SUSE-SU-2020:2373-1: moderate: Security update for SUSE Manager Server 4.1

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Aug 28 10:23:46 MDT 2020


   SUSE Security Update: Security update for SUSE Manager Server 4.1
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:2373-1
Rating:             moderate
References:         #1136857 #1165572 #1169553 #1169780 #1170244 
                    #1170468 #1170654 #1171281 #1172279 #1172504 
                    #1172709 #1172807 #1172831 #1172839 #1173169 
                    #1173522 #1173535 #1173554 #1173566 #1173584 
                    #1173932 #1173982 #1173997 #1174025 #1174167 
                    #1174229 #1174325 #1174405 #1174470 #1174965 
                    #1175485 #1175555 #1175558 #1175724 #1175791 
                    #678126 
Cross-References:   CVE-2020-11022
Affected Products:
                    SUSE Linux Enterprise Module for SUSE Manager Server 4.1
______________________________________________________________________________

   An update that solves one vulnerability and has 35 fixes is
   now available.

Description:

   This update fixes the following issues:

   cobbler:

   - More old modules naming fixes (bsc#1169553)

   image-sync-formula:

   - Allow image-sync state on regular minion. Image sync state requires
     branch-network pillars to get the directory where to sync images. Use
     default `/srv/saltboot` if that pillar is missing so image-sync can be
     applied on non branch minions as well.

   mgr-libmod:

   - Remove unnecessary array wrap in 'list_modules' response object

   mgr-osad:

   - Move uyuni-base-common dependency from mgr-osad to mgr-osa-dispatcher
     (bsc#1174405)

   openvpn-formula:

   - Add hint that ssl certs must be on system (bsc#1172279)

   patterns-suse-manager:

   - Add Recommends for golang-github-QubitProducts-exporter_exporter

   prometheus-exporters-formula:

   - Bugfix: Handle exporters proxy for unsupported distros (bsc#1175555)
   - Add support for exporters proxy (exporter_exporter)

   pxe-default-image-sle15:

   - Rollback the workaround for bsc#1172807, as dracut is now fixed

   saltboot-formula:

   - Better fix for rounding errors (bsc#1136857)

   spacecmd:

   - Fix softwarechannel update for vendor channels (bsc#1172709)
   - Fix escaping of package names (bsc#1171281)

   spacewalk-backend:

   - Adds basic functionality for gpg check
   - Verify GPG signature of Ubuntu/Debian repository metadata (Release file)
   - Take care of SCC auth tokens on DEB repos GPG checks (bsc#1175485)
   - Use spacewalk keyring for GPG checks on DEB repos (bsc#1175485)

   spacewalk-branding:

   - Implement Maintenance Windows
   - Fix typo on spacewalk-branding license

   spacewalk-certs-tools:

   - Strip SSL Certificate Common Name after 63 Characters (bsc#1173535)
   - Fix centos detection (bsc#1173584)

   spacewalk-java:

   - Use media.1/products from media when not specified different
     (bsc#1175558)
   - Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)
   - Fix error when rolling back a system to a snapshot (bsc#1173997)
   - Implement maintenance windows backend
   - Add check for maintainence window during executing recurring actions
   - Implement maintenance windows in struts
   - XMLRPC: Assign/retract maintenance schedule to/from systems
   - Fix softwarechannel update for vendor channels (bsc#1172709)
   - Avoid deadlock when syncing channels and registering minions at the same
     time (bsc#1173566)
   - Change system list header text to something better (bsc#1173982)
   - Set CPU and memory info for virtual instances (bsc#1170244)
   - Add virtual network Start, Stop and Delete actions
   - Add virtual network list page
   - Fix httpcomponents and gson jar symlinks (bsc#1174229)
   - Enhance RedHat product detection for CentOS and OracleLinux (bsc#1173584)
   - Provide comps.xml and modules.yaml when using onlinerepo for kickstart
   - Refresh virtualization pages only on events
   - Fix up2date detection on RH8 when salt-minion is used for registration
   - Improve performance of the System Groups page with many clients
     (bsc#1172839)
   - Include number of non-patch package updates to non-critical update
     counts in system group pages (bsc#1170468)
   - Bump XMLRPC API version number to distinguish from Spacewalk 2.10
   - Cluster UI: return to overview page after scheduling actions
   - Fix NPE on auto installation when no kernel options are given
     (bsc#1173932)
   - Fix issue with disabling self_update for autoyast autoupgrade
     (bsc#1170654)
   - Adapt expectations for jobs return events after switching Salt states to
     use 'mgrcompat.module_run' state.

