SUSE-SU-2019:2930-1: moderate: Security update for SUSE Manager Server 4.0
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Thu Nov 7 23:16:40 MST 2019
SUSE Security Update: Security update for SUSE Manager Server 4.0
______________________________________________________________________________
Announcement ID: SUSE-SU-2019:2930-1
Rating: moderate
References: #1133429 #1135442 #1136959 #1138358 #1138454
#1142309 #1142764 #1142774 #1143016 #1143562
#1143789 #1144300 #1144500 #1144510 #1144515
#1144889 #1145086 #1145119 #1145551 #1145587
#1145626 #1145744 #1145750 #1145753 #1145758
#1145769 #1145873 #1146416 #1146419 #1146683
#1146869 #1148169 #1149075 #1149210 #1149353
#1149409 #1149425 #1149633 #1150113 #1150154
#1150180 #1150314 #1150729 #1151097 #1151280
#1151399 #1151467 #1151481 #1151666 #1151875
#1152170 #1152290 #1152514 #1152735 #1153277
#1153578 #1154275 #1155656 #1155794
Cross-References: CVE-2019-10088 CVE-2019-10093 CVE-2019-10094
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Server 4.0
______________________________________________________________________________
An update that solves three vulnerabilities and has 56
fixes is now available.
Description:
This update fixes the following issues:
cobbler:
- Fix for install loop caused autoinstallation profiles (bsc#1151875)
- Update module config description to match new parameters
- Add config migration script and runs it in post-install script
- Fix for config backups in post install script (bsc#1149075)
- Move apache config file cobbler.conf to conf.d directory and remove the
VirtualHost container as it overwrite rules already set in conf.d
- Realignment with Cobbler 3.0.0 release candidate.
- Fix for typo in settings for scm_track module.
- Optimization for settings loading in scm_track module.
cpu-mitigations-formula:
- Fix grub entry changed for sle12* so it matches sle15* (bsc#1145873)
mgr-osad:
- Obsolete all old python2-osa* packages to avoid conflicts (bsc#1152290)
patterns-suse-manager:
- Add recommends for cpu-mitigations-formula
pgjdbc-ng:
- Allow dots in database name (bsc#1146416)
prometheus-exporters-formula:
- Allow to configure arbitrary arguments when running exporters
- Add support for Debian/Ubuntu and Red Hat systems (RHEL/CentOS)
- Install the LICENSE together with the package
py26-compat-salt:
- Get tornado dependency from the system on SLE12 (bsc#1149409)
python-susemanager-retail:
- Update to version 0.1.1568808472.be9f236
- Parse parition type 82 as swap in SLEPOS migration (bsc#1136959)
- Allow kernel command line for branches to be set as an option to
retail_branch_init CLI
- Automatically calculate dhcp dynamic range from branch ip if not set
python-urlgrabber:
- Allow non-integer values for URLGRABBER_DEBUG env variable (bsc#1152514)
- Fixes usage of log level lookup for Python3 (bsc#1146683)
spacecmd:
- Java api expects content as encoded string instead of encode bytes like
before (bsc#1153277)
- Fix building and installing on CentOS8/RES8/RHEL8
- Check that a channel doesn't have clones before deleting it (bsc#1138454)
spacewalk-admin:
- Avoid a "Permission denied" salt error when publisher_acl is set
(bsc#1150154)
spacewalk-backend:
- Fix re-registration with re-activation key (bsc#1154275)
- Change the default value of taskomatic maxmemory to 4GB
- Add basic support for importing modular repositories
- Import additional fields for Deb packages
- Add script to update additional fields in the DB for existing Deb
packages
- Use active values for diskchecker mails
- Parse restart_suggested flag from patches and set it as keywords
(bsc#1151467)
- Improve error message when deleting channel that's in a content
lifecycle project (bsc#1145769)
- Prevent "reposync" crash when handling metadata on RPM repos
(bsc#1138358)
- Do not show expected WARNING messages from "c_rehash"
- Fix misspelling in spacewalk-repo-sync (bsc#1149633)
- Remove credentials also from potential rhn.conf backup files in
spacewalk-debug (bsc#1146419)
- Do not crash 'rhn-satellite-exporter' with ModuleNotFound error
(bsc#1146869)
- Spacewalk-remove-channel check that channel doesn't have cloned channels
before deleting it (bsc#1138454)
- Fix broken spacewalk-data-fsck utility
- Add '--latest' support for reposync on DEB based repositories
- Do not try to download RPMs from the unresolved mirrorlist URL
- Fix encoding issues with DB bytes values (bsc#1144300)
- Fix import of rhnAuthPAM to avoid issues when using rhnpush.
