SUSE-SU-2018:1751-1: moderate: Security update for SUSE Manager Server 3.1

Tue Jun 19 13:21:38 MDT 2018

   SUSE Security Update: Security update for SUSE Manager Server 3.1
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:1751-1
Rating:             moderate
References:         #1073267 #1074594 #1075466 #1080474 #1081714 
                    #1082796 #1083278 #1083513 #1084679 #1085044 
                    #1085471 #1085650 #1085838 #1087055 #1087071 
                    #1087840 #1088667 #1088861 #1089103 #1089396 
                    #1089401 #1089468 #1090040 #1090059 #1090205 
                    #1090221 #1090395 #1090400 #1090401 #1090585 
                    #1091052 #1091091 #1091667 #1091840 #1091855 
                    #1092161 #1092194 #1092275 #1092383 #1092492 
                    #1095231 #1095569 #1096714 
Cross-References:   CVE-2014-5326 CVE-2017-1000469
Affected Products:
                    SUSE Manager Server 3.1
______________________________________________________________________________

   An update that solves two vulnerabilities and has 41 fixes
   is now available.

Description:

   This update provides the following fixes and improvements for SUSE Manager
   Server 3.1:

   The following new package has been added:

   py26-compat-salt:

   This package provides compatibility with Python 2.6 for salt.

   This update includes the following new features:

     (fate#325476)

   Additonally, the following issues have been fixed:

   cobbler:

   - Detect if there is already another instance of "cobbler sync" running
     and exit with failure if so. (bsc#1081714)
   - CVE-2017-1000469: Escape shell parameters provided by the user for the
     reposync action. (bsc#1074594)
   - Add sles15 distro profile. (bsc#1090205)

   google-gson:

   - Update to version 2.8.2. (bsc#1091091)

   patterns-suse-manager:

   - Require py26-compat-salt and python3-salt to be able to connect with
     salt-ssh to a system which has python2.6 or python3 installed.
     (fate#325476)

   salt-netapi-client:

   - See https://github.com/SUSE/salt-netapi-client/releases/tag/v0.14.0

   spacewalk-backend:

   - Do not fail boostrap if no ip6addr interface. (bsc#1090395)
   - Allow again to use a higher version of spacewalk-backend-libs with
     spacewalk-backend. (bsc#1092383)
   - SLE15 support: recommended/required flag for products and channels.

   spacewalk-branding:

   - Fix URL for new products page. (bsc#1092492)
   - SLE15 support: recommended/required flag for products and channels.
   - Show channel label when listing config channels. (bsc#1083278)

   spacewalk-certs-tools:

   - Fix bootstrap script for python3. (bsc#1091840)
   - Support SLE15 product family.

   spacewalk-java:

   - Do not create new product if product_id exists, update it instead
     (bsc#1096714)
   - Fix deletion of Taskomatic schedules via the GUI (bsc#1095569)
   - Fix unknown installed products when using salt-ssh. (bsc#1088861)
   - Prevent NPE when no image build history details are available.
     (bsc#1092161)
   - Uniform the notification message when scheduling HW refresh.
     (bsc#1082796)
   - Add SLES12 SP2 LTSS family. (bsc#1092194)
   - Fix token cleanup task crashing. (bsc#1090585)
   - HW refresh fails on SLE15 Salt client. (bsc#1090221)
   - Only show the most relevant (least effort) solutions. (bsc#1087071)
   - Add support for autoinstallation of SLE15. (bsc#1090205)
   - Update sles_register cobbler snippets to work with SLE15. (bsc#1090205)
   - Support SLE15 product family.
   - Show channel label when listing config channels. (bsc#1083278)
   - Fix equals to display channels with same name but different label.
     (bsc#1083278)
   - Avoid init.sls files with no revision on Config State Channels.
     (bsc#1091855)
   - Fix taskomatic deadlock in failure case. (bsc#1085471)
   - Render configuration files with UTF-8. (bsc#1088667)
   - Update google-gson to version 2.8.2. (bsc#1091091)
   - Fix updating Subscription cache. (bsc#1075466)
   - Fix NPE in websocket session configurator. (bsc#1080474)
   - Wait until minion is back to set RebootAction as COMPLETED. (bsc#1089401)
   - Add support for Prometheus monitoring.
   - Fix constraint violation errors when onboarding. (bsc#1089468)
   - Fix Advanced search for systems with installed packages. (bsc#1085838)

   spacewalk-utils:

