SUSE-SU-2018:3811-1: moderate: Security update for SUSE Manager Server 3.1
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Mon Nov 19 13:08:31 MST 2018
SUSE Security Update: Security update for SUSE Manager Server 3.1
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:3811-1
Rating: moderate
References: #1034030 #1037389 #1042184 #1080474 #1090676
#1094524 #1094992 #1095220 #1095942 #1095972
#1096511 #1098970 #1099857 #1100852 #1101033
#1104120 #1104487 #1105045 #1105074 #1105720
#1105724 #1105886 #1106164 #1106875 #1107117
#1107302 #1107850 #1107869 #1109235 #1111249
#1111542 #1112163 #1113557 #1113698 #1113699
Cross-References: CVE-2017-14695 CVE-2017-14696
Affected Products:
SUSE Manager Server 3.1
______________________________________________________________________________
An update that solves two vulnerabilities and has 33 fixes
is now available.
Description:
This update includes the following new features:
- Add support for postgresql 10 (fate#325659)
This update fixes the following issues:
py26-compat-salt:
- Update Salt version to 2016.11.10
- CVE-2018-15750: Fixed directory traversal vulnerability in salt-api
(bsc#1113698).
- CVE-2018-15751: Fixed remote authentication bypass in salt-api(netapi)
that allows to execute arbitrary commands (bsc#1113699).
- Fix wrong recurse behavior on for linux_acl.present (bsc#1106164)
- Adding backport for string arg normalization and fix for SUSE ES os
- Prepend current directory when path is just filename (bsc#1095942)
smdba:
- Add support for postgresql 10 (fate#325659)
spacecmd:
- Show group id on group_details (bsc#1111542)
- State channels handling: Existing commands configchannel_create and
configchannel_import were updated while
system_scheduleapplyconfigchannels and configchannel_updateinitsls were
added.
spacewalk:
- Add support for postgresql10 (fate#325659)
spacewalk-backend:
- Channels to be actually un-subscribed from the assigned systems when
being removed using spacewalk-remove-channel tool(bsc#1104120)
spacewalk-branding:
- New messages are added for XMLRPC API for state channels
spacewalk-doc-indexes:
- Use nutch-core dependency instead of nutch
spacewalk-java:
- Change Requires to allow installing with both Tomcat 8 (SLE-12SP3) and 9
(SLE12-SP4)
- Fix typo in messages (bsc#1111249)
- Remove restrictions on SUSE Manager Channel subscriptions (bsc#1105724)
- Added shortcut for editing Software Channel
- Fix NullPointerException when refreshing deleted software channel
(bsc#1094992)
- Add last_boot to listSystems() API call
- Check valid postgresql database version
- Fix displayed number of systems requiring reboot in Tasks pane
(bsc#1106875)
- Changed localization strings for file summaries (bsc#1090676)
- Added menu item entries for creating/deleting file preservation lists
(bsc#1034030)
- Better error handling when a websocket connection is aborted
(bsc#1080474)
- Remove the reference of channel from revision before deleting
it(bsc#1107850)
- Added link from virtualization tab to Scheduled > Pending Actions
(bsc#1037389)
- Speedup package listings(bsc#1100852)
- Method to Unsubscribe channel from system(bsc#1104120)
- Fix mgr-sync refresh when subscription was removed (bsc#1105720)
- Fix an error in the system software channels UI due to SUSE product
channels missing a corresponding synced channel (bsc#1105886)
- XMLRPC API for state channels
- Optimize execution of actions in minions (bsc#1099857)
- Reschedule taskomatic jobs if task threads limit reached (bsc#1096511)
- Logic constraint: results must be ordered and grouped by systemId first
(bsc#1101033)
- Do not wrap output if stderr is not present (bsc#1105074)
spacewalk-search:
- Discard commons-logging.properties removal on spec file, as OBS package
does not contain it
- Upgrade tika-core to 0.19.1 and adjust nutch-core (bsc#1109235)
- Remove lib jar files and add them as build dependencies on spec
- Limit number of old java logfiles (bsc#1107869)
spacewalk-utils:
- Fix typo at --phases option help
spacewalk-web:
- Fix typo in messages (bsc#1111249)
- Fix Sles name in base channel filter (Visualization tab) (bsc#1042184)
subscription-matcher:
- Set core dumps location for IBM java (bsc#1107302)
- Fix OutOfMemoryError crashes (bsc#1094524)
- Updated to version 0.20
- Update partnumbers rule file (bsc#1095972)
- Use intermediate object to store confirmed matches within a penalty
group and prevent infinite reactivation of Inherited virtualization rule
(bsc#1094524)
susemanager:
