SUSE-SU-2020:0671-1: moderate: Security update for SUSE Manager Server 4.0
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Mar 13 12:02:02 MDT 2020
SUSE Security Update: Security update for SUSE Manager Server 4.0
______________________________________________________________________________
Announcement ID: SUSE-SU-2020:0671-1
Rating: moderate
References: #1083326 #1085414 #1121640 #1123274 #1137248
#1140332 #1144176 #1152673 #1152795 #1153269
#1154246 #1154590 #1154599 #1155281 #1155372
#1156751 #1157317 #1157346 #1157447 #1157700
#1157975 #1158178 #1158181 #1158283 #1158480
#1158564 #1158672 #1158697 #1158754 #1158818
#1158899 #1158943 #1159012 #1159023 #1159076
#1159184 #1159492 #1159553 #1160184 #1160940
#1161755 #1161862 #1162609 #1162683 #1164120
#1164309 #1164452 #1164649 #1164875 #1165425
#1165541 #1165927 #1166061 #1166388
Cross-References: CVE-2018-1077 CVE-2019-16769 CVE-2020-1693
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Server 4.0
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0
______________________________________________________________________________
An update that solves three vulnerabilities and has 51
fixes is now available.
Description:
This update fixes the following issues:
branch-network-formula:
- Update formula to include terminal naming and identification
image-sync-formula:
- Prevent installing xdelta3 package and disable delta functionality
on SLE12 branch servers (bsc#1159553)
mgr-osad:
- Take care that osad is not disabled nor deactivated during update
(bsc#1157700, bsc#1158697)
patterns-suse-manager:
- Add recommends for virtualization-host-formula to suma_server pattern
- Add recommends for virtualization-host-formula to retail
prometheus-formula:
- Bugfix: disabled fields not enabled when checkbox is checked
pxe-default-image-sle15:
- Adapt to new kiwi version to fix pre registration in the bare-metal
image (bsc#1153269)
pxe-formula:
- Add support for new features in terminal naming
- Remove branch_id from pxe form, moved to branch-network form
py26-compat-salt:
- Replace pycrypto with M2Crypto as dependency for SLE15+
python-susemanager-retail:
- Add support for terminal naming block
- Add delta support for SLE15 tar.xz bundles
redstone-xmlrpc:
- Disable external entity parsing (1790381, bsc#1164120, CVE-2020-1693)
- Do not download external entities (1555429, bsc#1085414, CVE-2018-1077)
salt-netapi-client:
- Version 0.17.0 See:
https://github.com/SUSE/salt-netapi-client/releases/tag/v0.17.0
spacecmd:
- Bugfix: attempt to purge SSM when it is empty (bsc#1155372)
spacewalk-admin:
- Spell correctly "successful" and "successfully"
spacewalk-backend:
- Fix mgrcfg-client python3 breakage (bsc#1164309)
- Update doc link to point to new documentation server
- Prevent timestamp format exception on mgr-inter-sync while processing
comps (bsc#1157346)
- When downloading repo metadata, don't add "/" to the repo url if it
already ends with one (bsc#1158899)
- Use HTTP proxy settings when fetching the mirrorlist on
spacewalk-repo-sync (bsc#1159076)
- Enhance suseProducts via ISS to fix SP migration on slave server
(bsc#1159184)
- Prevent a traceback when reposyncing openSUSE 15.1 (bsc#1158672)
- Close config files after reading them (bsc#1158283)
- Associate VMs and systems with the same machine ID at bootstrap
(bsc#1144176)
spacewalk-certs-tools:
- Add 'start_event_grains' minion option to configfile when generated by
bootstrap script
- Forbid multiple activation keys for salt minions during bootstrap
(bsc#1164452)
- Add additional minion options to configfile when generated by bootstrap
script (bsc#1159492)
- Change the order to check the version correctly for RES (bsc#1152795)
spacewalk-client-tools:
- Spell correctly "successful" and "successfully"
system-lock-formula:
- Clarified terms along documentation and product (bsc#1166061)
spacewalk-java:
- Feat: enable Salt system lock when CaaSP node is onboarded and add
depedency to 'system-lock-formula' (bsc#1165541)
- Support non discoverable fqdns via custom grain (bsc#1155281)
- Handle the non-existent requested grains gracefully
- Get the machineid grain from the minion startup event
- Use term 'patch' instead of 'errata' (bsc#1164649)
- Enable provisioning API with salt and bootstrap entitled systems
- Fix a problem with removing the monitoring entitlement from a system
- Improve performance when adding systems to system groups (bsc#1158754)
- Migrate pillar and formula data on minion id change (bsc#1161755)
- Change doc links pointing to new documentation server
- Call saltutil.sync_all before calling highstate (bsc#1152673)
- Exclude base products from PAYG (Pay-As-You-Go) instances when doing
subscription matching
- Show additional headers and dependencies for deb packages
- Show adequate message on saving formulas that change only pillar data
- Fix mgr-sync add channel when fromdir is configured (bsc#1160184)
- Handle not found re-activation key (bsc#1159012)
- Write a list of formulas sorted by execution order (bsc#1083326)
- Use channel name from product tree instead of constructing it
(bsc#1157317)
- Read the subscriptions from the output instead of input (bsc#1140332)
- Rename rhncfg-actions to mgr-cfg-actions in UI advice (bsc#1137248)
- Fix container image import (bsc#1154246)
- Add missing permission checks on formula api (bsc#1123274)
- Generate metadata with empty vendor (bsc#1158480)
- Remove undefined variable from redhat_register snippet
- Add a method in API to check if the provided session key is a valid one.
