SUSE-SU-2020:2373-1: moderate: Security update for SUSE Manager Server 4.1
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Aug 28 10:32:56 MDT 2020
SUSE Security Update: Security update for SUSE Manager Server 4.1
______________________________________________________________________________
Announcement ID: SUSE-SU-2020:2373-1
Rating: moderate
References: #1136857 #1165572 #1169553 #1169780 #1170244
#1170468 #1170654 #1171281 #1172279 #1172504
#1172709 #1172807 #1172831 #1172839 #1173169
#1173522 #1173535 #1173554 #1173566 #1173584
#1173932 #1173982 #1173997 #1174025 #1174167
#1174201 #1174229 #1174325 #1174405 #1174470
#1174965 #1175485 #1175555 #1175558 #1175724
#1175791 #678126
Cross-References: CVE-2020-11022
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Server 4.1
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1
______________________________________________________________________________
An update that solves one vulnerability and has 36 fixes is
now available.
Description:
This update fixes the following issues:
cobbler:
- More old modules naming fixes (bsc#1169553)
image-sync-formula:
- Allow image-sync state on regular minion. Image sync state requires
branch-network pillars to get the directory where to sync images. Use
default `/srv/saltboot` if that pillar is missing so image-sync can be
applied on non branch minions as well.
mgr-libmod:
- Remove unnecessary array wrap in 'list_modules' response object
mgr-osad:
- Move uyuni-base-common dependency from mgr-osad to mgr-osa-dispatcher
(bsc#1174405)
openvpn-formula:
- Add hint that ssl certs must be on system (bsc#1172279)
patterns-suse-manager:
- Add Recommends for golang-github-QubitProducts-exporter_exporter
prometheus-exporters-formula:
- Bugfix: Handle exporters proxy for unsupported distros (bsc#1175555)
- Add support for exporters proxy (exporter_exporter)
pxe-default-image-sle15:
- Rollback the workaround for bsc#1172807, as dracut is now fixed
saltboot-formula:
- Better fix for rounding errors (bsc#1136857)
spacecmd:
- Fix softwarechannel update for vendor channels (bsc#1172709)
- Fix escaping of package names (bsc#1171281)
spacewalk-backend:
- Adds basic functionality for gpg check
- Verify GPG signature of Ubuntu/Debian repository metadata (Release file)
- Take care of SCC auth tokens on DEB repos GPG checks (bsc#1175485)
- Use spacewalk keyring for GPG checks on DEB repos (bsc#1175485)
spacewalk-branding:
- Implement Maintenance Windows
- Fix typo on spacewalk-branding license
spacewalk-certs-tools:
- Strip SSL Certificate Common Name after 63 Characters (bsc#1173535)
- Fix centos detection (bsc#1173584)
spacewalk-java:
- Use media.1/products from media when not specified different
(bsc#1175558)
- Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)
- Fix error when rolling back a system to a snapshot (bsc#1173997)
- Implement maintenance windows backend
- Add check for maintainence window during executing recurring actions
- Implement maintenance windows in struts
- XMLRPC: Assign/retract maintenance schedule to/from systems
- Fix softwarechannel update for vendor channels (bsc#1172709)
- Avoid deadlock when syncing channels and registering minions at the same
time (bsc#1173566)
- Change system list header text to something better (bsc#1173982)
- Set CPU and memory info for virtual instances (bsc#1170244)
- Add virtual network Start, Stop and Delete actions
- Add virtual network list page
- Fix httpcomponents and gson jar symlinks (bsc#1174229)
- Enhance RedHat product detection for CentOS and OracleLinux (bsc#1173584)
- Provide comps.xml and modules.yaml when using onlinerepo for kickstart
- Refresh virtualization pages only on events
- Fix up2date detection on RH8 when salt-minion is used for registration
- Improve performance of the System Groups page with many clients
(bsc#1172839)
- Include number of non-patch package updates to non-critical update
counts in system group pages (bsc#1170468)
- Bump XMLRPC API version number to distinguish from Spacewalk 2.10
- Cluster UI: return to overview page after scheduling actions
- Fix NPE on auto installation when no kernel options are given
(bsc#1173932)
- Fix issue with disabling self_update for autoyast autoupgrade
(bsc#1170654)
- Adapt expectations for jobs return events after switching Salt states to
use 'mgrcompat.module_run' state.
spacewalk-utils:
- Add aarch64 for openSUSE Leap 15.1 and 15.2
spacewalk-web:
- Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)
- Fix JS linting errors/warnings
- Enable Nutanix AHV virtual host gatherer.
