SUSE-SU-2020:3781-1: moderate: Security update for SUSE Manager Server 4.1
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Mon Dec 14 07:27:41 MST 2020
SUSE Security Update: Security update for SUSE Manager Server 4.1
______________________________________________________________________________
Announcement ID: SUSE-SU-2020:3781-1
Rating: moderate
References: #1172079 #1172287 #1175607 #1175739 #1175987
#1176172 #1176417 #1176898 #1177184 #1177336
#1177435 #1177704 #1177706 #1177767 #1177975
#1178195 #1178303 #1178503 #1178704 #1178839
#1179257 #1179759
Cross-References: CVE-2020-13692
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Server 4.1
______________________________________________________________________________
An update that solves one vulnerability and has 21 fixes is
now available.
Description:
This update fixes the following issues:
image-sync-formula:
- Send image_synced event to master
postgresql-jdbc:
- Address CVE-2020-13692 (bsc#1172079)
pxe-yomi-image-sle15:
- Update config.sh based on last JeOS template
- Update JEOS_LOCALE to en_US.UTF-8
- Support config{_url}{_name} for user provided configuration
python-susemanager-retail:
- Handle organizations in retail_create_delta
saltboot-formula:
- Support older SLE11 cryptsetup (bsc#1172287)
- Use images with "synced" flag
spacecmd:
- Fix: make spacecmd build on Debian
spacewalk-admin:
- Use the license macro to mark the LICENSE in the package so that when
installing without docs, it does install the LICENSE file
- Prevent javax.net.ssl.SSLHandshakeException after upgrading from SUSE
Manager 3.2 (bsc#1177435)
spacewalk-backend:
- Fix missing `LiteServer.add_suse_products` method (bsc#1178704)
- Do not raise TypeError when processing SUSE products (bsc#1178704)
- Fix spacewalk-repo-sync to successfully manage and sync ULN repositories
- Fix errors in spacewalk-debug and align postgresql queries to new DB
version
- ISS: Differentiate packages with same nevra but different checksum in
the same channel (bsc#1178195)
- Re-enables possibility to use local repos with repo-sync (bsc#1175607)
- Add `allow_vendor_change` option to rhn clients for dist upgrades
spacewalk-certs-tools:
- Improve check for correct CA trust store directory (bsc#1176417)
spacewalk-client-tools:
- Update translations
spacewalk-java:
- Update content sensitive help links
- Update exception message in findSyncedMandatoryChannels
- Report resolved module dependencies on CLM project details page
- Allow creating custom ULN repositories with uln:// urls
- Change message "Minion is down" to be more accurate
- Localize documentation links
- Temp: revert Sync state modules when starting action chain execution
(bsc#1177336)
- Fix check for available products on ISS Slaves (bsc#1177184)
- XMLRPC: Report architecture label in the list of installed packages
(bsc#1176898)
- Get media.1/products for cloned channels (bsc#1178303)
- Calculate size to truncate a history message based on the htmlified
version (bsc#1178503)
- Make image pillar visible only in buildhost organization
- Maintain list of synced images in pillar
- Enable validation of Content Lifecycle Management entities in the XMLRPC
API (bsc#1177706)
- Fix the order of the arguments in the XMLRPC API doc for
contentmanagement.buildProject (bsc#1177704)
- Fix repo url of AppStream in generated RHEL/Centos 8 kickstart file
(bsc#1175739)
- Log token verify errors and check for expired tokens
- Show only kernel options in advanced autoinstallation page when working
with a salt minion (bsc#1177767)
- Show cluster upgrade plan in the upgrade UI
- Take pool and volume from Salt virt.vm_info for files and blocks disks
(bsc#1175987)