- Associate VMs and systems with the same machine ID at bootstrap
(bsc#1144176)
- Fix minion id when applying engine-events state (bsc#1158181)
- Remove unnecessary WARN log entries from Kubernetes integration
- Fix for pillar not being refreshed when CaaSP pattern is detected upon
software profile update (bsc#1166061)
spacewalk-search:
- Make rhn-search log to correct file (bsc#1156751)
spacewalk-setup:
- Spell correctly "successful" and "successfully"
- create AJP connector for tomcat if it does not exist (bsc#1165927,
bsc#1166388)
spacewalk-utils:
- Spell "successfully" correctly
spacewalk-web:
- Don't validate mandatory fields that are not visible (bsc#1158943)
- Fix count of changes to build (bsc#1160940)
- Report merge_subscriptions message in a readable way (bsc#1140332)
- Fix ordering by date (bsc#1158818)
subscription-matcher:
- Add missing library for SLE15 SP2 (slf4j-log4j12)
- Make the code usable with Math3 on SLES
- Use log4j12 package on newer SLE versions
- Aggregate stackable subscriptions with same parameters
- Implement new "swap move" used in optaplanner (bsc#1140332)
- Enable aarch64 builds, except for SLE < 15
susemanager:
- Add missing python libraries to RES8/RHEL8/CentOS 8 boostrap repos
(bsc#1164875)
- Add bootstrap-repo data for OES 2018 SP2 (bsc#1161862)
- Add bootstrap-repo data for SLE15 SP2 Family
- Fix documentation URL in installer (bsc#1154590)
- Update requirements to match documented values (bsc#1154599)
susemanager-doc-indexes:
- Adding Additional FQDNS for Proxies with Salt
- Reference guide review and update moving content into tabular format
- Autogenerate pdf index from antora html nav lists
- Documentation needs to address using RHEL8 in the correct way
(bsc#1159023)
- Traditional clients bootstrap, the example applies to SLES ES 7 only
(bsc#1158564)
- Remove auditlog-keeper from list
- Removed duplicate client requirements entries
- Fix missing spaces throughout docs
- Added the complete path for using manager-setup
- Fix typo in vhm-kubernetes
- Cleaned up client registration documents
- Improved ubuntu instructions
- Explain how to compose a DSN string for monitoring
- Added publishing dates to individual book intros
- Updated common spacewalk-common-channels usage
- Adding Additional FQDNS for Proxies with Salt
- Reference guide review and update moving content into tabular format
- Autogenerate pdf index from antora html nav lists
- Documentation needs to address using RHEL8 in the correct way
(bsc#1159023)
- Traditional clients bootstrap, the example applies to SLES ES 7 only
(bsc#1158564)
- Remove auditlog-keeper from list
- Removed duplicate client requirements entries
- Fix missing spaces throughout docs
- Added the complete path for using manager-setup
- Fix typo in vhm-kubernetes
- Cleaned up client registration documents
- Improved ubuntu instructions
- Explain how to compose a DSN string for monitoring
- Added publishing dates to individual book intros
- Updated common spacewalk-common-channels usage
susemanager-docs_en:
- Adding Additional FQDNS for Proxies with Salt
- Reference guide review and update moving content into tabular format
- Autogenerate pdf index from antora html nav lists
- Documentation needs to address using RHEL8 in the correct way
(bsc#1159023)
- Traditional clients bootstrap, the example applies to SLES ES 7 only
(bsc#1158564)
- Remove auditlog-keeper from list
- Removed duplicate client requirements entries
- Fix missing spaces throughout docs
- Added the complete path for using manager-setup
- Fix typo in vhm-kubernetes
- Cleaned up client registration documents
- Improved ubuntu instructions
- Explain how to compose a DSN string for monitoring
- Added publishing dates to individual book intros
- Updated common spacewalk-common-channels usage
- Adding Additional FQDNS for Proxies with Salt
- Reference guide review and update moving content into tabular format
- Autogenerate pdf index from antora html nav lists
- Documentation needs to address using RHEL8 in the correct way
(bsc#1159023)
- Traditional clients bootstrap, the example applies to SLES ES 7 only
(bsc#1158564)
- Remove auditlog-keeper from list
- Removed duplicate client requirements entries
- Fix missing spaces throughout docs
- Added the complete path for using manager-setup
- Fix typo in vhm-kubernetes
- Cleaned up client registration documents
- Improved ubuntu instructions
- Explain how to compose a DSN string for monitoring
- Added publishing dates to individual book intros
- Updated common spacewalk-common-channels usage
susemanager-schema:
- Add new 'payg' attribute to rhnServer table
- Enable re-activation keys for salt managed systems (bsc#1159012)
- Generate metadata with empty vendor (bsc#1158480)
- Fix rhnActionVirtDelete when migrating from 3.2 to 4.0 (bsc#1158178)
susemanager-sls:
- Install dmidecode before HW profile update when missing
- Add mgr_start_event_grains.sls to update minion config
- Add 'product' custom state module to handle installation of SUSE
products at client side (bsc#1157447)
- Support reading of pillar data for minions from multiple files
(bsc#1158754)
- Do not workaround util.syncmodules for SSH minions (bsc#1162609)
- Force to run util.synccustomall when triggering action chains on SSH
minions (bsc#1162683).
