SUSE-SU-2019:1006-1: moderate: Security update for SUSE Manager Server 3.2
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Wed Apr 24 09:44:09 MDT 2019
SUSE Security Update: Security update for SUSE Manager Server 3.2
______________________________________________________________________________
Announcement ID: SUSE-SU-2019:1006-1
Rating: moderate
References: #1070731 #1109316 #1120242 #1121195 #1122230
#1122381 #1122837 #1124290 #1125600 #1125744
#1126075 #1126099 #1126518 #1127542 #1128228
#1128724 #1128781 #1129765 #1129851 #1129956
#1130658 #1131490 #1131677 #1131721 #1132579
Cross-References: CVE-2017-7957
Affected Products:
SUSE Manager Server 3.2
SUSE Manager Proxy 3.2
______________________________________________________________________________
An update that solves one vulnerability and has 24 fixes is
now available.
Description:
This update includes the following new features:
to the repository metadata (fate#325676)
This update fixes the following issues:
apache-commons-lang3:
- Run fdupes on javadoc
- Specify java target and source level 1.6 to make package compatible with
JDK >= 1.8
cobbler:
- Fixes case where distribution detection returns None (bsc#1130658)
- SUSE texmode fix (bsc#1109316)
drools:
- Update Drools to 7.17.0
- Release Notes: https://issues.jboss.org/secure/ReleaseNote.jspa
- Fixes for SLE 15 compatibility
guava:
- Updated from 13.0.1 to 27.0.1
- Changes between 13.0.1 and 23.0:
https://github.com/google/guava/wiki/Release14
https://github.com/google/guava/wiki/Release15
https://github.com/google/guava/wiki/Release16
https://github.com/google/guava/wiki/Release17
https://github.com/google/guava/wiki/Release18
https://github.com/google/guava/wiki/Release19
https://github.com/google/guava/wiki/Release23
- Changes between 23.0 and 27.0.1: see
https://github.com/google/guava/releases
jade4j:
- Conditional java/java-devel requires based on os version
- Update dependency version for commons-lang3 to 3.4
- Fix building javadoc
kie-api:
- Update KIE to 7.17.0
- Release notes: https://issues.jboss.org/secure/ReleaseNote.jspa
optaplanner:
- Update Optaplanner to 7.17.0
py26-compat-salt:
- Fix minion arguments assign via sysctl (bsc#1124290)
smdba:
- Make 'smdba space-overview' postgresql version agnostic (bsc#1129956)
- Fix version mismatch
spacecmd:
- Fix system_delete with SSM (bsc#1125744)
spacewalk-admin:
- Fix encoding bug in salt event processing (bsc#1129851)
spacewalk-backend:
- Fix linking of packages in reposync (bsc#1131677)
- Fix: handle non-standard filenames for comps.xml (bsc#1120242)
- Mgr-sign-metadata can optionally clear-sign metadata files
spacewalk-branding:
- Introduce a description label for the new 'minion-checkin' Taskomatic
job (bsc#1122837)
spacewalk-certs-tools:
- Add support for Ubuntu to bootstrap script
- Clean up downloaded gpg keys after bootstrap (bsc#1126075)
spacewalk-java:
- Fix base channel selection for Ubuntu systems (bsc#1132579)
- Fix retrieval of build time for .deb repositories (bsc#1131721)
- Allow access to susemanager tools channels without res subscription
(bsc#1127542)
- Add support for SLES 15 live patches in CVE audit
- Add a Taskomatic job to perform minion check-in regularly, drop use of
Salt's Mine (bsc#1122837)
- Fix errata_details to return details correctly (bsc#1128228)
- Support ubuntu products and debian architectures in mgr-sync
- Adapt check for available repositories to debian style repositories
- Add support for custom username when bootstrapping with Salt-SSH
- Read and update running kernel release value at each startup of minion
(bsc#1122381)
- Add error message on sync refresh when there are no scc credentials
- Fix apidoc issues
- Fix deleting server when minion_formulas.json is empty (bsc#1122230)
- Minion-action-cleanup Taskomatic task: do not clean actions younger than
one hour
- Schedule full package refresh only once per action chain if needed
(bsc#1126518)
- Check and schedule package refresh in response to events independently
of what originates them (bsc#1126099)
- Add configuration option to limit the number of changelog entries added
to the repository metadata (fate#325676)
- Generate InRelease file for Debian/Ubuntu repos when metadata signing is
enabled
spacewalk-web:
- Show undetected subscription-matching message object as a string anyway
(bsc#1125600)
- Fix action scheduler time picker prefill when the server is on
"UTC/GMT" timezone (bsc#1121195)
- Allow username input on bootstrap page when using Salt-SSH
- Add cache buster for static files (js/css) to fix caching issues after
upgrading.
