SUSE-SU-2020:0856-1: moderate: Security update for SUSE Manager Server 3.2
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Thu Apr 2 13:16:29 MDT 2020
SUSE Security Update: Security update for SUSE Manager Server 3.2
______________________________________________________________________________
Announcement ID: SUSE-SU-2020:0856-1
Rating: moderate
References: #1085414 #1140332 #1155372 #1157317 #1158899
#1159184 #1160246 #1161862 #1162609 #1162683
#1163001 #1163538 #1164120 #1164563 #1164771
#1165425 #1165921
Cross-References: CVE-2018-1077 CVE-2020-1693
Affected Products:
SUSE Manager Server 3.2
______________________________________________________________________________
An update that solves two vulnerabilities and has 15 fixes
is now available.
Description:
This update fixes the following issues:
py26-compat-salt:
- Replace pycrypto with M2Crypto as dependency for SLE15+ (bsc#1165425)
redstone-xmlrpc:
- Disable external entity parsing (1790381, bsc#1164120, CVE-2020-1693)
- Do not download external entities (1555429, bsc#1085414, CVE-2018-1077)
spacecmd:
- Bugfix: attempt to purge SSM when it is empty (bsc#1155372)
spacewalk-admin:
- Spell correctly "successful" and "successfully"
spacewalk-backend:
- When downloading repo metadata, don't add "/" to the repo url if it
already ends with one (bsc#1158899)
- Enhance suseProducts via ISS to fix SP migration on slave server
(bsc#1159184)
spacewalk-certs-tools:
- Add minion option in config file to disable salt mine when generated by
bootstrap script (bsc#1163001)
spacewalk-client-tools:
- Do not crash 'mgr-update-status' because 'long' type is not defined in
Python 3
- Add workaround for uptime overflow to spacewalk-update-status as well
(bsc#1165921)
- Spell correctly "successful" and "successfully"
spacewalk-java:
- Fix error when adding systems to ssm with 'add to ssm' button
(bsc#1160246)
- Validate the suseproductchannel table and update missing date when
running mgr-sync refresh (bsc#1163538)
- Read the subscriptions from the output instead of input (bsc#1140332)
- Show additional headers and dependencies for deb packages
- Use channel name from product tree instead of constructing it
(bsc#1157317)
spacewalk-setup:
- Spell correctly "successful" and "successfully"
spacewalk-utils:
- Check for delimiter as well when detecting current phase (bsc#1164771)
spacewalk-web:
- Report merge_subscriptions message in a readable way (bsc#1140332)
subscription-matcher:
- Add missing library for SLE15 SP2 (slf4j-log4j12)
- Make the code usable with Math3 on SLES
- Use log4j12 package on newer SLE versions
- Aggregate stackable subscriptions with same parameters
- Implement new "swap move" used in optaplanner (bsc#1140332)
- Enable aarch64 builds, except for SLE < 15
susemanager:
- Fix salt bootstrapping on SLE15 (require python3-pycrypto or
python3-M2Crypto to support all variants) (bsc#1164563)
- Add bootstrap-repo data for OES 2018 SP2 (bsc#1161862)
- Add bootstrap-repo data for SLE15 SP2 Family
susemanager-sls:
- Adapt 'mgractionchains' module to work with Salt 3000
- Do not workaround util.syncmodules for SSH minions (bsc#1162609)
- Force to run util.synccustomall when triggering action chains on SSH
minions (bsc#1162683).
susemanager-sync-data:
- Add OES 2018 SP2 (bsc#1161862)
- Rename RHEL 8 Base product
- Change channel family name according to SCC data
How to apply this update: 1. Log in as root user to the SUSE Manager
server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the
patch using either zypper patch or YaST Online Update. 4. Upgrade the
database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service:
spacewalk-service start
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Server 3.2:
zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2020-856=1
Package List:
- SUSE Manager Server 3.2 (ppc64le s390x x86_64):
susemanager-3.2.23-3.40.2
susemanager-tools-3.2.23-3.40.2
- SUSE Manager Server 3.2 (noarch):
py26-compat-salt-2016.11.10-6.35.1
python2-spacewalk-certs-tools-2.8.8.14-3.23.1
python2-spacewalk-client-tools-2.8.22.7-3.12.1
redstone-xmlrpc-1.1_20071120-0.11.3.1
spacecmd-2.8.25.14-3.32.1
spacewalk-admin-2.8.4.6-3.12.1
spacewalk-backend-2.8.57.22-3.48.1
spacewalk-backend-app-2.8.57.22-3.48.1
spacewalk-backend-applet-2.8.57.22-3.48.1
spacewalk-backend-config-files-2.8.57.22-3.48.1
spacewalk-backend-config-files-common-2.8.57.22-3.48.1
spacewalk-backend-config-files-tool-2.8.57.22-3.48.1
spacewalk-backend-iss-2.8.57.22-3.48.1
spacewalk-backend-iss-export-2.8.57.22-3.48.1
spacewalk-backend-libs-2.8.57.22-3.48.1
spacewalk-backend-package-push-server-2.8.57.22-3.48.1
spacewalk-backend-server-2.8.57.22-3.48.1
spacewalk-backend-sql-2.8.57.22-3.48.1
spacewalk-backend-sql-oracle-2.8.57.22-3.48.1
spacewalk-backend-sql-postgresql-2.8.57.22-3.48.1
spacewalk-backend-tools-2.8.57.22-3.48.1
spacewalk-backend-xml-export-libs-2.8.57.22-3.48.1
spacewalk-backend-xmlrpc-2.8.57.22-3.48.1
spacewalk-base-2.8.7.23-3.45.1
spacewalk-base-minimal-2.8.7.23-3.45.1
spacewalk-base-minimal-config-2.8.7.23-3.45.1
spacewalk-certs-tools-2.8.8.14-3.23.1
spacewalk-client-tools-2.8.22.7-3.12.1
spacewalk-html-2.8.7.23-3.45.1
spacewalk-java-2.8.78.28-3.47.1
spacewalk-java-config-2.8.78.28-3.47.1
spacewalk-java-lib-2.8.78.28-3.47.1
spacewalk-java-oracle-2.8.78.28-3.47.1
spacewalk-java-postgresql-2.8.78.28-3.47.1
spacewalk-setup-2.8.7.10-3.25.1
spacewalk-taskomatic-2.8.78.28-3.47.1
spacewalk-utils-2.8.18.6-3.12.1
subscription-matcher-0.25-4.15.1
susemanager-sls-3.2.30-3.44.1
susemanager-sync-data-3.2.19-3.35.1
susemanager-web-libs-2.8.7.23-3.45.1
References:
https://www.suse.com/security/cve/CVE-2018-1077.html
https://www.suse.com/security/cve/CVE-2020-1693.html
https://bugzilla.suse.com/1085414
https://bugzilla.suse.com/1140332
https://bugzilla.suse.com/1155372
https://bugzilla.suse.com/1157317
https://bugzilla.suse.com/1158899
https://bugzilla.suse.com/1159184
https://bugzilla.suse.com/1160246
https://bugzilla.suse.com/1161862
https://bugzilla.suse.com/1162609
https://bugzilla.suse.com/1162683
https://bugzilla.suse.com/1163001
https://bugzilla.suse.com/1163538
https://bugzilla.suse.com/1164120
https://bugzilla.suse.com/1164563
https://bugzilla.suse.com/1164771
https://bugzilla.suse.com/1165425
https://bugzilla.suse.com/1165921
More information about the sle-security-updates
mailing list