SUSE-SU-2020:3235-1: moderate: Security update for SUSE Manager Server 4.1
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Nov 6 13:43:48 MST 2020
SUSE Security Update: Security update for SUSE Manager Server 4.1
______________________________________________________________________________
Announcement ID: SUSE-SU-2020:3235-1
Rating: moderate
References: #1144447 #1167907 #1169664 #1173199 #1175843
#1175876 #1176159 #1176307 #1176413 #1176603
#1176629 #1176765 #1177092 #1177235 #1177396
#1177478 #1177524 #1177730 #1177790 #1177892
#1178060 #1178145 #1178204 #1178319 #1178361
#1178362
Cross-References: CVE-2020-15168 CVE-2020-16846 CVE-2020-17490
CVE-2020-25592
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Server 4.1
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1
______________________________________________________________________________
An update that solves four vulnerabilities and has 22 fixes
is now available.
Description:
This update fixes the following issues:
bind-formula:
- Temporarily disable dnssec-validation as hotfix for bsc#1177790
grafana-formula:
- Use variable for product name
- Add HA/SAP dashboards
- Add support for system groups in Client Systems dashboard
image-sync-formula:
- Do not use .gz suffix for default initrd symlink
- Keep the old symlink "initrd.gz" for compatibility
prometheus-exporters-formula:
- Fix empty directory values initialization
- Add systemd collector as default for node_exporters since otherwise some
SAP/HA grafana dashboards will be empty
- Disable reverse proxy on default
prometheus-formula:
- Disable Alertmanager clustering (bsc#1178145)
- Use variable for product name
pxe-formula:
- Change default to "initrd" without .gz suffix
py26-compat-salt:
- Properly validate eauth credentials and tokens on SSH calls made by Salt
API (bsc#1178319, bsc#1178362, bsc#1178361, CVE-2020-25592,
CVE-2020-17490, CVE-2020-16846)
python-susemanager-retail:
- Use name "initrd" without .gz suffix
salt-netapi-client:
- Version 0.18.0 See:
https://github.com/SUSE/salt-netapi-client/releases/tag/v0.18.0
saltboot-formula:
- Allow setting terminal kernel parameters in saltboot formula
spacecmd:
- Python3 fixes for errata in spacecmd (bsc#1169664)
- Added support for i18n of user-facing strings
- Python3 fix for sorted usage (bsc#1167907)
spacewalk-admin:
- Show info message when applying schema upgrade
spacewalk-backend:
- Prevent IntegrityError during mgr-inter-sync execution (bsc#1177235)
spacewalk-branding:
- Enable to switch to multiple webUI theme
spacewalk-client-tools:
- Remove RH references in Python/Ruby localization and use the product
name instead
spacewalk-java:
- Use correct eauth module and credentials for Salt SSH calls (bsc#1178319)
- Remove expiration date from ics files (bsc#1177892)
- Execute Salt SSH actions in parallel (bsc#1173199)
- Enable to switch to multiple webUI theme
- Fix action chain resuming when patches updating salt-minion don't cause
service to be restarted (bsc#1144447)
- Renaming autoinstall distro didn't change the name of the Cobbler distro
(bsc#1175876)
- Fix the links for downloading the binaries in the package details UI
(bsc#1176603)
- Allow nightly ISS sync to also cover custom channels
- Fix: reinspecting a container image (bsc#1177092)
- Add power management xmlrpc api
- Remove hostname from /var/lib/salt/.ssh/known_hosts when deleting system
(bsc#1176159)
- Log exception trace on fatal Taskomatic startup error
- Fix max password length check at user creation (bsc#1176765)
- Notify about missing libvirt or hypervisor on virtual host
- Redesign maintenance schedule systems table to use paginated data from
server
- Fix SP migration after dry run for cloned channels (bsc#1176307)
- Filter not available optional channels out
spacewalk-search:
- Change default maximum memory to 512 MB, preventing OutOfMemoryError
spacewalk-web:
- Enable to switch to multiple webUI theme
- Only refresh the virtual storage list when pool events are received
- Drop node-fetch to fix CVE-2020-15168
- Notify about missing libvirt or hypervisor on virtual host
- Redesign maintenance schedule systems table to use paginated data from
server
susemanager:
- Create bootstrap repo should not flush by default (bsc#1175843)
- Improve detection of base channels for products (bsc#1177478)
- Add LTSS PIDs for SLE12SP1, SLE12SP2, SLE12SP3 and SLE12SP4 to the
bootstrap definitions as some packages from LTSS are required
(bsc#1177524)
- Fix logrotate config
- Add missing packages to ubuntu20.04 bootstrap data (bsc#1176629)
susemanager-build-keys:
- Replace "SuSE" user-facing references with "SUSE"
susemanager-doc-indexes:
- Documented zypper autorefresh feature in Upgrade Guide
- Update SP Migration chapter in Client Configuration Guide
- In Client Configuration and Upgrade Guide, add link to valid autoyast
upgrade settings
- Move client upgrade related sections from Reference and Upgrade Guide to
Client Configuration Guide
- Updated Requirements chapter in Installation Guide.
