SUSE-SU-2020:2650-1: important: Security update for SUSE Manager Server 4.0
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Wed Sep 16 10:30:40 MDT 2020
SUSE Security Update: Security update for SUSE Manager Server 4.0
______________________________________________________________________________
Announcement ID: SUSE-SU-2020:2650-1
Rating: important
References: #1136857 #1165829 #1167907 #1169664 #1170244
#1171281 #1172079 #1172279 #1172504 #1172831
#1173073 #1173535 #1173554 #1173566 #1173584
#1173982 #1173997 #1174201 #1174254 #1174470
#1175224 #1175529 #1175555 #1175556 #1175558
#1175724 #1175791 #1175884 #1175889
Cross-References: CVE-2019-14900 CVE-2020-11022 CVE-2020-8028
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Server 4.0
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0
______________________________________________________________________________
An update that solves three vulnerabilities and has 26
fixes is now available.
Description:
This update fixes the following issues:
hibernate5:
- Address CVE-2019-14900 (bsc#1172079)
image-sync-formula:
- Allow image-sync state on regular minion. Image sync state requires
branch-network pillars to get the directory where to sync images. Use
default `/srv/saltboot` if that pillar is missing so image-sync can be
applied on non branch minions as well.
openvpn-formula:
- Add hint that ssl certs must be on system (bsc#1172279)
prometheus-exporters-formula:
- Bugfix: Handle exporters proxy for unsupported distros (bsc#1175555)
- Add support for exporters proxy (exporter_exporter)
- Update the apache exporter config file for Debian
salt-netapi-client:
- Refresh authentication module list to newer Salt versions
saltboot-formula:
- Better fix for rounding errors (bsc#1136857)
spacecmd:
- Python3 fixes for errata in spacecmd (bsc#1169664)
- Python3 fix for sorted usage (bsc#1167907)
- Fix softwarechannel_listlatestpackages throwing error on empty channels
(bsc#1175889)
- Fix escaping of package names (bsc#1171281)
spacewalk-admin:
- Use the Salt API in authenticated and encrypted form (bsc#1175884,
CVE-2020-8028)
spacewalk-certs-tools:
- Add option --nostricthostkeychecking to spacewalk-ssh-push-init
- Strip SSL Certificate Common Name after 63 Characters (bsc#1173535)
spacewalk-java:
- Use the Salt API in authenticated and encrypted form (bsc#1175884,
CVE-2020-8028)
- Fix EntityExistsException on migration from traditional to salt minion
via proxy (bsc#1175556)
- Use media.1/products from media when not specified different
(bsc#1175558)
- Fix: use quiet API method when using spacewalk-common-channels
(bsc#1175529)
- Fix alignment on icon on entitlement page
- Reset the server path on minion registration (bsc#1174254)
- Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)
- Fix error when rolling back a system to a snapshot (bsc#1173997)
- Avoid deadlock when syncing channels and registering minions at the same
time (bsc#1173566)
- Provide comps.xml and modules.yaml when using onlinerepo for kickstart
- Set CPU and memory info for virtual instances (bsc#1170244)
- Change system list header text to something better (bsc#1173982)
spacewalk-setup:
- Use the Salt API in authenticated and encrypted form (bsc#1175884,
CVE-2020-8028)
spacewalk-utils:
- Avoid exceptions on the logs when looking for channels that do not exist
(bsc#1175529)
spacewalk-web:
- Fix login page after jQuery upgrade (bsc#1175224)
- Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)
- Warn when a system is in multiple groups that configure the same formula
in the system formula's UI (bsc#1173554)
susemanager:
- Define bootstrap repo data for SUSE Manager Proxies (bsc#1174470)
susemanager-frontend-libs:
- Upgrade jquery to 3.5.1 - CVE-2020-11022 (bsc#1172831)
susemanager-schema:
- Prevent a deadlock error involving delete_server and update_needed_cache
(bsc#1173073)
susemanager-sls:
- Fix the dnf plugin to add the token to the HTTP header (bsc#1175724)
- Fix reporting of missing products in product.all_installed (bsc#1165829)
- Require PyYAML version >= 5.1
- Get redhat-release only when it is not a symlink
- Fix: supply a dnf base when dealing w/repos (bsc#1172504)
- Fix: autorefresh in repos is zypper-only
susemanager-sync-data:
- Remove version from centos and oracle linux identifier (bsc#1173584)
virtualization-host-formula:
- Update to version 0.5
- Ensure kernel-default and libvirt-python3 are installed
- Set bridge network as default
- Fix conditionals (bsc#1175791)
How to apply this update: 1. Log in as root user to the SUSE Manager
server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the
patch using either zypper patch or YaST Online Update. 4. Upgrade the
database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service:
spacewalk-service start
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.0:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2020-2650=1
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.0-2020-2650=1
Package List:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (ppc64le s390x x86_64):
openvpn-formula-0.1.1-4.6.2
susemanager-4.0.28-3.36.3
susemanager-tools-4.0.28-3.36.3
- SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch):
hibernate5-5.3.7-4.3.2
image-sync-formula-0.1.1595937550.0285244-3.20.2
prometheus-exporters-formula-0.7.1-3.10.2
python3-spacewalk-certs-tools-4.0.17-3.21.3
salt-netapi-client-0.17.0-4.6.3
saltboot-formula-0.1.1595937550.0285244-3.19.2
spacecmd-4.0.20-3.19.2
spacewalk-admin-4.0.11-3.12.1
spacewalk-base-4.0.23-3.30.3
spacewalk-base-minimal-4.0.23-3.30.3
spacewalk-base-minimal-config-4.0.23-3.30.3
spacewalk-certs-tools-4.0.17-3.21.3
spacewalk-html-4.0.23-3.30.3
spacewalk-java-4.0.37-3.39.1
spacewalk-java-config-4.0.37-3.39.1
spacewalk-java-lib-4.0.37-3.39.1
spacewalk-java-postgresql-4.0.37-3.39.1
spacewalk-setup-4.0.14-3.14.1
spacewalk-taskomatic-4.0.37-3.39.1
spacewalk-utils-4.0.18-3.21.3
susemanager-frontend-libs-4.0.2-4.3.2
susemanager-schema-4.0.22-3.29.2
susemanager-sls-4.0.29-3.31.3
susemanager-sync-data-4.0.18-3.24.2
susemanager-web-libs-4.0.23-3.30.3
virtualization-host-formula-0.5-4.12.3
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (noarch):
python3-spacewalk-certs-tools-4.0.17-3.21.3
spacecmd-4.0.20-3.19.2
spacewalk-base-minimal-4.0.23-3.30.3
spacewalk-base-minimal-config-4.0.23-3.30.3
spacewalk-certs-tools-4.0.17-3.21.3
spacewalk-proxy-broker-4.0.14-3.10.3
spacewalk-proxy-common-4.0.14-3.10.3
spacewalk-proxy-management-4.0.14-3.10.3
spacewalk-proxy-package-manager-4.0.14-3.10.3
spacewalk-proxy-redirect-4.0.14-3.10.3
spacewalk-proxy-salt-4.0.14-3.10.3
References:
https://www.suse.com/security/cve/CVE-2019-14900.html
https://www.suse.com/security/cve/CVE-2020-11022.html
https://www.suse.com/security/cve/CVE-2020-8028.html
https://bugzilla.suse.com/1136857
https://bugzilla.suse.com/1165829
https://bugzilla.suse.com/1167907
https://bugzilla.suse.com/1169664
https://bugzilla.suse.com/1170244
https://bugzilla.suse.com/1171281
https://bugzilla.suse.com/1172079
https://bugzilla.suse.com/1172279
https://bugzilla.suse.com/1172504
https://bugzilla.suse.com/1172831
https://bugzilla.suse.com/1173073
https://bugzilla.suse.com/1173535
https://bugzilla.suse.com/1173554
https://bugzilla.suse.com/1173566
https://bugzilla.suse.com/1173584
https://bugzilla.suse.com/1173982
https://bugzilla.suse.com/1173997
https://bugzilla.suse.com/1174201
https://bugzilla.suse.com/1174254
https://bugzilla.suse.com/1174470
https://bugzilla.suse.com/1175224
https://bugzilla.suse.com/1175529
https://bugzilla.suse.com/1175555
https://bugzilla.suse.com/1175556
https://bugzilla.suse.com/1175558
https://bugzilla.suse.com/1175724
https://bugzilla.suse.com/1175791
https://bugzilla.suse.com/1175884
https://bugzilla.suse.com/1175889
More information about the sle-security-updates
mailing list