- Avoid traceback on mgr-inter-sync when there are problems with cache of
packages (bsc#1143016)
spacewalk-branding:
- Improve menu scrollbar style for firefox
- Add UI message when salt-formulas system folders are unreachable
(bsc#1142309)
spacewalk-certs-tools:
- Require mgr-daemon (new name of spacewalksd) so we systems with
spacewalksd get always the new package installed (bsc#1149353)
spacewalk-client-tools:
- Require mgr-daemon (new name of spacewalksd) so we systems with
spacewalksd get always the new package installed (bsc#1149353)
- Enable spacewalk-update-service on package installation (bsc#1143789)
- Invalidate cache 5 minutes before actual expiration(bsc#1143562)
spacewalk-config:
- Change the default value of taskomatic maxmemory to 4GB
- Resolve modules.yaml file for modular repositories
spacewalk-java:
- Change the default value of taskomatic maxmemory to 4GB
- Silence cache strategy Hibernate warning
- Return result in compatible type to what defined in database procedure
(bsc#1150729)
- Allow channels names to start with numbers
- Fix: handle special deb package names (bsc#1150113)
- Remove extra spaces in dependencies fields in Debian repo Packages file
(bsc#1145551)
- Allow monitoring for managed systems running Ubuntu 18.04 and RedHat 6/7
- Improve performance for 'Manage Software Channels' view (bsc#1151399)
- Import additional fields for Deb packages
- Use value from systemd unit file if not set in /etc/rhn/rhn.conf
- Implement "keyword" filter for Content Lifecycle Management
- Add support for Azure, Amazon EC2, and Google Compute Engine as Virtual
Host Manager.
- Allow ssl connections from Tomcat to Postgres (bsc#1149210)
- Use default in case taskomatic.java.maxmemory is unset
- Fix parsing of /etc/rhn/rhn.conf for taskomatic.java.maxmemory
(bsc#1151097)
- Change form order and change project creation message (bsc#1145744)
- Use 'SCC organization credentials' instead of 'SCC credentials' in error
message (bsc#1149425)
- Implement "regular expression" Filter for Content Lifecycle Management
matching package names, patch name, patch synopsis and package names in
patches
- Implement provisioning for salt clients
- Explicitly mention in API docs that to preserve LF/CR, user needs to
encode the data(bsc#1135442)
- New Single Page Application engine for the UI. It can be enabled with
the config 'web.spa.enable' set to true
- Check that a channel doesn't have clones before deleting it (bsc#1138454)
- Fix documentation of contentmanagement handler (bsc#1145753)
- Add new API endpoint to list available Filter Criteria
- Improve API documentation of Filter Criteria
- Implement "patch contains package" Filter for Content Lifecycle
Management
- Implement Filter Patch "by type" Content Lifecycle Management
- Improve websocket authentication to prevent errors in logs (bsc#1138454)
- Implement filtering errata by synopsis in Content Lifecycle Management
- Normalize date formats for actions, notifications and clm (bsc#1142774)
- Implement ALLOW filters in Content Lifecycle Management
- Implement "by date" Filter for Content Lifecycle Management
- UI render without error if salt-formulas system folders are unreachable
(bsc#1142309)
- Cloning Errata from a specific channel should not take packages from
other channels (bsc#1142764)
- Add susemanager as prerequired for spacewalk-java
spacewalk-setup:
- Fix cobbler authentication module configuration required for new cobbler
package
- Configure 150 Tomcat workers by default, matching httpds MaxClients
spacewalk-utils:
- Add FQDN resolver for spacewalk-manage-channel-lifecycle (bsc#1153578)
- Common-channels: Fix repo type assignment for type YUM
spacewalk-web:
- Redirect to project when canceling creating a filter (bsc#1145750)
- Better visualization of the filters attached to a CLM Project.