- Add custom 'is_payg_instance' grain when instance is PAYG and not BYOS.
- Adapt sls file for pre-downloading in Ubuntu minions
- Sort formulas by execution order (bsc#1083326)
- Split remove_traditional_stack into two parts. One for all systems and
another for clients not being a Uyuni Server or Proxy (bsc#1121640)
- Change the order to check the version correctly for RES (bsc#1152795)
- Do not break Servers registering to a Server
- Remove the virt-poller cache when applying Virtualization entitlement
- Force HTTP request timeout on public cloud grain (bsc#1157975)
susemanager-sync-data:
- Add OES 2018 SP2 (bsc#1161862)
- Rename RHEL 8 Base product
- Change channel family name according to SCC data
How to apply this update: 1. Log in as root user to the SUSE Manager
server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the
patch using either zypper patch or YaST Online Update. 4. Upgrade the
database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service:
spacewalk-service start
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.0:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2020-671=1
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.0-2020-671=1
Package List:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (ppc64le s390x x86_64):
patterns-suma_retail-4.0-9.10.2
patterns-suma_server-4.0-9.10.2
susemanager-4.0.22-3.20.3
susemanager-tools-4.0.22-3.20.3
- SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch):
branch-network-formula-0.1.1580471316.1839544-3.10.2
image-sync-formula-0.1.1579102150.4716559-3.11.2
mgr-osa-dispatcher-4.0.11-3.9.2
prometheus-formula-0.1-4.7.2
pxe-default-image-sle15-4.0.1-20200305173027
pxe-formula-0.1.1580384994.6076a7e-3.11.2
py26-compat-salt-2016.11.10-10.11.2
python3-mgr-osa-common-4.0.11-3.9.2
python3-mgr-osa-dispatcher-4.0.11-3.9.2
python3-spacewalk-backend-libs-4.0.30-3.23.3
python3-spacewalk-certs-tools-4.0.15-3.15.2
python3-spacewalk-client-tools-4.0.12-3.13.2
python3-susemanager-retail-1.0.1580471316.1839544-3.13.2
redstone-xmlrpc-1.1_20071120-0.11.3.2
salt-netapi-client-0.17.0-4.3.2
spacecmd-4.0.18-3.13.2
spacewalk-admin-4.0.9-3.6.2
spacewalk-backend-4.0.30-3.23.3
spacewalk-backend-app-4.0.30-3.23.3
spacewalk-backend-applet-4.0.30-3.23.3
spacewalk-backend-config-files-4.0.30-3.23.3
spacewalk-backend-config-files-common-4.0.30-3.23.3
spacewalk-backend-config-files-tool-4.0.30-3.23.3
spacewalk-backend-iss-4.0.30-3.23.3
spacewalk-backend-iss-export-4.0.30-3.23.3
spacewalk-backend-package-push-server-4.0.30-3.23.3
spacewalk-backend-server-4.0.30-3.23.3
spacewalk-backend-sql-4.0.30-3.23.3
spacewalk-backend-sql-postgresql-4.0.30-3.23.3
spacewalk-backend-tools-4.0.30-3.23.3
spacewalk-backend-xml-export-libs-4.0.30-3.23.3
spacewalk-backend-xmlrpc-4.0.30-3.23.3
spacewalk-base-4.0.19-3.18.3
spacewalk-base-minimal-4.0.19-3.18.3
spacewalk-base-minimal-config-4.0.19-3.18.3
spacewalk-certs-tools-4.0.15-3.15.2
spacewalk-client-tools-4.0.12-3.13.2
spacewalk-html-4.0.19-3.18.3
spacewalk-java-4.0.31-3.23.1
spacewalk-java-config-4.0.31-3.23.1
spacewalk-java-lib-4.0.31-3.23.1
spacewalk-java-postgresql-4.0.31-3.23.1
spacewalk-search-4.0.9-3.11.2
spacewalk-setup-4.0.13-3.11.1
spacewalk-taskomatic-4.0.31-3.23.1
spacewalk-utils-4.0.16-3.15.2
subscription-matcher-0.25-3.3.2