   spacewalk-utils:

   - Add aarch64 for openSUSE Leap 15.1 and 15.2

   spacewalk-web:

   - Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)
   - Fix JS linting errors/warnings
   - Enable Nutanix AHV virtual host gatherer.
   - Web UI: Implement managing maintenance schedules and calendars
   - Warn when a system is in multiple groups that configure the same formula
     in the system formula's UI (bsc#1173554)
   - Add virtual network start, stop and delete actions
   - Add virtual network list page
   - Fix internal server error when creating module filters in CLM
     (bsc#1174325)
   - Fix VM creation page when there is no volume in the default storage pool
   - Refresh virtualization pages only on events
   - Product list in the Wizard doesn't show SLE products first (bsc#1173522)
   - Cluster UI: return to overview page after scheduling actions
   - Changes in the logic to update the tick icon.
   - For the postgres localhost:5432 case, use the
   - Fix internal server errors by returning 0 instead of dying
   - Add missing dependency to spacewalk-base-minimal (bsc#678126)
   - Change kickstart to autoinstallation in navigation on pxt pages
   - Debranding

   suseRegisterInfo:

   - Enhance RedHat product detection for CentOS and OracleLinux (bsc#1173584)

   susemanager:

   - Migrate all occurrences of kickstart to autoinstall in cobbler database
     (bsc#1169780)
   - Define bootstrap repo data for SUSE Manager Proxies (bsc#1174470)
   - Add SLE 15 LTSS Product ID to SLE15 bootstrap repositories, as it is
     required to get python3-M2crypto (bsc#1174167)

   susemanager-doc-indexes:

   - Left navigation structure cleaned up
   - Fixed several broken xrefs
   - Added hostname admonition for public cloud sections
   - Clarified Branch Proxy configuration instructions
   - Fixed index page pdf links, urls were 1 step to deep
   - SUSECOM 2020 branding update
   - PDF 2020 branding update
   - WEBUI 2020 branding update
   - Added maintenance window documentation
   - Added SLE client chapter
   - Added 508 compliance
   - Added reverse proxy information to Monitoring in Admin Guide
   - Add note about accessibility to index
   - In the Upgrade Guide, use Major, Minor, and Patch Level terminology for
     versioning.
   - Added docs for nutanix VHM
   - Ubuntu clients using the CLI in SUMA (bsc#1174025)

   susemanager-docs_en:

   - Left navigation structure cleaned up
   - Fixed several broken xrefs
   - Added hostname admonition for public cloud sections
   - Clarified Branch Proxy configuration instructions
   - Fixed index page pdf links, urls were 1 step to deep
   - SUSECOM 2020 branding update
   - PDF 2020 branding update
   - WEBUI 2020 branding update
   - Added maintenance window documentation
   - Added SLE client chapter
   - Added 508 compliance
   - Added reverse proxy information to Monitoring in Admin Guide
   - Add note about accessibility to index
   - In the Upgrade Guide, use Major, Minor, and Patch Level terminology for
     versioning.
   - Added docs for nutanix VHM
   - Ubuntu clients using the CLI in SUMA (bsc#1174025)

   susemanager-frontend-libs:

   - Upgrade jquery to 3.5.1 - CVE-2020-11022 (bsc#1172831)

   susemanager-schema:

   - Add new states and types for virtual instances in order to support
     Nutanix AHV.
   - Implement Maintenance Windows
   - Add virtual network state change action
   - Internal fixes to avoid problems with the idempotency tests

   susemanager-sls:

