SUSE-SU-2019:2521-1: moderate: Security update for SUSE Manager Server 3.2
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Wed Oct 2 10:19:38 MDT 2019
SUSE Security Update: Security update for SUSE Manager Server 3.2
______________________________________________________________________________
Announcement ID: SUSE-SU-2019:2521-1
Rating: moderate
References: #1093381 #1096426 #1135957 #1137229 #1138454
#1140644 #1141661 #1142309 #1142764 #1142774
#1143016 #1143562 #1144500 #1144510 #1144515
#1144889 #1145086 #1145119 #1146416 #1146419
#1146869 #1146895 #1147126 #1149409
Cross-References: CVE-2019-10088 CVE-2019-10093 CVE-2019-10094
Affected Products:
SUSE Manager Server 3.2
______________________________________________________________________________
An update that solves three vulnerabilities and has 21
fixes is now available.
Description:
This update fixes the following issues:
cobbler:
- Jinja2 template library fix (bsc#1141661)
pgjdbc-ng:
- Allow dots in database name (bsc#1146416)
py26-compat-salt:
- Get tornado dependency from the system on SLE12 (bsc#1149409)
- Catch SSLError for TLS 1.2 bootstraps with RES/RHEL6 and SLE11
(bsc#1147126)
spacecmd:
- Check that a channel doesn't have clones before deleting it (bsc#1138454)
spacewalk-backend:
- Remove credentials also from potential rhn.conf backup files in
spacewalk-debug (bsc#1146419)
- Do not make 'rhn-satellite-exporter' to crash with "AttributeError"
(bsc#1146869)
- Spacewalk-remove-channel check that channel doesn't have cloned channels
before deleting it (bsc#1138454)
- Prevent duplicate changelog entries due VARCHAR(3000) db text column
(bsc#1144889)
- Avoid traceback on mgr-inter-sync when exception message contains UTF8
characters or there are problems with the package cache (bsc#1143016)
registered guest (bsc#1093381)
spacewalk-branding:
- Add missing strings for task status page
spacewalk-client-tools:
- Invalidate cache 5 minutes before actual expiration(bsc#1143562)
spacewalk-java:
- Add UI message when salt-formulas system folders are unreachable
(bsc#1142309)
- Don't convert localhost repositories URL in mirror case (bsc#1135957)
- Check that a channel doesn't have clones before deleting it (bsc#1138454)
- Improve websocket authentication to prevent errors in logs (bsc#1138454)
- Normalize date formats for actions, notifications and clm (bsc#1142774)
- Cloning Errata from a specific channel should not take packages from
other channels (bsc#1142764)
- Add susemanager as prerequired for spacewalk-java
- Improve performance for retrieving the user permissions on channels
(bsc#1140644)
- Prerequire salt package to avoid not existing user issues
- Support partly patched CVEs in CVE audit (bsc#1137229)
spacewalk-setup:
- Configure 150 Tomcat workers by default, matching httpds MaxClients
spacewalk-utils:
- Common-channels: Fix repo type assignment for type YUM
- Adds support for Ubuntu and Debian channels to spacewalk-common-channels.
spacewalk-web:
- Fix the 'include recommended' button on channels selection in SSM
(bsc#1145086)
- Normalize date formats for actions, notifications and clm (bsc#1142774)
- Add unsupported browser warning when using Internet Explorer
susemanager:
- Dmidecode does not exist on s390x (bsc#1145119)
susemanager-docs_en:
- Add link to the creation of the bootstrap script (bsc#1146895).
- Improve adoc tagging.
- LimitNOFILE back-port.
- Fix command-line error (bsc#1096426).
susemanager-schema:
- Improve performance for retrieving the user permissions on channels
(bsc#1140644)
susemanager-sls:
- Bootstrapping RES6/RHEL6/SLE11 with TLS1.2 now shows error message.
(bsc#1147126)
- Dmidecode does not exist on ppc64le and s390x (bsc#1145119)
- Update susemanager.conf to use adler32 for computing the server_id for
new minions
tika-core:
New upstream version 1.2.2. Fixes security issues:
- CVE-2019-10088: Fixed an OOM from a crafted Zip File in Apache Tika's
RecursiveParserWrapper (bsc#1144500).
- CVE-2019-10093: Fixed a Denial of Service in Apache Tika's 2003ml and
2006ml Parsers (bsc#1144510).