subscription-matcher:
- Update dependencies (Drools, Optaplanner, Guava, Xstream)
- Make the java and java-devel requirements variable
- Relax the requirement condition on apache-commons-lang3
susemanager:
- Support creating bootstrap repos for Ubuntu 18.04 and 16.04.
- Allow alternative names for bootstrap packages, to allow using old
client tools after package renames
- Feat: create Ubuntu empty repository
- Fix creation of bootstrap repositories for SLE12 (no SP) by requiring
python-setuptools only for SLE12 >= SP1 (bsc#1129765)
- Add bootstrap repo definition for SLE15 SP1
susemanager-docs_en:
- Update text and image files.
- Fix bad link.
- Update Manual Backup and smdba sections.
- Troubleshooting Salt clients.
- Fix package endpoint in salt pillar content.
- Ubuntu Clients supported.
- Change License to GFL 1.2, as it is the real license for the doc since
3.2.0
susemanager-schema:
- Add a Taskomatic job to perform minion check-in regularly, drop use of
Salt's Mine (bsc#1122837)
- Fix performance regression in inter-server-sync (bsc#1128781)
- Set minion-action-cleanup run frequency from hourly to daily at midnight
susemanager-sls:
- Update get_kernel_live_version module to support older Salt versions
(bsc#1131490)
- Update get_kernel_live_version module to support SLES 15 live patches
- Do not configure Salt Mine in newly registered minions (bsc#1122837)
- Fix Salt error related to remove_traditional_stack when bootstrapping an
Ubuntu minion (bsc#1128724)
- Automatically trust SUSE GPG key for client tools channels on Ubuntu
systems
- Util.systeminfo sls has been added to perform different actions at
minion startup(bsc#1122381)
susemanager-sync-data:
- Allow access to susemanager tools channels without res subscription
(bsc#1127542)
- Add Ubuntu product definitions
- Adapt to SCC changes
- Add CaaSP 4 Toolchain
xstream:
- Update xstream to 1.4.10
- Major changes:
- CVE-2017-7957: XStream could cause a Denial of Service when
unmarshalling void. (bsc#1070731)
- New XStream artifact with -java7 appended as version suffix for a
library explicitly without the Java 8 stuff (lambda expression support,
converters for java.time.* package).
- Improve performance by minimizing call stack of mapper chain.
- XSTR-774: Add converters for types of java.time, java.time.chrono, and
java.time.temporal packages (converters for LocalDate, LocalDateTime,
LocalTime, OffsetDateTime, and ZonedDateTime by Matej Cimbora).
- JavaBeanConverter does not respect ignored unknown elements.
- Add XStream.setupDefaultSecurity to initialize security framework with
defaults of XStream 1.5.x.
- Emit error warning if security framework has not been initialized and
the XStream instance is vulnerable to known exploits.
