SUSE-SU-2020:3781-1: moderate: Security update for SUSE Manager Server 4.1

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Mon Dec 14 07:27:41 MST 2020


   SUSE Security Update: Security update for SUSE Manager Server 4.1
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:3781-1
Rating:             moderate
References:         #1172079 #1172287 #1175607 #1175739 #1175987 
                    #1176172 #1176417 #1176898 #1177184 #1177336 
                    #1177435 #1177704 #1177706 #1177767 #1177975 
                    #1178195 #1178303 #1178503 #1178704 #1178839 
                    #1179257 #1179759 
Cross-References:   CVE-2020-13692
Affected Products:
                    SUSE Linux Enterprise Module for SUSE Manager Server 4.1
______________________________________________________________________________

   An update that solves one vulnerability and has 21 fixes is
   now available.

Description:

   This update fixes the following issues:

   image-sync-formula:

   - Send image_synced event to master

   postgresql-jdbc:

   - Address CVE-2020-13692 (bsc#1172079)

   pxe-yomi-image-sle15:

   - Update config.sh based on last JeOS template
   - Update JEOS_LOCALE to en_US.UTF-8
   - Support config{_url}{_name} for user provided configuration

   python-susemanager-retail:

   - Handle organizations in retail_create_delta

   saltboot-formula:

   - Support older SLE11 cryptsetup (bsc#1172287)
   - Use images with "synced" flag

   spacecmd:

   - Fix: make spacecmd build on Debian

   spacewalk-admin:

   - Use the license macro to mark the LICENSE in the package so that when
     installing without docs, it does install the LICENSE file
   - Prevent javax.net.ssl.SSLHandshakeException after upgrading from SUSE
     Manager 3.2 (bsc#1177435)

   spacewalk-backend:

   - Fix missing `LiteServer.add_suse_products` method (bsc#1178704)
   - Do not raise TypeError when processing SUSE products (bsc#1178704)
   - Fix spacewalk-repo-sync to successfully manage and sync ULN repositories
   - Fix errors in spacewalk-debug and align postgresql queries to new DB
     version
   - ISS: Differentiate packages with same nevra but different checksum in
     the same channel (bsc#1178195)
   - Re-enables possibility to use local repos with repo-sync (bsc#1175607)
   - Add `allow_vendor_change` option to rhn clients for dist upgrades

   spacewalk-certs-tools:

   - Improve check for correct CA trust store directory (bsc#1176417)

   spacewalk-client-tools:

   - Update translations

   spacewalk-java:

   - Update content sensitive help links
   - Update exception message in findSyncedMandatoryChannels
   - Report resolved module dependencies on CLM project details page
   - Allow creating custom ULN repositories with uln:// urls
   - Change message "Minion is down" to be more accurate
   - Localize documentation links
   - Temp: revert Sync state modules when starting action chain execution
     (bsc#1177336)
   - Fix check for available products on ISS Slaves (bsc#1177184)
   - XMLRPC: Report architecture label in the list of installed packages
     (bsc#1176898)
   - Get media.1/products for cloned channels (bsc#1178303)
   - Calculate size to truncate a history message based on the htmlified
     version (bsc#1178503)
   - Make image pillar visible only in buildhost organization
   - Maintain list of synced images in pillar
   - Enable validation of Content Lifecycle Management entities in the XMLRPC
     API (bsc#1177706)
   - Fix the order of the arguments in the XMLRPC API doc for
     contentmanagement.buildProject (bsc#1177704)
   - Fix repo url of AppStream in generated RHEL/Centos 8 kickstart file
     (bsc#1175739)
   - Log token verify errors and check for expired tokens
   - Show only kernel options in advanced autoinstallation page when working
     with a salt minion (bsc#1177767)
   - Show cluster upgrade plan in the upgrade UI
   - Take pool and volume from Salt virt.vm_info for files and blocks disks
     (bsc#1175987)
   - Add new allowVendorChange flag for dist upgrades
   - Sync state modules when starting action chain execution (bsc#1177336)
   - Enable redfish power management by default

   spacewalk-search:

   - Add multi lang support to the document search

   spacewalk-setup:

   - Add sock_pool_size setting by default for better performance

   spacewalk-web:

   - Update content sensitive help links
   - Fix mandatory channels JS API to finish loading in case of error
     (bsc#1178839)
   - Fix the search panel in CLM filters page
   - Localize documentation links
   - Fix link to documentation in Admin -> Manager Configuration ->
     Monitoring (bsc#1176172)
   - Show cluster upgrade plan in the upgrade UI
   - Don't allow selecting spice for Xen PV and PVH guests

   supportutils-plugin-susemanager:

   - Remove checks for obsolete packages
   - Gather new configfiles
   - Add more important informations

   susemanager:

   - Adapt Debian10 bootstrap repository definition for salt on Python 3
   - Add --force to mgr-create-bootstrap-repo to enforce generation even when
     some products are not synchronized

   susemanager-doc-indexes:

   - Added warning about local repositories in the Clients Configuration Guide
   - Removed duplicate contact method entry in Client Configuration Guide
   - Enabled upgrade section for SLE clients on Uyuni in Clients
     Configuration Guide
   - Added a section for working with bootstrap repositories and End of Life
     products in Client Configuration Guide
   - Added Salt Minion file contact method to Client Configuration Guide
   - Added Redfish to power management protocols section
   - Clarify that port 22 is required for the SUSE Manager server in the
     installation guide (bsc#1177975)
   - Added procedure for adding virtualization guests to the Client
     Configuration Guide
   - New guide added: Quickstart SAP Guide
   - Add multilang support

   susemanager-docs_en:

   - Added warning about local repositories in the Clients Configuration Guide
   - Removed duplicate contact method entry in Client Configuration Guide
   - Enabled upgrade section for SLE clients on Uyuni in Clients
     Configuration Guide
   - Added a section for working with bootstrap repositories and End of Life
     products in Client Configuration Guide
   - Added Salt Minion file contact method to Client Configuration Guide
   - Added Redfish to power management protocols section
   - Clarify that port 22 is required for the SUSE Manager server in the
     installation guide (bsc#1177975)
   - Added procedure for adding virtualization guests to the Client
     Configuration Guide
   - New guide added: Quickstart SAP Guide
   - Add multilang support

   mgr-libmod:

   - Fix `module not found` exception handling. (bsc#1179257)

   susemanager-frontend-libs:

   - Update Bootstrap to 3.1.0

   susemanager-schema:

   - Move dist upgrade SQL file to the correct directory so it gets picked up
     in schema upgrades (bsc#1179759)
   - Add `preferred_docs_locale` to UserInfo table
   - Add new column to rhnactiondup table for allowVendorChange flag

   susemanager-sls:

   - Fix: sync before start action chains (bsc#1177336)
   - Temp: revert Sync state modules when starting action chain execution
     (bsc#1177336)
   - Handle group- and org-specific image pillars
   - Use require in reboot trigger (bsc#1177767)
   - Add pillar option to get allowVendorChange option during dist upgrade
   - Sync state modules when starting action chain execution (bsc#1177336)

   susemanager-sync-data:

   - Add new channel families for CAASP on ARM64 and HPC15 SP2 LTSS
   - Remove duplicate repo definition

   uyuni-cluster-provider-caasp:

   - Show the cluster upgrade plan in the UI

   yomi-formula:

   - Update to version 0.0.1+git.1604593202.a2c22bf:
     * storage: hide mountpoint if no filesystem
     * software: migrate repos as certs
     * software: add verify parameter
     * _grains: efi grains are in Salt now
     * software: transfer current repository
     * software: add repository options
     * lvm: fix indentation
     * partitioned: fix parted call and tests
   - Update to version 0.0.1+git.1601999695.6141130:
     * README: add user provided config
   - Update to version 0.0.1+git.1598948600.9a9eab0:
     * Replace fdisk with parted in partitioned

   How to apply this update: 1. Log in as root user to the SUSE Manager
   server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the
   patch using either zypper patch or YaST Online Update. 4. Upgrade the
   database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service:
   spacewalk-service start


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.1:

      zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2020-3781=1



Package List:

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (ppc64le s390x x86_64):

      susemanager-4.1.22-3.14.6
      susemanager-tools-4.1.22-3.14.6

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch):

      image-sync-formula-0.1.1605087464.65d1b51-3.9.5
      mgr-libmod-4.1.5-3.8.2
      postgresql-jdbc-42.2.10-3.3.5
      python3-spacewalk-certs-tools-4.1.14-3.9.5
      python3-spacewalk-client-tools-4.1.8-4.9.5
      python3-susemanager-retail-1.0.1605087464.65d1b51-3.6.5
      saltboot-formula-0.1.1605087464.65d1b51-3.9.5
      spacecmd-4.1.9-4.12.5
      spacewalk-admin-4.1.8-3.9.5
      spacewalk-backend-4.1.18-4.14.6
      spacewalk-backend-app-4.1.18-4.14.6
      spacewalk-backend-applet-4.1.18-4.14.6
      spacewalk-backend-config-files-4.1.18-4.14.6
      spacewalk-backend-config-files-common-4.1.18-4.14.6
      spacewalk-backend-config-files-tool-4.1.18-4.14.6
      spacewalk-backend-iss-4.1.18-4.14.6
      spacewalk-backend-iss-export-4.1.18-4.14.6
      spacewalk-backend-package-push-server-4.1.18-4.14.6
      spacewalk-backend-server-4.1.18-4.14.6
      spacewalk-backend-sql-4.1.18-4.14.6
      spacewalk-backend-sql-postgresql-4.1.18-4.14.6
      spacewalk-backend-tools-4.1.18-4.14.6
      spacewalk-backend-xml-export-libs-4.1.18-4.14.6
      spacewalk-backend-xmlrpc-4.1.18-4.14.6
      spacewalk-base-4.1.21-3.12.5
      spacewalk-base-minimal-4.1.21-3.12.5
      spacewalk-base-minimal-config-4.1.21-3.12.5
      spacewalk-certs-tools-4.1.14-3.9.5
      spacewalk-client-tools-4.1.8-4.9.5
      spacewalk-html-4.1.21-3.12.5
      spacewalk-java-4.1.24-3.19.6
      spacewalk-java-config-4.1.24-3.19.6
      spacewalk-java-lib-4.1.24-3.19.6
      spacewalk-java-postgresql-4.1.24-3.19.6
      spacewalk-search-4.1.4-3.6.6
      spacewalk-setup-4.1.7-3.6.5
      spacewalk-taskomatic-4.1.24-3.19.6
      supportutils-plugin-susemanager-4.1.4-3.3.5
      susemanager-doc-indexes-4.1-11.20.5
      susemanager-docs_en-4.1-11.20.5
      susemanager-docs_en-pdf-4.1-11.20.5
      susemanager-frontend-libs-4.1.1-3.6.5
      susemanager-retail-tools-1.0.1605087464.65d1b51-3.6.5
      susemanager-schema-4.1.17-3.16.2
      susemanager-sls-4.1.18-3.16.5
      susemanager-sync-data-4.1.8-3.6.5
      susemanager-web-libs-4.1.21-3.12.5
      uyuni-cluster-provider-caasp-4.1.3-3.3.5
      uyuni-config-modules-4.1.18-3.16.5
      yomi-formula-0.0.1+git.1604593202.a2c22bf-3.6.5


References:

   https://www.suse.com/security/cve/CVE-2020-13692.html
   https://bugzilla.suse.com/1172079
   https://bugzilla.suse.com/1172287
   https://bugzilla.suse.com/1175607
   https://bugzilla.suse.com/1175739
   https://bugzilla.suse.com/1175987
   https://bugzilla.suse.com/1176172
   https://bugzilla.suse.com/1176417
   https://bugzilla.suse.com/1176898
   https://bugzilla.suse.com/1177184
   https://bugzilla.suse.com/1177336
   https://bugzilla.suse.com/1177435
   https://bugzilla.suse.com/1177704
   https://bugzilla.suse.com/1177706
   https://bugzilla.suse.com/1177767
   https://bugzilla.suse.com/1177975
   https://bugzilla.suse.com/1178195
   https://bugzilla.suse.com/1178303
   https://bugzilla.suse.com/1178503
   https://bugzilla.suse.com/1178704
   https://bugzilla.suse.com/1178839
   https://bugzilla.suse.com/1179257
   https://bugzilla.suse.com/1179759



More information about the sle-security-updates mailing list