SUSE-SU-2020:2832-1: moderate: Security update for SUSE Manager Server 4.1
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Oct 2 07:44:57 MDT 2020
SUSE Security Update: Security update for SUSE Manager Server 4.1
______________________________________________________________________________
Announcement ID: SUSE-SU-2020:2832-1
Rating: moderate
References: #1151557 #1165287 #1165829 #1171836 #1172079
#1172263 #1173073 #1173520 #1173603 #1173621
#1174025 #1174254 #1174357 #1174423 #1174636
#1175103 #1175512 #1175529 #1175545 #1175556
#1175889 #1176500 #1176503 #1176844 #1176862
#1176913
Cross-References: CVE-2019-14900
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Server 4.1
______________________________________________________________________________
An update that solves one vulnerability and has 25 fixes is
now available.
Description:
This update fixes the following issues:
golang-github-QubitProducts-exporter_exporter:
- Pin Golang version to 1.14
golang-github-prometheus-node_exporter:
- Update to 1.0.1
* Changes to build specification
+ Modify spec: update golang version to 1.14
+ Remove update tarball script
+ Add _service file to allow for updates via `osc service disabledrun`
* Bug fixes
+ [BUGFIX] filesystem_freebsd: Fix label values #1728
+ [BUGFIX] Update prometheus/procfs to fix log noise #1735
+ [BUGFIX] Fix build tags for collectors #1745
+ [BUGFIX] Handle no data from powersupplyclass #1747, #1749
- Update to 1.0.0
* Bug fixes
+ [BUGFIX] Read /proc/net files with a single read syscall #1380
+ [BUGFIX] Renamed label state to name on
node_systemd_service_restart_total. #1393
+ [BUGFIX] Fix netdev nil reference on Darwin #1414
+ [BUGFIX] Strip path.rootfs from mountpoint labels #1421
+ [BUGFIX] Fix seconds reported by schedstat #1426
+ [BUGFIX] Fix empty string in path.rootfs #1464
+ [BUGFIX] Fix typo in cpufreq metric names #1510
+ [BUGFIX] Read /proc/stat in one syscall #1538
+ [BUGFIX] Fix OpenBSD cache memory information #1542
+ [BUGFIX] Refactor textfile collector to avoid looping defer #1549
+ [BUGFIX] Fix network speed math #1580
+ [BUGFIX] collector/systemd: use regexp to extract systemd version
#1647
+ [BUGFIX] Fix initialization in perf collector when using multiple
CPUs #1665
+ [BUGFIX] Fix accidentally empty lines in meminfo_linux #1671
* Several enhancements
+ See https://github.com/prometheus/node_exporter/releases/tag/v1.0.0
- Update to 1.0.0-rc.0
* The netdev collector CLI argument --collector.netdev.ignored-devices
was renamed to --collector.netdev.device-blacklist in order to conform
with the systemd collector. #1279
* The label named state on node_systemd_service_restart_total metrics
was changed to name to better describe the metric. #1393
* Refactoring of the mdadm collector changes several metrics
node_md_disks_active is removed node_md_disks now has a state label
for "fail", "spare", "active" disks. node_md_is_active is replaced by
node_md_state with a state set of "active", "inactive", "recovering",
"resync".
* Additional label mountaddr added to NFS device metrics to distinguish
mounts from the same URL, but different IP addresses. #1417
* Metrics node_cpu_scaling_frequency_min_hrts and
node_cpu_scaling_frequency_max_hrts of the cpufreq collector were
renamed to node_cpu_scaling_frequency_min_hertz and
node_cpu_scaling_frequency_max_hertz. #1510
* Collectors that are enabled, but are unable to find data to collect,
now return 0 for node_scrape_collector_success.