- Feat: modify patch to be compatible with JDK 11 building
- Fixes for SLE 15 compatibility
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Server 3.2:
zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-1006=1
- SUSE Manager Proxy 3.2:
zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-1006=1
Package List:
- SUSE Manager Server 3.2 (ppc64le s390x x86_64):
reprepro-5.3.0-2.3.3
smdba-1.6.4-0.3.9.3
spacewalk-branding-2.8.5.15-3.19.3
susemanager-3.2.17-3.22.4
susemanager-tools-3.2.17-3.22.4
- SUSE Manager Server 3.2 (noarch):
apache-commons-lang3-3.4-3.3.3
cobbler-2.6.6-6.16.3
drools-7.17.0-3.3.3
guava-27.0.1-3.3.3
jade4j-1.0.7-3.3.3
kie-api-7.17.0-3.3.3
kie-soup-7.17.0.Final-2.3.3
optaplanner-7.17.0-3.3.3
py26-compat-salt-2016.11.10-6.21.3
python2-spacewalk-certs-tools-2.8.8.7-3.6.3
spacecmd-2.8.25.10-3.20.3
spacewalk-admin-2.8.4.4-3.6.3
spacewalk-backend-2.8.57.14-3.25.3
spacewalk-backend-app-2.8.57.14-3.25.3
spacewalk-backend-applet-2.8.57.14-3.25.3
spacewalk-backend-config-files-2.8.57.14-3.25.3
spacewalk-backend-config-files-common-2.8.57.14-3.25.3
spacewalk-backend-config-files-tool-2.8.57.14-3.25.3
spacewalk-backend-iss-2.8.57.14-3.25.3
spacewalk-backend-iss-export-2.8.57.14-3.25.3
spacewalk-backend-libs-2.8.57.14-3.25.3
spacewalk-backend-package-push-server-2.8.57.14-3.25.3
spacewalk-backend-server-2.8.57.14-3.25.3
spacewalk-backend-sql-2.8.57.14-3.25.3
spacewalk-backend-sql-oracle-2.8.57.14-3.25.3
spacewalk-backend-sql-postgresql-2.8.57.14-3.25.3
spacewalk-backend-tools-2.8.57.14-3.25.3
spacewalk-backend-xml-export-libs-2.8.57.14-3.25.3
spacewalk-backend-xmlrpc-2.8.57.14-3.25.3
spacewalk-base-2.8.7.15-3.24.3
spacewalk-base-minimal-2.8.7.15-3.24.3
spacewalk-base-minimal-config-2.8.7.15-3.24.3
spacewalk-certs-tools-2.8.8.7-3.6.3
spacewalk-html-2.8.7.15-3.24.3
spacewalk-java-2.8.78.21-3.29.1
spacewalk-java-config-2.8.78.21-3.29.1
spacewalk-java-lib-2.8.78.21-3.29.1
spacewalk-java-oracle-2.8.78.21-3.29.1
spacewalk-java-postgresql-2.8.78.21-3.29.1
spacewalk-taskomatic-2.8.78.21-3.29.1
subscription-matcher-0.23-4.12.3
susemanager-schema-3.2.18-3.22.3
susemanager-sls-3.2.23-3.26.3
susemanager-sync-data-3.2.14-3.20.3
susemanager-web-libs-2.8.7.15-3.24.3
xstream-1.4.10-4.3.3
- SUSE Manager Proxy 3.2 (noarch):
python2-spacewalk-certs-tools-2.8.8.7-3.6.3
spacewalk-backend-2.8.57.14-3.25.3
spacewalk-backend-libs-2.8.57.14-3.25.3
spacewalk-base-minimal-2.8.7.15-3.24.3
spacewalk-base-minimal-config-2.8.7.15-3.24.3
spacewalk-certs-tools-2.8.8.7-3.6.3
susemanager-web-libs-2.8.7.15-3.24.3
References:
https://www.suse.com/security/cve/CVE-2017-7957.html
https://bugzilla.suse.com/1070731
https://bugzilla.suse.com/1109316
https://bugzilla.suse.com/1120242
https://bugzilla.suse.com/1121195
https://bugzilla.suse.com/1122230
https://bugzilla.suse.com/1122381
https://bugzilla.suse.com/1122837
https://bugzilla.suse.com/1124290
https://bugzilla.suse.com/1125600
https://bugzilla.suse.com/1125744
https://bugzilla.suse.com/1126075
https://bugzilla.suse.com/1126099
https://bugzilla.suse.com/1126518
https://bugzilla.suse.com/1127542
https://bugzilla.suse.com/1128228
https://bugzilla.suse.com/1128724
https://bugzilla.suse.com/1128781
https://bugzilla.suse.com/1129765
https://bugzilla.suse.com/1129851
https://bugzilla.suse.com/1129956
https://bugzilla.suse.com/1130658
https://bugzilla.suse.com/1131490
https://bugzilla.suse.com/1131677
https://bugzilla.suse.com/1131721
https://bugzilla.suse.com/1132579
More information about the sle-security-updates
mailing list