Allow/deny are now split
- Fix ui issues with content lifecycle project list page (bsc#1145587)
- Implement "keyword" filter for Content Lifecycle Management
- Enable Azure, Amazon EC2 and Google Compute Engine as available Virtual
host Managers
- Trim strings when creating/updating image stores/profiles (bsc#1133429)
- Show loading spin while loading salt keys data (bsc#1150180)
- CLM - Disable clones by default of the shown CLM Project sources
- Change form order and change project creation message (bsc#1145744)
- Add UI message when salt-formulas system folders are unreachable
(bsc#1142309)
- Implement "regular expression" Filter for Content Lifecycle Management
matching package names, patch name, patch synopsis and package names in
patches
- New Single Page Application engine for the UI. It can be enabled with
the config 'web.spa.enable' set to true
- Add environment label when deleting environment (bsc#1145758)
- Change color of disabled build button on clp page (bsc#1145626)
- Fix the 'include recommended' button on channels selection in SSM
(bsc#1145086)
- Implement "patch contains package" Filter for Content Lifecycle
Management
- Implement Filter Patch "by type" Content Lifecycle Management
- Implement filtering errata by synopsis in Content Lifecycle Management
- Normalize date formats for actions, notifications and clm (bsc#1142774)
- Implement ALLOW filters in Content Lifecycle Management
- Implement "by date" Filter for Content Lifecycle Management
susemanager:
- Require dmidecode only for SLE12 aarch64 and x86_64 (bsc#1152170)
- Require pmtools only for SLE11 i586 and x86_64 (bsc#1150314)
- Fix test for btrfs subvolume for new btrfs version (bsc#1151666)
- Ensure working directory is /root during setup (bsc#1148169)
- Dmidecode does not exist on s390x (bsc#1145119)
susemanager-docs_en:
- Update text and images (mu-4.0.3); many changes caused by Technical and
Content Reviews.
- Added partition permissions to Install Guide (bsc#1152735)
- Move Disconnected Setup from Client Config to Admin Guide
- Updated references to documentation.suse.com (was:
www.suse.com/documentation)
- Increase default value for taskomatic to 4GB
- Registering to proxy information in Install Guide
- Edits to Prometheus section in Admin Guide
- Update database migration section in Upgrade Guide
- Update server update, upgrade, and migration chapters in Upgrade Guide
- Update server installation and setup chapters
- Update proxy installation and setup chapters
- Add section about maintenance window in Admin Guide
- Update Kubernetes chapter
- Admin Guide: ISS: Adapt the CA path to correspond to SLES 15.1
- Update image management
- Update channel management screenshot in Reference
- Update CLM
- Provide basic documentation on foreign clients
- Update info on mgr-sync
- New images added to Retail Guide
- Minor edits in Salt Guide
- Improvements to Troubleshooting section in Admin Guide
- Removed reference to SLP in Install Guide
- Minor edits to SSM in Client Config Guide
susemanager-schema:
- Fix in schema migration script when recreating the 'suseUserRoleView'
(bsc#1151280)
- Fix: handle special deb package names (bsc#1150113)
- Refactor in suseChannelUserRoleView for retrieving the parent_channel_id
(bsc#1151399)
- Add tables rhnPackageExtraTag and rhnPackageExtraTagKey
- Allow monitoring for Ubuntu systems
- Add new types needed for Azure, Amazon EC2 and Google CE
- Enable provisioning for salt clients
- Allow package changelog entries with more than 3000 characters
(bsc#1144889)
susemanager-sls:
- Require pmtools only for SLE11 i586 and x86_64 (bsc#1150314)
- Introduce dnf-susemanager-plugin for RHEL8 minions
- Provide custom grain to report "instance id" when running on Public
Cloud instances
- Disable legacy startup events for new minions
- Implement provisioning for salt clients
- Dmidecode does not exist on ppc64le and s390x (bsc#1145119)
- Update susemanager.conf to use adler32 for computing the server_id for
new minions
- Do not show errors when polling internal metadata API (bsc#1155794)
- Add missing "public_cloud" custom grain (bsc#1155656)
susemanager-sync-data:
- Ubuntu repositories released
tika-core:
- New upstream version 1.2.2. Fixes:
* OOM from a crafted Zip File in Apache Tika's RecursiveParserWrapper
(CVE-2019-10088) (bsc#1144500).