- Web UI: Implement managing maintenance schedules and calendars
- Warn when a system is in multiple groups that configure the same formula
in the system formula's UI (bsc#1173554)
- Add virtual network start, stop and delete actions
- Add virtual network list page
- Fix internal server error when creating module filters in CLM
(bsc#1174325)
- Fix VM creation page when there is no volume in the default storage pool
- Refresh virtualization pages only on events
- Product list in the Wizard doesn't show SLE products first (bsc#1173522)
- Cluster UI: return to overview page after scheduling actions
- Changes in the logic to update the tick icon.
- For the postgres localhost:5432 case, use the
- Fix internal server errors by returning 0 instead of dying
- Add missing dependency to spacewalk-base-minimal (bsc#678126)
- Change kickstart to autoinstallation in navigation on pxt pages
- Debranding
suseRegisterInfo:
- Enhance RedHat product detection for CentOS and OracleLinux (bsc#1173584)
susemanager:
- Migrate all occurrences of kickstart to autoinstall in cobbler database
(bsc#1169780)
- Define bootstrap repo data for SUSE Manager Proxies (bsc#1174470)
- Add SLE 15 LTSS Product ID to SLE15 bootstrap repositories, as it is
required to get python3-M2crypto (bsc#1174167)
susemanager-doc-indexes:
- Left navigation structure cleaned up
- Fixed several broken xrefs
- Added hostname admonition for public cloud sections
- Clarified Branch Proxy configuration instructions
- Fixed index page pdf links, urls were 1 step to deep
- SUSECOM 2020 branding update
- PDF 2020 branding update
- WEBUI 2020 branding update
- Added maintenance window documentation
- Added SLE client chapter
- Added 508 compliance
- Added reverse proxy information to Monitoring in Admin Guide
- Add note about accessibility to index
- In the Upgrade Guide, use Major, Minor, and Patch Level terminology for
versioning.
- Added docs for nutanix VHM
- Ubuntu clients using the CLI in SUMA (bsc#1174025)
susemanager-docs_en:
- Left navigation structure cleaned up
- Fixed several broken xrefs
- Added hostname admonition for public cloud sections
- Clarified Branch Proxy configuration instructions
- Fixed index page pdf links, urls were 1 step to deep
- SUSECOM 2020 branding update
- PDF 2020 branding update
- WEBUI 2020 branding update
- Added maintenance window documentation
- Added SLE client chapter
- Added 508 compliance
- Added reverse proxy information to Monitoring in Admin Guide
- Add note about accessibility to index
- In the Upgrade Guide, use Major, Minor, and Patch Level terminology for
versioning.
- Added docs for nutanix VHM
- Ubuntu clients using the CLI in SUMA (bsc#1174025)
susemanager-frontend-libs:
- Upgrade jquery to 3.5.1 - CVE-2020-11022 (bsc#1172831)
susemanager-schema:
- Add new states and types for virtual instances in order to support
Nutanix AHV.
- Implement Maintenance Windows
- Add virtual network state change action
- Internal fixes to avoid problems with the idempotency tests
susemanager-sls:
- Fix the dnf plugin to add the token to the HTTP header (bsc#1175724)
- Fix: supply a dnf base when dealing w/repos (bsc#1172504)
- Fix: autorefresh in repos is zypper-only
- Add virtual network state change state to handle start, stop and delete
- Add virtual network state change state to handle start and stop
- Fetch oracle-release when looking for RedHat Product Info (bsc#1173584)
- Force a refresh after deleting a virtual storage volume
- Prevent stuck Hardware Refresh actions on Salt 2016.11.10 based SSH
minions (bsc#1173169)
- Require PyYAML version >= 5.1
- Log out of Docker registries after image build (bsc#1165572)
- Prevent "module.run" deprecation warnings by using custom mgrcompat
module
susemanager-sync-data:
- Remove version from centos and oracle linux identifier (bsc#1173584)
uyuni-common-libs:
- Fix issues importing RPM packages with long RPM headers (bsc#1174965)
virtual-host-gatherer:
- Add new gatherer module for Nutanix AHV.