- Add new option --with-parent-channel to mgr-create-bootrap-repo to
specify parent channel to use if multiple options are available
(bsc#1104487)
- Add support for postgresql10 (fate#325659)
- Bootstrap repos for SLE12 SP4 (bsc#1107117)
susemanager-branding-oss:
- Use ASCII quotation marks in license file (bsc#1098970)
susemanager-schema:
- Check valid postgresql database version
susemanager-sls:
- Deploy SSL certificate during onboarding of openSUSE Leap 15.0
(bsc#1112163)
- Removed the ssl certificate verification while checking bootstrap repo
URL (bsc#1095220)
- Removed the need for curl to be present at bootstrap phase (bsc#1095220)
susemanager-sync-data:
- SUSE OpenStack Cloud 9 enablement (bsc#1113557)
- Add SUSE Manager 3.1 on SLES12 SP4
- Support SLE12 SP4 product family (bsc#1107117)
- Add CaaSP 3.0 channels (bsc#1105045)
Additionally some Java components have been split out of existing packages
for better maintenance:
- apache-mybatis
- hadoop
- icu4j
- lucene
- nekohtml
- nutch-core
- picocontainer
- tagsoup
- tika-core
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Server 3.1:
zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-2708=1
Package List:
- SUSE Manager Server 3.1 (ppc64le s390x x86_64):
smdba-1.6.2-0.2.9.1
spacewalk-branding-2.7.2.15-2.25.1
susemanager-3.1.16-2.26.1
susemanager-tools-3.1.16-2.26.1
- SUSE Manager Server 3.1 (noarch):
apache-mybatis-3.2.3-1.3.1
hadoop-0.18.1-1.3.1
icu4j-55.1-1.3.1
lucene-2.4.1-1.3.1
nekohtml-1.9.21-1.3.1
nutch-core-1.0.1-1.3.1
picocontainer-1.3.7-1.3.1
py26-compat-salt-2016.11.10-1.16.1
spacecmd-2.7.8.13-2.26.1
spacewalk-backend-2.7.73.15-2.26.1
spacewalk-backend-app-2.7.73.15-2.26.1
spacewalk-backend-applet-2.7.73.15-2.26.1
spacewalk-backend-config-files-2.7.73.15-2.26.1
spacewalk-backend-config-files-common-2.7.73.15-2.26.1
spacewalk-backend-config-files-tool-2.7.73.15-2.26.1
spacewalk-backend-iss-2.7.73.15-2.26.1
spacewalk-backend-iss-export-2.7.73.15-2.26.1
spacewalk-backend-libs-2.7.73.15-2.26.1
spacewalk-backend-package-push-server-2.7.73.15-2.26.1
spacewalk-backend-server-2.7.73.15-2.26.1
spacewalk-backend-sql-2.7.73.15-2.26.1
spacewalk-backend-sql-oracle-2.7.73.15-2.26.1
spacewalk-backend-sql-postgresql-2.7.73.15-2.26.1
spacewalk-backend-tools-2.7.73.15-2.26.1
spacewalk-backend-xml-export-libs-2.7.73.15-2.26.1
spacewalk-backend-xmlrpc-2.7.73.15-2.26.1
spacewalk-base-2.7.1.19-2.29.1
spacewalk-base-minimal-2.7.1.19-2.29.1
spacewalk-base-minimal-config-2.7.1.19-2.29.1
spacewalk-common-2.7.0.6-2.6.1
spacewalk-doc-indexes-2.7.0.4-2.6.1
spacewalk-html-2.7.1.19-2.29.1
spacewalk-java-2.7.46.17-2.35.1
spacewalk-java-config-2.7.46.17-2.35.1
spacewalk-java-lib-2.7.46.17-2.35.1
spacewalk-java-oracle-2.7.46.17-2.35.1
spacewalk-java-postgresql-2.7.46.17-2.35.1
spacewalk-oracle-2.7.0.6-2.6.1
spacewalk-postgresql-2.7.0.6-2.6.1
spacewalk-search-2.7.3.6-2.16.1
spacewalk-taskomatic-2.7.46.17-2.35.1
spacewalk-utils-2.7.10.9-2.17.1
subscription-matcher-0.21-4.6.1
susemanager-branding-oss-3.1.2-3.3.1
susemanager-schema-3.1.20-2.33.1
susemanager-sls-3.1.19-2.30.1
susemanager-sync-data-3.1.16-2.29.1
tagsoup-1.2.1-1.3.1
tika-core-1.19.1-1.3.1
References:
https://www.suse.com/security/cve/CVE-2017-14695.html
https://www.suse.com/security/cve/CVE-2017-14696.html
https://bugzilla.suse.com/1034030
https://bugzilla.suse.com/1037389
https://bugzilla.suse.com/1042184
https://bugzilla.suse.com/1080474
https://bugzilla.suse.com/1090676
https://bugzilla.suse.com/1094524
https://bugzilla.suse.com/1094992
https://bugzilla.suse.com/1095220
https://bugzilla.suse.com/1095942
https://bugzilla.suse.com/1095972
https://bugzilla.suse.com/1096511
https://bugzilla.suse.com/1098970
https://bugzilla.suse.com/1099857
https://bugzilla.suse.com/1100852
https://bugzilla.suse.com/1101033
https://bugzilla.suse.com/1104120
https://bugzilla.suse.com/1104487
https://bugzilla.suse.com/1105045
https://bugzilla.suse.com/1105074
https://bugzilla.suse.com/1105720
https://bugzilla.suse.com/1105724
https://bugzilla.suse.com/1105886
https://bugzilla.suse.com/1106164
https://bugzilla.suse.com/1106875
https://bugzilla.suse.com/1107117
https://bugzilla.suse.com/1107302
https://bugzilla.suse.com/1107850
https://bugzilla.suse.com/1107869
https://bugzilla.suse.com/1109235
https://bugzilla.suse.com/1111249
https://bugzilla.suse.com/1111542
https://bugzilla.suse.com/1112163
https://bugzilla.suse.com/1113557
https://bugzilla.suse.com/1113698
https://bugzilla.suse.com/1113699
More information about the sle-security-updates
mailing list