* Denial of Service in Apache Tika's 2003ml and 2006ml Parsers
(CVE-2019-10093) (bsc#1144510).
* StackOverflow from Crafted Package/Compressed Files in Apache Tika's
RecursiveParserWrapper (CVE-2019-10094) (bsc#1144515).
virtual-host-gatherer:
- Add new modules to deal with Amazon EC2, Azure and Google Compute
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.0:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2019-2930=1
Package List:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (ppc64le s390x x86_64):
patterns-suma_retail-4.0-9.3.8
patterns-suma_server-4.0-9.3.8
spacewalk-branding-4.0.14-3.6.8
susemanager-4.0.17-3.6.9
susemanager-tools-4.0.17-3.6.9
- SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch):
cobbler-3.0.0+git20190806.32c4bae0-7.3.7
cpu-mitigations-formula-0.1-4.6.7
mgr-osa-dispatcher-4.0.10-3.6.8
pgjdbc-ng-0.7.1-3.3.8
prometheus-exporters-formula-0.4-3.3.7
pxe-default-image-sle15-4.0.0-20191106084601
py26-compat-salt-2016.11.10-10.8.8
python3-mgr-osa-common-4.0.10-3.6.8
python3-mgr-osa-dispatcher-4.0.10-3.6.8
python3-spacewalk-backend-libs-4.0.27-3.13.9
python3-spacewalk-certs-tools-4.0.12-3.6.8
python3-spacewalk-client-tools-4.0.10-3.6.8
python3-susemanager-retail-1.0.1568808472.be9f236-3.6.7
python3-urlgrabber-3.10.2.1py2_3-6.22.6
spacecmd-4.0.16-3.6.7
spacewalk-admin-4.0.8-3.3.8
spacewalk-backend-4.0.27-3.13.9
spacewalk-backend-app-4.0.27-3.13.9
spacewalk-backend-applet-4.0.27-3.13.9
spacewalk-backend-config-files-4.0.27-3.13.9
spacewalk-backend-config-files-common-4.0.27-3.13.9
spacewalk-backend-config-files-tool-4.0.27-3.13.9
spacewalk-backend-iss-4.0.27-3.13.9
spacewalk-backend-iss-export-4.0.27-3.13.9
spacewalk-backend-package-push-server-4.0.27-3.13.9
spacewalk-backend-server-4.0.27-3.13.9
spacewalk-backend-sql-4.0.27-3.13.9
spacewalk-backend-sql-postgresql-4.0.27-3.13.9
spacewalk-backend-tools-4.0.27-3.13.9
spacewalk-backend-xml-export-libs-4.0.27-3.13.9
spacewalk-backend-xmlrpc-4.0.27-3.13.9
spacewalk-base-4.0.16-3.9.8
spacewalk-base-minimal-4.0.16-3.9.8
spacewalk-base-minimal-config-4.0.16-3.9.8
spacewalk-certs-tools-4.0.12-3.6.8
spacewalk-client-tools-4.0.10-3.6.8
spacewalk-config-4.0.13-3.3.7
spacewalk-html-4.0.16-3.9.8
spacewalk-java-4.0.25-3.10.5
spacewalk-java-config-4.0.25-3.10.5
spacewalk-java-lib-4.0.25-3.10.5
spacewalk-java-postgresql-4.0.25-3.10.5
spacewalk-setup-4.0.11-3.6.7
spacewalk-taskomatic-4.0.25-3.10.5
spacewalk-utils-4.0.13-3.6.8
susemanager-doc-indexes-4.0-10.9.8
susemanager-docs_en-4.0-10.9.7
susemanager-docs_en-pdf-4.0-10.9.7
susemanager-retail-tools-1.0.1568808472.be9f236-3.6.7