- Edits OpenSCAP section in Admin Guide (bsc#1176413)
- Updated Terminology section in Salt Guide
- Added on-demand images content to Install Guide
- Adds webUI locale choice to Ref & Admin Guides
- Adds new System Types section to Client Cfg
- Updates supported client matrix in Install Guide
- Add note about log file to Upgrade Guide
- Removes outdated content from Activation Keys section (bsc#1177396)
- Adds note about PAM Auth during migration (bsc#1177730)
- Fixed broken table in admin guide
susemanager-docs_en:
- Documented zypper autorefresh feature in Upgrade Guide
- Update SP Migration chapter in Client Configuration Guide
- In Client Configuration and Upgrade Guide, add link to valid autoyast
upgrade settings
- Move client upgrade related sections from Reference and Upgrade Guide to
Client Configuration Guide
- Updated Requirements chapter in Installation Guide.
- Edits OpenSCAP section in Admin Guide (bsc#1176413)
- Updated Terminology section in Salt Guide
- Added on-demand images content to Install Guide
- Adds webUI locale choice to Ref & Admin Guides
- Adds new System Types section to Client Cfg
- Updates supported client matrix in Install Guide
- Add note about log file to Upgrade Guide
- Removes outdated content from Activation Keys section (bsc#1177396)
- Adds note about PAM Auth during migration (bsc#1177730)
- Fixed broken table in admin guide
susemanager-schema:
- Add web_theme user preferences column (bsc#1178204)
- Execute Salt SSH actions in parallel (bsc#1173199)
- Show info message when applying schema upgrade
susemanager-sls:
- Fix action chain resuming when patches updating salt-minion don't cause
service to be restarted (bsc#1144447)
- Make grub2 autoinstall kernel path relative to the boot partition root
(bsc#1175876)
- Move channel token information from sources.list to auth.conf on Debian
10 and Ubuntu 18 and newer
- Add support for activation keys on server configuration Salt modules
- Ensure the yum/dnf plugins are enabled
- Remove hostname from /var/lib/salt/.ssh/known_hosts when deleting system
(bsc#1176159)
- Fix grub2 autoinstall kernel path (bsc#1178060)
How to apply this update: 1. Log in as root user to the SUSE Manager
server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the
patch using either zypper patch or YaST Online Update. 4. Upgrade the
database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service:
spacewalk-service start
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2020-3235=1
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2020-3235=1
Package List:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (ppc64le s390x x86_64):
spacewalk-branding-4.1.11-3.9.6
susemanager-4.1.21-3.11.6
susemanager-tools-4.1.21-3.11.6
- SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch):
bind-formula-0.1.1603299886.60e4bcf-3.3.2
grafana-formula-0.3.0-3.3.2
image-sync-formula-0.1.1602150122.f08af0a-3.6.2
prometheus-exporters-formula-0.8.0-3.16.2
prometheus-formula-0.3.0-3.3.1
pxe-formula-0.1.1602490840.4f32148-3.3.2
py26-compat-salt-2016.11.10-6.3.3
python3-spacewalk-client-tools-4.1.7-4.6.4
python3-susemanager-retail-1.0.1602150122.f08af0a-3.3.2