virtualization-host-formula:
- Ensure kernel-default and libvirt-python3 are installed
- Set bridge network as default
- Fix conditionals (bsc#1175791)
yomi-formula:
- Update to version 0.0.1+git.1595952633.b300be2:
* pillar: install always kernel-default
* chroot: python3-base is now a capability
* Move systemctl calls inside chroot
* Network: initial work for network declaration
* MicroOS: Remove tmp subvolume
* Update format following the new standard
* Fix __mount_device wrapper
httpcomponents-core:
- Include the correct package in SUSE Manager Server (no source changes)
httpcomponents-client:
- Include the correct package in SUSE Manager Server (no source changes)
google-gson:
- Include the correct package in SUSE Manager Server (no source changes)
How to apply this update: 1. Log in as root user to the SUSE Manager
server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the
patch using either zypper patch or YaST Online Update. 4. Upgrade the
database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service:
spacewalk-service start
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2020-2373=1
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2020-2373=1
Package List:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (ppc64le s390x x86_64):
golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6
openvpn-formula-0.1.1-3.3.6
patterns-suma_retail-4.1-6.3.6
patterns-suma_server-4.1-6.3.6
python3-uyuni-common-libs-4.1.6-3.3.6
spacewalk-branding-4.1.9-3.3.6
susemanager-4.1.18-3.3.6
susemanager-tools-4.1.18-3.3.6
- SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch):
cobbler-3.0.0+git20190806.32c4bae0-5.3.6
google-gson-2.8.5-3.2.6
httpcomponents-client-4.5.6-3.2.6
httpcomponents-core-4.4.10-3.2.6
ical4j-3.0.18-3.2.7
image-sync-formula-0.1.1595937550.0285244-3.3.6
mgr-libmod-4.1.4-3.3.6
mgr-osa-dispatcher-4.1.3-2.3.6
prometheus-exporters-formula-0.7.1-3.5.2
pxe-default-image-sle15-4.1.0-Build5.3
python3-mgr-osa-common-4.1.3-2.3.6
python3-mgr-osa-dispatcher-4.1.3-2.3.6
python3-spacewalk-certs-tools-4.1.12-3.3.6
python3-suseRegisterInfo-4.1.3-4.3.6
saltboot-formula-0.1.1595937550.0285244-3.3.6
spacecmd-4.1.6-4.3.6
spacewalk-backend-4.1.14-4.5.2
spacewalk-backend-app-4.1.14-4.5.2
spacewalk-backend-applet-4.1.14-4.5.2
spacewalk-backend-config-files-4.1.14-4.5.2
spacewalk-backend-config-files-common-4.1.14-4.5.2
spacewalk-backend-config-files-tool-4.1.14-4.5.2
spacewalk-backend-iss-4.1.14-4.5.2
spacewalk-backend-iss-export-4.1.14-4.5.2
spacewalk-backend-package-push-server-4.1.14-4.5.2
spacewalk-backend-server-4.1.14-4.5.2
spacewalk-backend-sql-4.1.14-4.5.2
spacewalk-backend-sql-postgresql-4.1.14-4.5.2
spacewalk-backend-tools-4.1.14-4.5.2
spacewalk-backend-xml-export-libs-4.1.14-4.5.2
spacewalk-backend-xmlrpc-4.1.14-4.5.2
spacewalk-base-4.1.15-3.3.6
spacewalk-base-minimal-4.1.15-3.3.6
spacewalk-base-minimal-config-4.1.15-3.3.6
spacewalk-certs-tools-4.1.12-3.3.6
spacewalk-html-4.1.15-3.3.6
spacewalk-java-4.1.18-3.5.3
