions imposed on regex used in 'removelist' parameter
     passed to spacewalk-clone-by-date that allowed
     only exact match. (bsc#1075254)

   spacewalk-web:

   - Replace custom states with configuration channels.
   - Add 'yaml' option for Ace editor.
   - Add links to salt formula list and adjust behavior. (bsc#1022078)
   - Allow selecting unnamed context in kubeconfig. (bsc#1073482)
   - Add user preferences in order to change items-per-page. (bsc#1055296)
   - Fix main menu column height.
   - Adding initial version of web ui notifications.

   susemanager:

   - Fix custom SERVER_KEY overriding. (bsc#1075862)
   - Detect subvolumes on /var even with newer btrfs tools. (bsc#1077076)
   - Notify admin that database backups need reconfiguration after db upgrade.
   - Add syslinux-x86_64 dependency for ppc64le. (bsc#1065023)
   - Do not try to force db encoding on db upgrade; use same value as for
     installation. (bsc#1077730)

   susemanager-schema:

   - Make migration idempotent. (bsc#1078749)
   - Fix schema with proper extension. (bsc#1079820)
   - Migrate old custom states to state channels, assign systems to these new
     channels, delete old custom-state-to-system assignments, delete the
     custom states from the db; Before migrating, rename custom states with
     same name as existing configuration channel labels.
   - Update queries for global channels.
   - Check if channel is already subscribed even before checking if parent
     channel is subscribed or not. (bsc#1072797)
   - Support multiple FQDNs per system. (bsc#1063419)
   - Avoid use of the potentially-slow rhnServerNeededPackageCache view.
   - Handle duplicate serverpackage entries while fixing duplicate evr ids.
     (bsc#1075345)
   - Fix duplicate entries in channel listings.
   - Handle nevra not found case while fixing duplicate evr ids. (bsc#1074508)
   - Added a script which will remove existing server locks against minions.
     (bsc#1064258)
   - Add column to store the 'test' option for state apply actions.
   - Adding initial version of web ui notifications.

   susemanager-sls:

   - Compare osmajorrelease in jinja always as integer.
   - Python3 compatibility fixes in modules and states.
   - Fix cleanup state error when deleting ssh-push minion. (bsc#1070161)
   - Fix image inspect when entrypoint is used by overwriting it.
     (bsc#1070782)

   susemanager-sync-data:

   - Use TLS for mirroring OES2018 channels. (bsc#1074430)
   - Add SUSE Manager Server 3.0 and 3.1 channels for mirroring.

   virtual-host-gatherer:

   - Add VM state as info gathered from VMware. (bsc#1063759)
   - Explore the entire tree of nodes from VMware. (bsc#1070597)


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Manager Server 3.1:

      zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-361=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Manager Server 3.1 (x86_64):

      spacewalk-branding-2.7.2.11-2.12.6
      susemanager-3.1.12-2.12.3
      susemanager-tools-3.1.12-2.12.3

   - SUSE Manager Server 3.1 (noarch):