- Add new allowVendorChange flag for dist upgrades
- Sync state modules when starting action chain execution (bsc#1177336)
- Enable redfish power management by default
spacewalk-search:
- Add multi lang support to the document search
spacewalk-setup:
- Add sock_pool_size setting by default for better performance
spacewalk-web:
- Update content sensitive help links
- Fix mandatory channels JS API to finish loading in case of error
(bsc#1178839)
- Fix the search panel in CLM filters page
- Localize documentation links
- Fix link to documentation in Admin -> Manager Configuration ->
Monitoring (bsc#1176172)
- Show cluster upgrade plan in the upgrade UI
- Don't allow selecting spice for Xen PV and PVH guests
supportutils-plugin-susemanager:
- Remove checks for obsolete packages
- Gather new configfiles
- Add more important informations
susemanager:
- Adapt Debian10 bootstrap repository definition for salt on Python 3
- Add --force to mgr-create-bootstrap-repo to enforce generation even when
some products are not synchronized
susemanager-doc-indexes:
- Added warning about local repositories in the Clients Configuration Guide
- Removed duplicate contact method entry in Client Configuration Guide
- Enabled upgrade section for SLE clients on Uyuni in Clients
Configuration Guide
- Added a section for working with bootstrap repositories and End of Life
products in Client Configuration Guide
- Added Salt Minion file contact method to Client Configuration Guide
- Added Redfish to power management protocols section
- Clarify that port 22 is required for the SUSE Manager server in the
installation guide (bsc#1177975)
- Added procedure for adding virtualization guests to the Client
Configuration Guide
- New guide added: Quickstart SAP Guide
- Add multilang support
susemanager-docs_en:
- Added warning about local repositories in the Clients Configuration Guide
- Removed duplicate contact method entry in Client Configuration Guide
- Enabled upgrade section for SLE clients on Uyuni in Clients
Configuration Guide
- Added a section for working with bootstrap repositories and End of Life
products in Client Configuration Guide
- Added Salt Minion file contact method to Client Configuration Guide
- Added Redfish to power management protocols section
- Clarify that port 22 is required for the SUSE Manager server in the
installation guide (bsc#1177975)
- Added procedure for adding virtualization guests to the Client
Configuration Guide
- New guide added: Quickstart SAP Guide
- Add multilang support
mgr-libmod:
- Fix `module not found` exception handling. (bsc#1179257)
susemanager-frontend-libs:
- Update Bootstrap to 3.1.0
susemanager-schema:
- Move dist upgrade SQL file to the correct directory so it gets picked up
in schema upgrades (bsc#1179759)
- Add `preferred_docs_locale` to UserInfo table
- Add new column to rhnactiondup table for allowVendorChange flag
susemanager-sls:
- Fix: sync before start action chains (bsc#1177336)
- Temp: revert Sync state modules when starting action chain execution
(bsc#1177336)
- Handle group- and org-specific image pillars
- Use require in reboot trigger (bsc#1177767)
- Add pillar option to get allowVendorChange option during dist upgrade
- Sync state modules when starting action chain execution (bsc#1177336)
susemanager-sync-data:
- Add new channel families for CAASP on ARM64 and HPC15 SP2 LTSS
- Remove duplicate repo definition
uyuni-cluster-provider-caasp:
- Show the cluster upgrade plan in the UI
yomi-formula:
- Update to version 0.0.1+git.1604593202.a2c22bf:
* storage: hide mountpoint if no filesystem
* software: migrate repos as certs
* software: add verify parameter
* _grains: efi grains are in Salt now