   - Clone-by-date removes packages only if the list is not empty.
     (bsc#1089396)

   spacewalk-web:

   - Fix misleading message when syncing channels. (bsc#1089103)
   - Automatically select mandatory channels when selecting a base channel.
     (bsc#1083513)
   - Fix ace.js editor config to use soft tabs. (bsc#1090040)
   - Display always config channel name and label. (bsc#1083278)

   susemanager:

   - Add missing python3 packages to bootstrap JeOS image. (bsc#1085044)
   - Support SLE15 product family.
   - Fix crash on not properly configured environment. (bsc#1092275)
   - Provide full traditional stack in RES bootstrap repo. (bsc#1091667)
   - Fix bootstrap script for python3. (bsc#1091840)
   - Fix unknown installed products when using salt-ssh. (bsc#1088861)
   - Add python2-salt to RES7 and SLES12 bootstrap repository.
   - Fix bootstrapping RHEL 7 salt client (missing python-ipaddress).
     (bsc#1087055)

   susemanager-frontend-libs:

   - Enforce susemanager-nodejs-sdk-devel dependency version. (bsc#1095231)

   susemanager-docs_en:

   - Documentation: mgr-create-bootstrap-repo documented flag is not correct.
     (bsc#1090400)
   - Remove LTSS from SUSE Linux Enterprise 11 SP4 in gs. (bsc#1090401)
   - Configuration Macros do not work. (bsc#1084679)
   - Updated spacecmd with new functions.
   - Update bootstrap warning for sles 15 clients and python 3 - in reference
     and gs.

   susemanager-schema:

   - Add SLE15 distribution. (bsc#1090205)
   - SLE15 support: recommended/required flag for products and channels.
   - Support SLE15 product family.
   - Fix a race condition on lookup_evr. (bsc#1090059)

   susemanager-sls:

   - Install python2/3 salt flavours on buildhosts to generate a compatible
     thin for the dockerimage beeing build. (bsc#1092161)
   - Docker.login requires a list as input. (bsc#1092161)
   - Fix profileupdate sls to execute retrieval of kernel live patching info.
     (bsc#1091052)
   - Support SLE15 product family.
   - Fix hardware refresh when FQDN changes. (bsc#1073267)
   - Create bootstrap repo only if it exist in the server. (bsc#1087840)
   - Fix master tops merging when running salt>=2018.
   - Use dockermod with new salt and user repository/tag option for build.

   susemanager-sync-data:

   - Set SLE15 channel update tags to final version.
   - Add SLES12 SP2 LTSS family. (bsc#1092194)
   - Add SLES12-SP2-LTSS product classes. (bsc#1092194)
   - Add debuginfo channels for SLE15 products.
   - Add PackageHub 15 Products.
   - Add product sle-module-live-patching 15.
   - Add new HPC 15 Product.
   - Add missing channel to sle-module-basesystem 15.
   - Support SLE15 product family.

   susemanager-tftpsync:

   - Detect if there is already another instance of "cobbler sync" running
     and exit with failure if so. (bsc#1081714)

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Manager Server 3.1:

      zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-1174=1

Package List:

   - SUSE Manager Server 3.1 (ppc64le s390x x86_64):

      patterns-suma_server-3.1-3.3.2
      spacewalk-branding-2.7.2.13-2.19.5
      susemanager-3.1.14-2.19.5
      susemanager-tftpsync-3.1.3-3.6.2
      susemanager-tools-3.1.14-2.19.5

   - SUSE Manager Server 3.1 (noarch):