   - Fix the dnf plugin to add the token to the HTTP header (bsc#1175724)
   - Fix: supply a dnf base when dealing w/repos (bsc#1172504)
   - Fix: autorefresh in repos is zypper-only
   - Add virtual network state change state to handle start, stop and delete
   - Add virtual network state change state to handle start and stop
   - Fetch oracle-release when looking for RedHat Product Info (bsc#1173584)
   - Force a refresh after deleting a virtual storage volume
   - Prevent stuck Hardware Refresh actions on Salt 2016.11.10 based SSH
     minions (bsc#1173169)
   - Require PyYAML version >= 5.1
   - Log out of Docker registries after image build (bsc#1165572)
   - Prevent "module.run" deprecation warnings by using custom mgrcompat
     module

   susemanager-sync-data:

   - Remove version from centos and oracle linux identifier (bsc#1173584)

   uyuni-common-libs:

   - Fix issues importing RPM packages with long RPM headers (bsc#1174965)

   virtual-host-gatherer:

   - Add new gatherer module for Nutanix AHV.

   virtualization-host-formula:

   - Ensure kernel-default and libvirt-python3 are installed
   - Set bridge network as default
   - Fix conditionals (bsc#1175791)



   yomi-formula:

   - Update to version 0.0.1+git.1595952633.b300be2:
     * pillar: install always kernel-default
     * chroot: python3-base is now a capability
     * Move systemctl calls inside chroot
     * Network: initial work for network declaration
     * MicroOS: Remove tmp subvolume
     * Update format following the new standard
     * Fix __mount_device wrapper

   httpcomponents-core:

   - Include the correct package in SUSE Manager Server (no source changes)

   httpcomponents-client:

   - Include the correct package in SUSE Manager Server (no source changes)

   google-gson:

   - Include the correct package in SUSE Manager Server (no source changes)

   How to apply this update: 1. Log in as root user to the SUSE Manager
   server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the
   patch using either zypper patch or YaST Online Update. 4. Upgrade the
   database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service:
   spacewalk-service start


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.1:

      zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2020-2373=1



Package List:

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (ppc64le s390x x86_64):

      golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6
      openvpn-formula-0.1.1-3.3.6
      patterns-suma_retail-4.1-6.3.6
      patterns-suma_server-4.1-6.3.6
      python3-uyuni-common-libs-4.1.6-3.3.6
      spacewalk-branding-4.1.9-3.3.6
      susemanager-4.1.18-3.3.6
      susemanager-tools-4.1.18-3.3.6

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch):