- CVE-2019-10094: Fixed a stack overflow from crafted compressed files in
Apache Tika's RecursiveParserWrapper (bsc#1144515).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Server 3.2:
zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-2521=1
Package List:
- SUSE Manager Server 3.2 (ppc64le s390x x86_64):
spacewalk-branding-2.8.5.16-3.22.1
susemanager-3.2.20-3.31.2
susemanager-tools-3.2.20-3.31.2
- SUSE Manager Server 3.2 (noarch):
cobbler-2.6.6-6.22.1
pgjdbc-ng-0.7.1-2.6.1
py26-compat-salt-2016.11.10-6.32.1
python2-spacewalk-client-tools-2.8.22.5-3.6.1
spacecmd-2.8.25.11-3.23.1
spacewalk-backend-2.8.57.19-3.39.2
spacewalk-backend-app-2.8.57.19-3.39.2
spacewalk-backend-applet-2.8.57.19-3.39.2
spacewalk-backend-config-files-2.8.57.19-3.39.2
spacewalk-backend-config-files-common-2.8.57.19-3.39.2
spacewalk-backend-config-files-tool-2.8.57.19-3.39.2
spacewalk-backend-iss-2.8.57.19-3.39.2
spacewalk-backend-iss-export-2.8.57.19-3.39.2
spacewalk-backend-libs-2.8.57.19-3.39.2
spacewalk-backend-package-push-server-2.8.57.19-3.39.2
spacewalk-backend-server-2.8.57.19-3.39.2
spacewalk-backend-sql-2.8.57.19-3.39.2
spacewalk-backend-sql-oracle-2.8.57.19-3.39.2
spacewalk-backend-sql-postgresql-2.8.57.19-3.39.2
spacewalk-backend-tools-2.8.57.19-3.39.2
spacewalk-backend-xml-export-libs-2.8.57.19-3.39.2
spacewalk-backend-xmlrpc-2.8.57.19-3.39.2
spacewalk-base-2.8.7.19-3.36.1
spacewalk-base-minimal-2.8.7.19-3.36.1
spacewalk-base-minimal-config-2.8.7.19-3.36.1
spacewalk-client-tools-2.8.22.5-3.6.1
spacewalk-html-2.8.7.19-3.36.1
spacewalk-java-2.8.78.24-3.38.1
spacewalk-java-config-2.8.78.24-3.38.1
spacewalk-java-lib-2.8.78.24-3.38.1
spacewalk-java-oracle-2.8.78.24-3.38.1
spacewalk-java-postgresql-2.8.78.24-3.38.1
spacewalk-setup-2.8.7.8-3.19.1
spacewalk-taskomatic-2.8.78.24-3.38.1
spacewalk-utils-2.8.18.5-3.9.1
susemanager-advanced-topics_en-pdf-3.2-11.32.1
susemanager-best-practices_en-pdf-3.2-11.32.1
susemanager-docs_en-3.2-11.32.1
susemanager-getting-started_en-pdf-3.2-11.32.1
susemanager-jsp_en-3.2-11.32.1
susemanager-reference_en-pdf-3.2-11.32.1
susemanager-schema-3.2.21-3.31.1
susemanager-sls-3.2.27-3.35.1
susemanager-web-libs-2.8.7.19-3.36.1
tika-core-1.22-3.9.1
References:
https://www.suse.com/security/cve/CVE-2019-10088.html
https://www.suse.com/security/cve/CVE-2019-10093.html
https://www.suse.com/security/cve/CVE-2019-10094.html
https://bugzilla.suse.com/1093381
https://bugzilla.suse.com/1096426
https://bugzilla.suse.com/1135957
https://bugzilla.suse.com/1137229
https://bugzilla.suse.com/1138454
https://bugzilla.suse.com/1140644
https://bugzilla.suse.com/1141661
https://bugzilla.suse.com/1142309
https://bugzilla.suse.com/1142764
https://bugzilla.suse.com/1142774
https://bugzilla.suse.com/1143016
https://bugzilla.suse.com/1143562
https://bugzilla.suse.com/1144500
https://bugzilla.suse.com/1144510
https://bugzilla.suse.com/1144515
https://bugzilla.suse.com/1144889
https://bugzilla.suse.com/1145086
https://bugzilla.suse.com/1145119
https://bugzilla.suse.com/1146416
https://bugzilla.suse.com/1146419
https://bugzilla.suse.com/1146869
https://bugzilla.suse.com/1146895
https://bugzilla.suse.com/1147126
https://bugzilla.suse.com/1149409
More information about the sle-security-updates
mailing list