      cobbler-2.6.6-5.10.4
      google-gson-2.8.2-3.3.6
      prometheus-client-java-0.3.0-1.3.5
      py26-compat-salt-2016.11.4-1.7.2
      salt-netapi-client-0.14.0-3.9.5
      spacewalk-backend-2.7.73.13-2.19.5
      spacewalk-backend-app-2.7.73.13-2.19.5
      spacewalk-backend-applet-2.7.73.13-2.19.5
      spacewalk-backend-config-files-2.7.73.13-2.19.5
      spacewalk-backend-config-files-common-2.7.73.13-2.19.5
      spacewalk-backend-config-files-tool-2.7.73.13-2.19.5
      spacewalk-backend-iss-2.7.73.13-2.19.5
      spacewalk-backend-iss-export-2.7.73.13-2.19.5
      spacewalk-backend-libs-2.7.73.13-2.19.5
      spacewalk-backend-package-push-server-2.7.73.13-2.19.5
      spacewalk-backend-server-2.7.73.13-2.19.5
      spacewalk-backend-sql-2.7.73.13-2.19.5
      spacewalk-backend-sql-oracle-2.7.73.13-2.19.5
      spacewalk-backend-sql-postgresql-2.7.73.13-2.19.5
      spacewalk-backend-tools-2.7.73.13-2.19.5
      spacewalk-backend-xml-export-libs-2.7.73.13-2.19.5
      spacewalk-backend-xmlrpc-2.7.73.13-2.19.5
      spacewalk-base-2.7.1.16-2.19.5
      spacewalk-base-minimal-2.7.1.16-2.19.5
      spacewalk-base-minimal-config-2.7.1.16-2.19.5
      spacewalk-certs-tools-2.7.0.10-2.12.4
      spacewalk-html-2.7.1.16-2.19.5
      spacewalk-java-2.7.46.14-2.25.1
      spacewalk-java-config-2.7.46.14-2.25.1
      spacewalk-java-lib-2.7.46.14-2.25.1
      spacewalk-java-oracle-2.7.46.14-2.25.1
      spacewalk-java-postgresql-2.7.46.14-2.25.1
      spacewalk-taskomatic-2.7.46.14-2.25.1
      spacewalk-utils-2.7.10.7-2.10.4
      susemanager-advanced-topics_en-pdf-3.1-10.20.7
      susemanager-best-practices_en-pdf-3.1-10.20.7
      susemanager-docs_en-3.1-10.20.7
      susemanager-frontend-libs-3.1.1-3.3.2
      susemanager-getting-started_en-pdf-3.1-10.20.7
      susemanager-jsp_en-3.1-10.20.7
      susemanager-reference_en-pdf-3.1-10.20.7
      susemanager-schema-3.1.17-2.23.3
      susemanager-sls-3.1.17-2.23.2
      susemanager-sync-data-3.1.14-2.23.2

References:

   https://www.suse.com/security/cve/CVE-2014-5326.html
   https://www.suse.com/security/cve/CVE-2017-1000469.html
   https://bugzilla.suse.com/1073267
   https://bugzilla.suse.com/1074594
   https://bugzilla.suse.com/1075466
   https://bugzilla.suse.com/1080474
   https://bugzilla.suse.com/1081714
   https://bugzilla.suse.com/1082796
   https://bugzilla.suse.com/1083278
   https://bugzilla.suse.com/1083513
   https://bugzilla.suse.com/1084679
   https://bugzilla.suse.com/1085044
   https://bugzilla.suse.com/1085471
   https://bugzilla.suse.com/1085650
   https://bugzilla.suse.com/1085838
   https://bugzilla.suse.com/1087055
   https://bugzilla.suse.com/1087071
   https://bugzilla.suse.com/1087840
   https://bugzilla.suse.com/1088667
   https://bugzilla.suse.com/1088861
   https://bugzilla.suse.com/1089103
   https://bugzilla.suse.com/1089396
   https://bugzilla.suse.com/1089401
   https://bugzilla.suse.com/1089468
   https://bugzilla.suse.com/1090040
   https://bugzilla.suse.com/1090059
   https://bugzilla.suse.com/1090205
   https://bugzilla.suse.com/1090221
   https://bugzilla.suse.com/1090395
   https://bugzilla.suse.com/1090400
   https://bugzilla.suse.com/1090401
   https://bugzilla.suse.com/1090585
   https://bugzilla.suse.com/1091052
   https://bugzilla.suse.com/1091091
   https://bugzilla.suse.com/1091667
   https://bugzilla.suse.com/1091840
   https://bugzilla.suse.com/1091855
   https://bugzilla.suse.com/1092161
   https://bugzilla.suse.com/1092194
   https://bugzilla.suse.com/1092275
   https://bugzilla.suse.com/1092383
   https://bugzilla.suse.com/1092492
   https://bugzilla.suse.com/1095231
   https://bugzilla.suse.com/1095569
   https://bugzilla.suse.com/1096714