      cobbler-3.0.0+git20190806.32c4bae0-5.3.6
      google-gson-2.8.5-3.2.6
      httpcomponents-client-4.5.6-3.2.6
      httpcomponents-core-4.4.10-3.2.6
      ical4j-3.0.18-3.2.7
      image-sync-formula-0.1.1595937550.0285244-3.3.6
      mgr-libmod-4.1.4-3.3.6
      mgr-osa-dispatcher-4.1.3-2.3.6
      prometheus-exporters-formula-0.7.1-3.5.2
      pxe-default-image-sle15-4.1.0-Build5.3
      python3-mgr-osa-common-4.1.3-2.3.6
      python3-mgr-osa-dispatcher-4.1.3-2.3.6
      python3-spacewalk-certs-tools-4.1.12-3.3.6
      python3-suseRegisterInfo-4.1.3-4.3.6
      saltboot-formula-0.1.1595937550.0285244-3.3.6
      spacecmd-4.1.6-4.3.6
      spacewalk-backend-4.1.14-4.5.2
      spacewalk-backend-app-4.1.14-4.5.2
      spacewalk-backend-applet-4.1.14-4.5.2
      spacewalk-backend-config-files-4.1.14-4.5.2
      spacewalk-backend-config-files-common-4.1.14-4.5.2
      spacewalk-backend-config-files-tool-4.1.14-4.5.2
      spacewalk-backend-iss-4.1.14-4.5.2
      spacewalk-backend-iss-export-4.1.14-4.5.2
      spacewalk-backend-package-push-server-4.1.14-4.5.2
      spacewalk-backend-server-4.1.14-4.5.2
      spacewalk-backend-sql-4.1.14-4.5.2
      spacewalk-backend-sql-postgresql-4.1.14-4.5.2
      spacewalk-backend-tools-4.1.14-4.5.2
      spacewalk-backend-xml-export-libs-4.1.14-4.5.2
      spacewalk-backend-xmlrpc-4.1.14-4.5.2
      spacewalk-base-4.1.15-3.3.6
      spacewalk-base-minimal-4.1.15-3.3.6
      spacewalk-base-minimal-config-4.1.15-3.3.6
      spacewalk-certs-tools-4.1.12-3.3.6
      spacewalk-html-4.1.15-3.3.6
      spacewalk-java-4.1.18-3.5.3
      spacewalk-java-config-4.1.18-3.5.3
      spacewalk-java-lib-4.1.18-3.5.3
      spacewalk-java-postgresql-4.1.18-3.5.3
      spacewalk-taskomatic-4.1.18-3.5.3
      spacewalk-utils-4.1.11-3.3.6
      spacewalk-utils-extras-4.1.11-3.3.6
      suseRegisterInfo-4.1.3-4.3.6
      susemanager-doc-indexes-4.1-11.7.2
      susemanager-docs_en-4.1-11.7.2
      susemanager-docs_en-pdf-4.1-11.7.2
      susemanager-frontend-libs-4.1.0-3.3.6
      susemanager-schema-4.1.12-3.3.6
      susemanager-sls-4.1.14-3.5.2
      susemanager-sync-data-4.1.7-3.3.6
      susemanager-web-libs-4.1.15-3.3.6
      virtual-host-gatherer-1.0.21-4.3.6
      virtual-host-gatherer-Kubernetes-1.0.21-4.3.6
      virtual-host-gatherer-Nutanix-1.0.21-4.3.6
      virtual-host-gatherer-VMware-1.0.21-4.3.6
      virtual-host-gatherer-libcloud-1.0.21-4.3.6
      virtualization-host-formula-0.5-3.3.1
      yomi-formula-0.0.1+git.1595952633.b300be2-3.3.6


References:

   https://www.suse.com/security/cve/CVE-2020-11022.html
   https://bugzilla.suse.com/1136857
   https://bugzilla.suse.com/1165572
   https://bugzilla.suse.com/1169553
   https://bugzilla.suse.com/1169780
   https://bugzilla.suse.com/1170244
   https://bugzilla.suse.com/1170468
   https://bugzilla.suse.com/1170654
   https://bugzilla.suse.com/1171281
   https://bugzilla.suse.com/1172279
   https://bugzilla.suse.com/1172504
   https://bugzilla.suse.com/1172709
   https://bugzilla.suse.com/1172807
   https://bugzilla.suse.com/1172831
   https://bugzilla.suse.com/1172839
   https://bugzilla.suse.com/1173169
   https://bugzilla.suse.com/1173522
   https://bugzilla.suse.com/1173535
   https://bugzilla.suse.com/1173554
   https://bugzilla.suse.com/1173566
   https://bugzilla.suse.com/1173584
   https://bugzilla.suse.com/1173932
   https://bugzilla.suse.com/1173982
   https://bugzilla.suse.com/1173997
   https://bugzilla.suse.com/1174025
   https://bugzilla.suse.com/1174167
   https://bugzilla.suse.com/1174229
   https://bugzilla.suse.com/1174325
   https://bugzilla.suse.com/1174405
   https://bugzilla.suse.com/1174470
   https://bugzilla.suse.com/1174965
   https://bugzilla.suse.com/1175485
   https://bugzilla.suse.com/1175555
   https://bugzilla.suse.com/1175558
   https://bugzilla.suse.com/1175724
   https://bugzilla.suse.com/1175791
   https://bugzilla.suse.com/678126



More information about the sle-security-updates mailing list