spacewalk-java-config-4.1.18-3.5.3
spacewalk-java-lib-4.1.18-3.5.3
spacewalk-java-postgresql-4.1.18-3.5.3
spacewalk-taskomatic-4.1.18-3.5.3
spacewalk-utils-4.1.11-3.3.6
spacewalk-utils-extras-4.1.11-3.3.6
suseRegisterInfo-4.1.3-4.3.6
susemanager-doc-indexes-4.1-11.7.2
susemanager-docs_en-4.1-11.7.2
susemanager-docs_en-pdf-4.1-11.7.2
susemanager-frontend-libs-4.1.0-3.3.6
susemanager-schema-4.1.12-3.3.6
susemanager-sls-4.1.14-3.5.2
susemanager-sync-data-4.1.7-3.3.6
susemanager-web-libs-4.1.15-3.3.6
virtual-host-gatherer-1.0.21-4.3.6
virtual-host-gatherer-Kubernetes-1.0.21-4.3.6
virtual-host-gatherer-Nutanix-1.0.21-4.3.6
virtual-host-gatherer-VMware-1.0.21-4.3.6
virtual-host-gatherer-libcloud-1.0.21-4.3.6
virtualization-host-formula-0.5-3.3.1
yomi-formula-0.0.1+git.1595952633.b300be2-3.3.6
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (x86_64):
golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6
patterns-suma_proxy-4.1-6.3.6
python3-uyuni-common-libs-4.1.6-3.3.6
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (noarch):
mgr-osad-4.1.3-2.3.6
python3-mgr-osa-common-4.1.3-2.3.6
python3-mgr-osad-4.1.3-2.3.6
python3-spacewalk-certs-tools-4.1.12-3.3.6
python3-suseRegisterInfo-4.1.3-4.3.6
spacecmd-4.1.6-4.3.6
spacewalk-backend-4.1.14-4.5.2
spacewalk-base-minimal-4.1.15-3.3.6
spacewalk-base-minimal-config-4.1.15-3.3.6
spacewalk-certs-tools-4.1.12-3.3.6
spacewalk-proxy-broker-4.1.2-3.3.6
spacewalk-proxy-common-4.1.2-3.3.6
spacewalk-proxy-management-4.1.2-3.3.6
spacewalk-proxy-package-manager-4.1.2-3.3.6
spacewalk-proxy-redirect-4.1.2-3.3.6
spacewalk-proxy-salt-4.1.2-3.3.6
suseRegisterInfo-4.1.3-4.3.6
References:
https://www.suse.com/security/cve/CVE-2020-11022.html
https://bugzilla.suse.com/1136857
https://bugzilla.suse.com/1165572
https://bugzilla.suse.com/1169553
https://bugzilla.suse.com/1169780
https://bugzilla.suse.com/1170244
https://bugzilla.suse.com/1170468
https://bugzilla.suse.com/1170654
https://bugzilla.suse.com/1171281
https://bugzilla.suse.com/1172279
https://bugzilla.suse.com/1172504
https://bugzilla.suse.com/1172709
https://bugzilla.suse.com/1172807
https://bugzilla.suse.com/1172831
https://bugzilla.suse.com/1172839
https://bugzilla.suse.com/1173169
https://bugzilla.suse.com/1173522
https://bugzilla.suse.com/1173535
https://bugzilla.suse.com/1173554
https://bugzilla.suse.com/1173566
https://bugzilla.suse.com/1173584
https://bugzilla.suse.com/1173932
https://bugzilla.suse.com/1173982
https://bugzilla.suse.com/1173997
https://bugzilla.suse.com/1174025
https://bugzilla.suse.com/1174167
https://bugzilla.suse.com/1174201
https://bugzilla.suse.com/1174229
https://bugzilla.suse.com/1174325
https://bugzilla.suse.com/1174405
https://bugzilla.suse.com/1174470
https://bugzilla.suse.com/1174965
https://bugzilla.suse.com/1175485
https://bugzilla.suse.com/1175555
https://bugzilla.suse.com/1175558
https://bugzilla.suse.com/1175724
https://bugzilla.suse.com/1175791
https://bugzilla.suse.com/678126
More information about the sle-security-updates
mailing list