- Add missing sysconfig file in rpm bsc#1151557
hibernate5:
- Address CVE-2019-14900 (bsc#1172079)
- Add patch:
hub-xmlrpc-api:
- One configuration flag was renamed for clarity
- Added USE_SSL flag to https insted of plain http
- Updated docs
- Bugfixes
- Changed configuration to plain variables
- Bugfixes
patterns-suse-manager:
- Change PostgreSQL requirements to require at least PostgreSQL 12
prometheus-exporters-formula:
- Bugfix: More robust handling of NoneType arguments (bsc#1176844)
- Bugfix: Handle <NoneType> arguments (bsc#1176844)
salt-netapi-client:
- Fix text resource usage
spacecmd:
- Fix softwarechannel_listlatestpackages throwing error on empty channels
(bsc#1175889)
spacewalk-backend:
- Fix strings (mentions of Satellite, replace SUSE Manager with
PRODUCT_NAME, etc)
- Only regenerate bootstrap repositories when linking new packages
(bsc#1174636)
- Support installer_updates flag in ISS
- Remove duplicate languages and update translation strings
spacewalk-branding:
- Re-enable language picker for user creation
spacewalk-certs-tools:
- Add option --nostricthostkeychecking to spacewalk-ssh-push-init
- Fix the fallback to RES bootstrap repo for Centos (bsc#1174423)
spacewalk-client-tools:
- Remove duplicated languages and update translation strings
spacewalk-java:
- Force disable SPA for non-navigation links (bsc#1175512)
- Fix strings (mentions of Satellite, replace SUSE Manager with
PRODUCT_NAME, etc)
- Pass the log level parameter to matcher
- Add language picker to user preferences and user creation
- Detect client organization from connected proxy (bsc#1175545)
- Fix EntityExistsException on migration from traditional to salt minion
via proxy (bsc#1175556)
- Fix: use quiet API method when using spacewalk-common-channels
(bsc#1175529)
- Add java.allow_adding_patches_via_api to allow adding errata to vendor
channels
- Fix alignment on icon on entitlement page
- Support installer update channels during autoinstallation
- Filter machines not in maintenance mode for remote commands
- Reset the server path on minion registration (bsc#1174254)
- Data null means the sync never ran yet (bsc#1174357)
spacewalk-utils:
- Avoid exceptions on the logs when looking for channels that do not exist
(bsc#1175529)
spacewalk-web:
- Fix the jQuery selector in SP Migration page (bsc#1176500)
- Fix JavaScript error caused by SPA navigation event with empty event
field (bsc#1176503)
- Force disable SPA for non-navigation links (bsc#1175512)
- Add translation support for react t() function
- Fix striping on react tables
- Update translation strings
subscription-matcher:
- Allow matching any guest products for Unlimited Virtualization
subscriptions (bsc#1165287)
- Only report confirmed matches in the output.json
- Expose the log level setting to the command line
- In the subscriptions CSV output, print the active subscriptions first
susemanager:
- Add missing packages to SLE12 >= SP1 bootstrap data to fix JeOS
bootstrap problems (bsc#1176913)
- Fix strings (mentions of Satellite, replace SUSE Manager with
PRODUCT_NAME, etc)
- Support installer update channels during autoinstallation
susemanager-build-keys:
- Trust PackageHub key (bsc#1175103)
susemanager-doc-indexes:
- Fix contrast problem for visited links (bsc#1176862)
- Remove old certs before renaming in Administration Guide (bsc#1171836)
- Reference example scripts for SP Mass Migration in Upgrade Guide
- Move PoS Terminal Requirements to the Requirements sections in the
Retail Guide
- Updated SP Mass Migration section in Upgrade Guide for clarity
- Documented Proxy Y Upgrade (SP Migration) in Upgrade Guide
- In the Upgrade Guide, use Major, Minor, and Patch Level terminology for
versioning.