susemanager-doc-indexes-4.0-10.18.2
susemanager-docs_en-4.0-10.18.2
susemanager-docs_en-pdf-4.0-10.18.2
susemanager-retail-tools-1.0.1580471316.1839544-3.13.2
susemanager-schema-4.0.18-3.17.2
susemanager-sls-4.0.24-3.17.2
susemanager-sync-data-4.0.16-3.15.2
susemanager-web-libs-4.0.19-3.18.3
system-lock-formula-0.2-4.5.1
virtualization-host-formula-0.2-4.3.2
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (ppc64le s390x x86_64):
patterns-suma_proxy-4.0-9.10.2
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (noarch):
mgr-osad-4.0.11-3.9.2
python3-mgr-osa-common-4.0.11-3.9.2
python3-mgr-osad-4.0.11-3.9.2
python3-spacewalk-backend-libs-4.0.30-3.23.3
python3-spacewalk-certs-tools-4.0.15-3.15.2
python3-spacewalk-check-4.0.12-3.13.2
python3-spacewalk-client-setup-4.0.12-3.13.2
python3-spacewalk-client-tools-4.0.12-3.13.2
spacecmd-4.0.18-3.13.2
spacewalk-backend-4.0.30-3.23.3
spacewalk-base-minimal-4.0.19-3.18.3
spacewalk-base-minimal-config-4.0.19-3.18.3
spacewalk-certs-tools-4.0.15-3.15.2
spacewalk-check-4.0.12-3.13.2
spacewalk-client-setup-4.0.12-3.13.2
spacewalk-client-tools-4.0.12-3.13.2
supportutils-plugin-susemanager-client-4.0.3-3.3.2
supportutils-plugin-susemanager-proxy-4.0.3-3.3.2
References:
https://www.suse.com/security/cve/CVE-2018-1077.html
https://www.suse.com/security/cve/CVE-2019-16769.html
https://www.suse.com/security/cve/CVE-2020-1693.html
https://bugzilla.suse.com/1083326
https://bugzilla.suse.com/1085414
https://bugzilla.suse.com/1121640
https://bugzilla.suse.com/1123274
https://bugzilla.suse.com/1137248
https://bugzilla.suse.com/1140332
https://bugzilla.suse.com/1144176
https://bugzilla.suse.com/1152673
https://bugzilla.suse.com/1152795
https://bugzilla.suse.com/1153269
https://bugzilla.suse.com/1154246
https://bugzilla.suse.com/1154590
https://bugzilla.suse.com/1154599
https://bugzilla.suse.com/1155281
https://bugzilla.suse.com/1155372
https://bugzilla.suse.com/1156751
https://bugzilla.suse.com/1157317
https://bugzilla.suse.com/1157346
https://bugzilla.suse.com/1157447
https://bugzilla.suse.com/1157700
https://bugzilla.suse.com/1157975
https://bugzilla.suse.com/1158178
https://bugzilla.suse.com/1158181
https://bugzilla.suse.com/1158283
https://bugzilla.suse.com/1158480
https://bugzilla.suse.com/1158564
https://bugzilla.suse.com/1158672
https://bugzilla.suse.com/1158697
https://bugzilla.suse.com/1158754
https://bugzilla.suse.com/1158818
https://bugzilla.suse.com/1158899
https://bugzilla.suse.com/1158943
https://bugzilla.suse.com/1159012
https://bugzilla.suse.com/1159023
https://bugzilla.suse.com/1159076
https://bugzilla.suse.com/1159184
https://bugzilla.suse.com/1159492
https://bugzilla.suse.com/1159553
https://bugzilla.suse.com/1160184
https://bugzilla.suse.com/1160940
https://bugzilla.suse.com/1161755
https://bugzilla.suse.com/1161862
https://bugzilla.suse.com/1162609
https://bugzilla.suse.com/1162683
https://bugzilla.suse.com/1164120
https://bugzilla.suse.com/1164309
https://bugzilla.suse.com/1164452
https://bugzilla.suse.com/1164649
https://bugzilla.suse.com/1164875
https://bugzilla.suse.com/1165425
https://bugzilla.suse.com/1165541
https://bugzilla.suse.com/1165927
https://bugzilla.suse.com/1166061
https://bugzilla.suse.com/1166388
More information about the sle-security-updates
mailing list