      nutch-1.0-0.9.6.2
      osa-common-5.11.80.5-2.9.2
      osa-dispatcher-5.11.80.5-2.9.2
      pxe-default-image-3.1-0.13.3.3
      pxe-default-image-debugsource-3.1-0.13.3.3
      rhnlib-2.7.2.2-3.3.2
      spacecmd-2.7.8.9-2.12.2
      spacewalk-backend-2.7.73.11-2.12.3
      spacewalk-backend-app-2.7.73.11-2.12.3
      spacewalk-backend-applet-2.7.73.11-2.12.3
      spacewalk-backend-config-files-2.7.73.11-2.12.3
      spacewalk-backend-config-files-common-2.7.73.11-2.12.3
      spacewalk-backend-config-files-tool-2.7.73.11-2.12.3
      spacewalk-backend-iss-2.7.73.11-2.12.3
      spacewalk-backend-iss-export-2.7.73.11-2.12.3
      spacewalk-backend-libs-2.7.73.11-2.12.3
      spacewalk-backend-package-push-server-2.7.73.11-2.12.3
      spacewalk-backend-server-2.7.73.11-2.12.3
      spacewalk-backend-sql-2.7.73.11-2.12.3
      spacewalk-backend-sql-oracle-2.7.73.11-2.12.3
      spacewalk-backend-sql-postgresql-2.7.73.11-2.12.3
      spacewalk-backend-tools-2.7.73.11-2.12.3
      spacewalk-backend-xml-export-libs-2.7.73.11-2.12.3
      spacewalk-backend-xmlrpc-2.7.73.11-2.12.3
      spacewalk-base-2.7.1.14-2.12.3
      spacewalk-base-minimal-2.7.1.14-2.12.3
      spacewalk-base-minimal-config-2.7.1.14-2.12.3
      spacewalk-client-tools-2.7.6.3-3.3.3
      spacewalk-html-2.7.1.14-2.12.3
      spacewalk-java-2.7.46.10-2.14.2
      spacewalk-java-config-2.7.46.10-2.14.2
      spacewalk-java-lib-2.7.46.10-2.14.2
      spacewalk-java-oracle-2.7.46.10-2.14.2
      spacewalk-java-postgresql-2.7.46.10-2.14.2
      spacewalk-reports-2.7.5.4-2.6.3
      spacewalk-search-2.7.3.4-2.9.7
      spacewalk-taskomatic-2.7.46.10-2.14.2
      spacewalk-utils-2.7.10.6-2.6.3
      susemanager-schema-3.1.15-2.16.1
      susemanager-sls-3.1.15-2.16.2
      susemanager-sync-data-3.1.10-2.14.2
      virtual-host-gatherer-1.0.16-2.9.3
      virtual-host-gatherer-Kubernetes-1.0.16-2.9.3
      virtual-host-gatherer-VMware-1.0.16-2.9.3


References:

   https://www.suse.com/security/cve/CVE-2017-5715.html
   https://www.suse.com/security/cve/CVE-2017-5753.html
   https://www.suse.com/security/cve/CVE-2017-5754.html
   https://bugzilla.suse.com/1015956
   https://bugzilla.suse.com/1016377
   https://bugzilla.suse.com/1022077
   https://bugzilla.suse.com/1022078
   https://bugzilla.suse.com/1028285
   https://bugzilla.suse.com/1031081
   https://bugzilla.suse.com/1036302
   https://bugzilla.suse.com/1045289
   https://bugzilla.suse.com/1055296
   https://bugzilla.suse.com/1061273
   https://bugzilla.suse.com/1061574
   https://bugzilla.suse.com/1063419
   https://bugzilla.suse.com/1063759
   https://bugzilla.suse.com/1064258
   https://bugzilla.suse.com/1065023
   https://bugzilla.suse.com/1065259
   https://bugzilla.suse.com/1067608
   https://bugzilla.suse.com/1068032
   https://bugzilla.suse.com/1069943
   https://bugzilla.suse.com/1070161
   https://bugzilla.suse.com/1070372
   https://bugzilla.suse.com/1070597
   https://bugzilla.suse.com/1070782
   https://bugzilla.suse.com/1071314
   https://bugzilla.suse.com/1071468
   https://bugzilla.suse.com/1071526
   https://bugzilla.suse.com/1071553
   https://bugzilla.suse.com/1072153
   https://bugzilla.suse.com/1072157
   https://bugzilla.suse.com/1072160
   https://bugzilla.suse.com/1072797
   https://bugzilla.suse.com/1073474
   https://bugzilla.suse.com/1073482
   https://bugzilla.suse.com/1073619
   https://bugzilla.suse.com/1073713
   https://bugzilla.suse.com/1073739
   https://bugzilla.suse.com/1074300
   https://bugzilla.suse.com/1074430
   https://bugzilla.suse.com/1074508
   https://bugzilla.suse.com/1074854
   https://bugzilla.suse.com/1075044
   https://bugzilla.suse.com/1075254
   https://bugzilla.suse.com/1075345
   https://bugzilla.suse.com/1075408
   https://bugzilla.suse.com/1075862
   https://bugzilla.suse.com/1076034
   https://bugzilla.suse.com/1076201
   https://bugzilla.suse.com/1076578
   https://bugzilla.suse.com/1077076
   https://bugzilla.suse.com/1077730
   https://bugzilla.suse.com/1078749
   https://bugzilla.suse.com/1079820
   https://bugzilla.suse.com/979616
   https://bugzilla.suse.com/979633



More information about the sle-security-updates mailing list