- Align SUSE Manager and Uyuni Proxy installation in the Installation Guide
- New section Upgrade Uyuni Proxy in Upgrade Guide
- New section Upgrade Uyuni Server in Upgrade Guide
- Add GPG information about Oracle clients to SUMA (bsc#1173520)
- Add hostname admonition to public cloud sections (bsc#1173621)
- Add error wording to Taskomatic troubleshooting (bsc#1172263)
- Add required URLs to Installation Guide
- Replaces removed instructions for adding channels on older Ubuntu
clients using the CLI in SUMA (bsc#1174025)
- Added more concepts to Client Cfg
- Documented maintenance windows feature in Admin Guide
- Some reorganization of Client Cfg & Admin Guides
- Updates storage device requirements in Install Guide
- Adds new section for SUMA formulas in the Salt Guide
- Updates storage device requirements in Install Guide
- Added reverse proxy information to Monitoring in Admin Guide
- Add note about accessibility to index
- Add note about CentOS upstream repository (bsc#1173603)
- Add firewall troubleshooting to Admin Guide
- Fix Azure command in Install Guide (thanks Rahul-CTS)
- Fix broken links in Auto-Install Proxy in Client Cfg (thanks shirocco88)
- Adds Ubuntu 20.04 supported features for Uyuni in Client Cfg
- Adds Uyuni Config Modules to the Salt Guide as tech preview
susemanager-docs_en:
- Fix contrast problem for visited links (bsc#1176862)
- Remove old certs before renaming in Administration Guide (bsc#1171836)
- Reference example scripts for SP Mass Migration in Upgrade Guide
- Move PoS Terminal Requirements to the Requirements sections in the
Retail Guide
- Updated SP Mass Migration section in Upgrade Guide for clarity
- Documented Proxy Y Upgrade (SP Migration) in Upgrade Guide
- In the Upgrade Guide, use Major, Minor, and Patch Level terminology for
versioning.
- Align SUSE Manager and Uyuni Proxy installation in the Installation Guide
- New section Upgrade Uyuni Proxy in Upgrade Guide
- New section Upgrade Uyuni Server in Upgrade Guide
- Add GPG information about Oracle clients to SUMA (bsc#1173520)
- Add hostname admonition to public cloud sections (bsc#1173621)
- Add error wording to Taskomatic troubleshooting (bsc#1172263)
- Add required URLs to Installation Guide
- Replaces removed instructions for adding channels on older Ubuntu
clients using the CLI in SUMA (bsc#1174025)
- Added more concepts to Client Cfg
- Documented maintenance windows feature in Admin Guide
- Some reorganization of Client Cfg & Admin Guides
- Updates storage device requirements in Install Guide
- Adds new section for SUMA formulas in the Salt Guide
- Updates storage device requirements in Install Guide
- Added reverse proxy information to Monitoring in Admin Guide
- Add note about accessibility to index
- Add note about CentOS upstream repository (bsc#1173603)
- Add firewall troubleshooting to Admin Guide
- Fix Azure command in Install Guide (thanks Rahul-CTS)
- Fix broken links in Auto-Install Proxy in Client Cfg (thanks shirocco88)
- Adds Ubuntu 20.04 supported features for Uyuni in Client Cfg
- Adds Uyuni Config Modules to the Salt Guide as tech preview
susemanager-schema:
- Support installer update channels during autoinstallation
- Prevent a deadlock error involving delete_server and update_needed_cache
(bsc#1173073)
susemanager-sls:
- Add uyuni-config-modules subpackage with Salt modules to configure
Servers
- Fix reporting of missing products in product.all_installed (bsc#1165829)