* software: transfer current repository
* software: add repository options
* lvm: fix indentation
* partitioned: fix parted call and tests
- Update to version 0.0.1+git.1601999695.6141130:
* README: add user provided config
- Update to version 0.0.1+git.1598948600.9a9eab0:
* Replace fdisk with parted in partitioned
How to apply this update: 1. Log in as root user to the SUSE Manager
server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the
patch using either zypper patch or YaST Online Update. 4. Upgrade the
database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service:
spacewalk-service start
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2020-3781=1
Package List:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (ppc64le s390x x86_64):
susemanager-4.1.22-3.14.6
susemanager-tools-4.1.22-3.14.6
- SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch):
image-sync-formula-0.1.1605087464.65d1b51-3.9.5
mgr-libmod-4.1.5-3.8.2
postgresql-jdbc-42.2.10-3.3.5
python3-spacewalk-certs-tools-4.1.14-3.9.5
python3-spacewalk-client-tools-4.1.8-4.9.5
python3-susemanager-retail-1.0.1605087464.65d1b51-3.6.5
saltboot-formula-0.1.1605087464.65d1b51-3.9.5
spacecmd-4.1.9-4.12.5
spacewalk-admin-4.1.8-3.9.5
spacewalk-backend-4.1.18-4.14.6
spacewalk-backend-app-4.1.18-4.14.6
spacewalk-backend-applet-4.1.18-4.14.6
spacewalk-backend-config-files-4.1.18-4.14.6
spacewalk-backend-config-files-common-4.1.18-4.14.6
spacewalk-backend-config-files-tool-4.1.18-4.14.6
spacewalk-backend-iss-4.1.18-4.14.6
spacewalk-backend-iss-export-4.1.18-4.14.6
spacewalk-backend-package-push-server-4.1.18-4.14.6
spacewalk-backend-server-4.1.18-4.14.6
spacewalk-backend-sql-4.1.18-4.14.6
spacewalk-backend-sql-postgresql-4.1.18-4.14.6
spacewalk-backend-tools-4.1.18-4.14.6
spacewalk-backend-xml-export-libs-4.1.18-4.14.6
spacewalk-backend-xmlrpc-4.1.18-4.14.6
spacewalk-base-4.1.21-3.12.5
spacewalk-base-minimal-4.1.21-3.12.5
spacewalk-base-minimal-config-4.1.21-3.12.5
spacewalk-certs-tools-4.1.14-3.9.5
spacewalk-client-tools-4.1.8-4.9.5
spacewalk-html-4.1.21-3.12.5
spacewalk-java-4.1.24-3.19.6
spacewalk-java-config-4.1.24-3.19.6
spacewalk-java-lib-4.1.24-3.19.6
spacewalk-java-postgresql-4.1.24-3.19.6
spacewalk-search-4.1.4-3.6.6
spacewalk-setup-4.1.7-3.6.5
spacewalk-taskomatic-4.1.24-3.19.6
supportutils-plugin-susemanager-4.1.4-3.3.5
susemanager-doc-indexes-4.1-11.20.5
susemanager-docs_en-4.1-11.20.5
susemanager-docs_en-pdf-4.1-11.20.5
susemanager-frontend-libs-4.1.1-3.6.5
susemanager-retail-tools-1.0.1605087464.65d1b51-3.6.5
susemanager-schema-4.1.17-3.16.2
susemanager-sls-4.1.18-3.16.5
susemanager-sync-data-4.1.8-3.6.5
susemanager-web-libs-4.1.21-3.12.5
uyuni-cluster-provider-caasp-4.1.3-3.3.5
uyuni-config-modules-4.1.18-3.16.5
yomi-formula-0.0.1+git.1604593202.a2c22bf-3.6.5
References:
https://www.suse.com/security/cve/CVE-2020-13692.html
https://bugzilla.suse.com/1172079
https://bugzilla.suse.com/1172287
https://bugzilla.suse.com/1175607
https://bugzilla.suse.com/1175739
https://bugzilla.suse.com/1175987
https://bugzilla.suse.com/1176172
https://bugzilla.suse.com/1176417
https://bugzilla.suse.com/1176898
https://bugzilla.suse.com/1177184
https://bugzilla.suse.com/1177336
https://bugzilla.suse.com/1177435
https://bugzilla.suse.com/1177704
https://bugzilla.suse.com/1177706
https://bugzilla.suse.com/1177767
https://bugzilla.suse.com/1177975
https://bugzilla.suse.com/1178195
https://bugzilla.suse.com/1178303
https://bugzilla.suse.com/1178503
https://bugzilla.suse.com/1178704
https://bugzilla.suse.com/1178839
https://bugzilla.suse.com/1179257
https://bugzilla.suse.com/1179759
More information about the sle-security-updates
mailing list