salt-netapi-client-0.18.0-15.7.5
saltboot-formula-0.1.1602150122.f08af0a-3.6.2
spacecmd-4.1.8-4.9.2
spacewalk-admin-4.1.7-3.6.3
spacewalk-backend-4.1.16-4.11.5
spacewalk-backend-app-4.1.16-4.11.5
spacewalk-backend-applet-4.1.16-4.11.5
spacewalk-backend-config-files-4.1.16-4.11.5
spacewalk-backend-config-files-common-4.1.16-4.11.5
spacewalk-backend-config-files-tool-4.1.16-4.11.5
spacewalk-backend-iss-4.1.16-4.11.5
spacewalk-backend-iss-export-4.1.16-4.11.5
spacewalk-backend-package-push-server-4.1.16-4.11.5
spacewalk-backend-server-4.1.16-4.11.5
spacewalk-backend-sql-4.1.16-4.11.5
spacewalk-backend-sql-postgresql-4.1.16-4.11.5
spacewalk-backend-tools-4.1.16-4.11.5
spacewalk-backend-xml-export-libs-4.1.16-4.11.5
spacewalk-backend-xmlrpc-4.1.16-4.11.5
spacewalk-base-4.1.19-3.9.5
spacewalk-base-minimal-4.1.19-3.9.5
spacewalk-base-minimal-config-4.1.19-3.9.5
spacewalk-client-tools-4.1.7-4.6.4
spacewalk-html-4.1.19-3.9.5
spacewalk-java-4.1.22-3.16.4
spacewalk-java-config-4.1.22-3.16.4
spacewalk-java-lib-4.1.22-3.16.4
spacewalk-java-postgresql-4.1.22-3.16.4
spacewalk-search-4.1.3-3.3.7
spacewalk-taskomatic-4.1.22-3.16.4
susemanager-build-keys-15.2.2-3.6.3
susemanager-build-keys-web-15.2.2-3.6.3
susemanager-doc-indexes-4.1-11.17.1
susemanager-docs_en-4.1-11.17.1
susemanager-docs_en-pdf-4.1-11.17.1
susemanager-retail-tools-1.0.1602150122.f08af0a-3.3.2
susemanager-schema-4.1.15-3.11.2
susemanager-sls-4.1.17-3.13.6
susemanager-web-libs-4.1.19-3.9.5
uyuni-config-modules-4.1.17-3.13.6
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (noarch):
mgr-daemon-4.1.3-2.6.3
python3-spacewalk-check-4.1.7-4.6.4
python3-spacewalk-client-setup-4.1.7-4.6.4
python3-spacewalk-client-tools-4.1.7-4.6.4
spacecmd-4.1.8-4.9.2
spacewalk-backend-4.1.16-4.11.5
spacewalk-base-minimal-4.1.19-3.9.5
spacewalk-base-minimal-config-4.1.19-3.9.5
spacewalk-check-4.1.7-4.6.4
spacewalk-client-setup-4.1.7-4.6.4
spacewalk-client-tools-4.1.7-4.6.4
susemanager-build-keys-15.2.2-3.6.3
susemanager-build-keys-web-15.2.2-3.6.3
References:
https://www.suse.com/security/cve/CVE-2020-15168.html
https://www.suse.com/security/cve/CVE-2020-16846.html
https://www.suse.com/security/cve/CVE-2020-17490.html
https://www.suse.com/security/cve/CVE-2020-25592.html
https://bugzilla.suse.com/1144447
https://bugzilla.suse.com/1167907
https://bugzilla.suse.com/1169664
https://bugzilla.suse.com/1173199
https://bugzilla.suse.com/1175843
https://bugzilla.suse.com/1175876
https://bugzilla.suse.com/1176159
https://bugzilla.suse.com/1176307
https://bugzilla.suse.com/1176413
https://bugzilla.suse.com/1176603
https://bugzilla.suse.com/1176629
https://bugzilla.suse.com/1176765
https://bugzilla.suse.com/1177092
https://bugzilla.suse.com/1177235
https://bugzilla.suse.com/1177396
https://bugzilla.suse.com/1177478
https://bugzilla.suse.com/1177524
https://bugzilla.suse.com/1177730
https://bugzilla.suse.com/1177790
https://bugzilla.suse.com/1177892
https://bugzilla.suse.com/1178060
https://bugzilla.suse.com/1178145
https://bugzilla.suse.com/1178204
https://bugzilla.suse.com/1178319
https://bugzilla.suse.com/1178361
https://bugzilla.suse.com/1178362
More information about the sle-security-updates
mailing list