SUSE-SU-2019:14163-1: moderate: Security update for SUSE Manager Client Tools

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu Sep 5 13:10:53 MDT 2019


   SUSE Security Update: Security update for SUSE Manager Client Tools
______________________________________________________________________________

Announcement ID:    SUSE-SU-2019:14163-1
Rating:             moderate
References:         #1103696 #1104034 #1130040 #1135881 #1136029 
                    #1136480 #1137715 #1137940 #1138313 #1138358 
                    #1138494 #1138822 #1139453 #1142038 #1143856 
                    #1144155 #1144889 #1148125 #1148177 #1148311 
                    
Cross-References:   CVE-2019-10136
Affected Products:
                    SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS
                    SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS
______________________________________________________________________________

   An update that solves one vulnerability and has 19 fixes is
   now available.

Description:


   This update fixes the following issues:

   mgr-cfg:

   - Ensure bytes type when using hashlib to avoid traceback (bsc#1138822)

   mgr-daemon:

   - Fix systemd timer configuration on SLE12 (bsc#1142038)

   mgr-osad:

   - Fix obsolete for old osad packages, to allow installing mgr-osad even by
     using osad at yum/zyppper install (bsc#1139453)
   - Ensure bytes type when using hashlib to avoid traceback (bsc#1138822)

   mgr-virtualization:

   - Fix missing python 3 ugettext (bsc#1138494)
   - Fix package dependencies to prevent file conflict (bsc#1143856)

   rhnlib:

   - Add SNI support for clients
   - Fix initialize ssl connection (bsc#1144155)
   - Fix bootstrapping SLE11SP4 trad client with SSL enabled (bsc#1148177)

   python-gzipstream:

   - SPEC cleanup
   - add makefile and pylint configuration
   - Add Uyuni URL to package
   - Bump version to 4.0.0 (bsc#1104034)
   - Fix copyright for the package specfile (bsc#1103696)

   spacecmd:

   - Bugfix: referenced variable before assignment.
   - Bugfix: 'dict' object has no attribute 'iteritems' (bsc#1135881)
   - Add unit tests for custominfo, snippet, scap, ssm, cryptokey and
     distribution
   - Fix missing runtime dependencies that made spacecmd return old versions
     of packages in some cases, even if newer ones were available
     (bsc#1148311)


   spacewalk-backend:

   - Do not overwrite comps and module data with older versions
   - Fix issue with "dists" keyword in url hostname
   - Import packages from all collections of a patch not just first one
   - Ensure bytes type when using hashlib to avoid traceback
     on XMLRPC call to "registration.register_osad" (bsc#1138822)
   - Do not duplicate "http://" protocol when using proxies with "deb"
     repositories (bsc#1138313)
   - Fix reposync when dealing with RedHat CDN (bsc#1138358)
   - Fix for CVE-2019-10136. An attacker with a valid, but expired,
     authenticated set of headers could move some digits around, artificially
     extending the session validity without modifying the checksum.
     (bsc#1136480)
   - Prevent FileNotFoundError: repomd.xml.key traceback (bsc#1137940)
   - Add journalctl output to spacewalk-debug tarballs
   - Prevent unnecessary triggering of channel-repodata tasks when GPG
     signing is disabled (bsc#1137715)
   - Fix spacewalk-repo-sync for Ubuntu repositories in mirror case
     (bsc#1136029)
   - Add support for ULN repositories on new Zypper based reposync.
   - Don't skip Deb package tags on package import (bsc#1130040)
   - For backend-libs subpackages, exclude files for the server (already part
     of spacewalk-backend) to avoid conflicts (bsc#1148125)
   - prevent duplicate key violates on repo-sync with long changelog entries
     (bsc#1144889)

   spacewalk-remote-utils:

   - Add RHEL8


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS:

      zypper in -t patch slesctsp4-client-tools-201907-14163=1

   - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS:

      zypper in -t patch slesctsp3-client-tools-201907-14163=1



Package List:

   - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64):

      mgr-cfg-4.0.9-5.6.3
      mgr-cfg-actions-4.0.9-5.6.3
      mgr-cfg-client-4.0.9-5.6.3
      mgr-cfg-management-4.0.9-5.6.3
      mgr-daemon-4.0.7-5.8.2
      mgr-daemon-debuginfo-4.0.7-5.8.2
      mgr-daemon-debugsource-4.0.7-5.8.2
      mgr-osad-4.0.9-5.6.2
      mgr-virtualization-host-4.0.8-5.8.3
      python2-mgr-cfg-4.0.9-5.6.3
      python2-mgr-cfg-actions-4.0.9-5.6.3
      python2-mgr-cfg-client-4.0.9-5.6.3
      python2-mgr-cfg-management-4.0.9-5.6.3
      python2-mgr-osa-common-4.0.9-5.6.2
      python2-mgr-osad-4.0.9-5.6.2
      python2-mgr-virtualization-common-4.0.8-5.8.3
      python2-mgr-virtualization-host-4.0.8-5.8.3
      python2-rhnlib-4.0.11-12.16.1
      spacecmd-4.0.14-18.51.1
      spacewalk-backend-libs-4.0.25-28.42.1

   - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (noarch):

      spacewalk-remote-utils-4.0.5-6.12.2

   - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64):

      mgr-cfg-4.0.9-5.6.3
      mgr-cfg-actions-4.0.9-5.6.3
      mgr-cfg-client-4.0.9-5.6.3
      mgr-cfg-management-4.0.9-5.6.3
      mgr-daemon-4.0.7-5.8.2
      mgr-daemon-debuginfo-4.0.7-5.8.2
      mgr-daemon-debugsource-4.0.7-5.8.2
      mgr-osad-4.0.9-5.6.2
      mgr-virtualization-host-4.0.8-5.8.3
      python2-mgr-cfg-4.0.9-5.6.3
      python2-mgr-cfg-actions-4.0.9-5.6.3
      python2-mgr-cfg-client-4.0.9-5.6.3
      python2-mgr-cfg-management-4.0.9-5.6.3
      python2-mgr-osa-common-4.0.9-5.6.2
      python2-mgr-osad-4.0.9-5.6.2
      python2-mgr-virtualization-common-4.0.8-5.8.3
      python2-mgr-virtualization-host-4.0.8-5.8.3
      python2-rhnlib-4.0.11-12.16.1
      spacecmd-4.0.14-18.51.1
      spacewalk-backend-libs-4.0.25-28.42.1

   - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (noarch):

      spacewalk-remote-utils-4.0.5-6.12.2


References:

   https://www.suse.com/security/cve/CVE-2019-10136.html
   https://bugzilla.suse.com/1103696
   https://bugzilla.suse.com/1104034
   https://bugzilla.suse.com/1130040
   https://bugzilla.suse.com/1135881
   https://bugzilla.suse.com/1136029
   https://bugzilla.suse.com/1136480
   https://bugzilla.suse.com/1137715
   https://bugzilla.suse.com/1137940
   https://bugzilla.suse.com/1138313
   https://bugzilla.suse.com/1138358
   https://bugzilla.suse.com/1138494
   https://bugzilla.suse.com/1138822
   https://bugzilla.suse.com/1139453
   https://bugzilla.suse.com/1142038
   https://bugzilla.suse.com/1143856
   https://bugzilla.suse.com/1144155
   https://bugzilla.suse.com/1144889
   https://bugzilla.suse.com/1148125
   https://bugzilla.suse.com/1148177
   https://bugzilla.suse.com/1148311



More information about the sle-security-updates mailing list