susemanager-schema-4.0.16-3.8.5
susemanager-sls-4.0.22-3.10.4
susemanager-sync-data-4.0.13-3.6.7
susemanager-web-libs-4.0.16-3.9.8
tika-core-1.22-3.3.7
virtual-host-gatherer-1.0.19-3.3.8
virtual-host-gatherer-Kubernetes-1.0.19-3.3.8
virtual-host-gatherer-VMware-1.0.19-3.3.8
virtual-host-gatherer-libcloud-1.0.19-3.3.8
References:
https://www.suse.com/security/cve/CVE-2019-10088.html
https://www.suse.com/security/cve/CVE-2019-10093.html
https://www.suse.com/security/cve/CVE-2019-10094.html
https://bugzilla.suse.com/1133429
https://bugzilla.suse.com/1135442
https://bugzilla.suse.com/1136959
https://bugzilla.suse.com/1138358
https://bugzilla.suse.com/1138454
https://bugzilla.suse.com/1142309
https://bugzilla.suse.com/1142764
https://bugzilla.suse.com/1142774
https://bugzilla.suse.com/1143016
https://bugzilla.suse.com/1143562
https://bugzilla.suse.com/1143789
https://bugzilla.suse.com/1144300
https://bugzilla.suse.com/1144500
https://bugzilla.suse.com/1144510
https://bugzilla.suse.com/1144515
https://bugzilla.suse.com/1144889
https://bugzilla.suse.com/1145086
https://bugzilla.suse.com/1145119
https://bugzilla.suse.com/1145551
https://bugzilla.suse.com/1145587
https://bugzilla.suse.com/1145626
https://bugzilla.suse.com/1145744
https://bugzilla.suse.com/1145750
https://bugzilla.suse.com/1145753
https://bugzilla.suse.com/1145758
https://bugzilla.suse.com/1145769
https://bugzilla.suse.com/1145873
https://bugzilla.suse.com/1146416
https://bugzilla.suse.com/1146419
https://bugzilla.suse.com/1146683
https://bugzilla.suse.com/1146869
https://bugzilla.suse.com/1148169
https://bugzilla.suse.com/1149075
https://bugzilla.suse.com/1149210
https://bugzilla.suse.com/1149353
https://bugzilla.suse.com/1149409
https://bugzilla.suse.com/1149425
https://bugzilla.suse.com/1149633
https://bugzilla.suse.com/1150113
https://bugzilla.suse.com/1150154
https://bugzilla.suse.com/1150180
https://bugzilla.suse.com/1150314
https://bugzilla.suse.com/1150729
https://bugzilla.suse.com/1151097
https://bugzilla.suse.com/1151280
https://bugzilla.suse.com/1151399
https://bugzilla.suse.com/1151467
https://bugzilla.suse.com/1151481
https://bugzilla.suse.com/1151666
https://bugzilla.suse.com/1151875
https://bugzilla.suse.com/1152170
https://bugzilla.suse.com/1152290
https://bugzilla.suse.com/1152514
https://bugzilla.suse.com/1152735
https://bugzilla.suse.com/1153277
https://bugzilla.suse.com/1153578
https://bugzilla.suse.com/1154275
https://bugzilla.suse.com/1155656
https://bugzilla.suse.com/1155794
More information about the sle-security-updates
mailing list