How to apply this update: 1. Log in as root user to the SUSE Manager
server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the
patch using either zypper patch or YaST Online Update. 4. Upgrade the
database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service:
spacewalk-service start
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2020-2832=1
Package List:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (ppc64le s390x x86_64):
golang-github-QubitProducts-exporter_exporter-0.4.0-6.9.4
golang-github-prometheus-node_exporter-1.0.1-3.3.4
hub-xmlrpc-api-0.7-3.3.3
hub-xmlrpc-api-debuginfo-0.7-3.3.3
patterns-suma_retail-4.1-6.6.3
patterns-suma_server-4.1-6.6.3
spacewalk-branding-4.1.10-3.6.3
susemanager-4.1.20-3.8.3
susemanager-tools-4.1.20-3.8.3
- SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch):
hibernate5-5.3.7-3.3.4
prometheus-exporters-formula-0.7.3-3.10.1
python3-spacewalk-certs-tools-4.1.13-3.6.3
python3-spacewalk-client-tools-4.1.6-4.3.3
salt-netapi-client-0.17.0-15.4.3
spacecmd-4.1.7-4.6.3
spacewalk-backend-4.1.15-4.8.4
spacewalk-backend-app-4.1.15-4.8.4
spacewalk-backend-applet-4.1.15-4.8.4
spacewalk-backend-config-files-4.1.15-4.8.4
spacewalk-backend-config-files-common-4.1.15-4.8.4
spacewalk-backend-config-files-tool-4.1.15-4.8.4
spacewalk-backend-iss-4.1.15-4.8.4
spacewalk-backend-iss-export-4.1.15-4.8.4
spacewalk-backend-package-push-server-4.1.15-4.8.4
spacewalk-backend-server-4.1.15-4.8.4
spacewalk-backend-sql-4.1.15-4.8.4
spacewalk-backend-sql-postgresql-4.1.15-4.8.4
spacewalk-backend-tools-4.1.15-4.8.4
spacewalk-backend-xml-export-libs-4.1.15-4.8.4
spacewalk-backend-xmlrpc-4.1.15-4.8.4
spacewalk-base-4.1.18-3.6.3
spacewalk-base-minimal-4.1.18-3.6.3
spacewalk-base-minimal-config-4.1.18-3.6.3
spacewalk-certs-tools-4.1.13-3.6.3
spacewalk-client-tools-4.1.6-4.3.3
spacewalk-html-4.1.18-3.6.3
spacewalk-java-4.1.20-3.11.8
spacewalk-java-config-4.1.20-3.11.8
spacewalk-java-lib-4.1.20-3.11.8
spacewalk-java-postgresql-4.1.20-3.11.8
spacewalk-taskomatic-4.1.20-3.11.8
spacewalk-utils-4.1.12-3.6.3
spacewalk-utils-extras-4.1.12-3.6.3
subscription-matcher-0.26-3.3.3
susemanager-build-keys-15.2.1-3.3.2
susemanager-build-keys-web-15.2.1-3.3.2
susemanager-doc-indexes-4.1-11.12.2
susemanager-docs_en-4.1-11.12.2
susemanager-docs_en-pdf-4.1-11.12.2
susemanager-schema-4.1.13-3.6.3
susemanager-sls-4.1.15-3.8.4
susemanager-web-libs-4.1.18-3.6.3
uyuni-config-formula-0.1-6.3.3
uyuni-config-modules-4.1.15-3.8.4
References:
https://www.suse.com/security/cve/CVE-2019-14900.html
https://bugzilla.suse.com/1151557
https://bugzilla.suse.com/1165287
https://bugzilla.suse.com/1165829
https://bugzilla.suse.com/1171836
https://bugzilla.suse.com/1172079
https://bugzilla.suse.com/1172263
https://bugzilla.suse.com/1173073
https://bugzilla.suse.com/1173520
https://bugzilla.suse.com/1173603
https://bugzilla.suse.com/1173621
https://bugzilla.suse.com/1174025
https://bugzilla.suse.com/1174254
https://bugzilla.suse.com/1174357
https://bugzilla.suse.com/1174423
https://bugzilla.suse.com/1174636
https://bugzilla.suse.com/1175103
https://bugzilla.suse.com/1175512
https://bugzilla.suse.com/1175529
https://bugzilla.suse.com/1175545
https://bugzilla.suse.com/1175556
https://bugzilla.suse.com/1175889
https://bugzilla.suse.com/1176500
https://bugzilla.suse.com/1176503
https://bugzilla.suse.com/1176844
https://bugzilla.suse.com/1176862
https://bugzilla.suse.com/1176913
More information about the sle-security-updates
mailing list