SUSE-SU-2021:0906-1: moderate: Security update for SUSE Manager Server 4.1

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Mar 19 21:02:05 UTC 2021


   SUSE Security Update: Security update for SUSE Manager Server 4.1
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:0906-1
Rating:             moderate
References:         #1157711 #1173893 #1175660 #1177508 #1179579 
                    #1180145 #1180146 #1180224 #1180439 #1180547 
                    #1180558 #1180757 #1180994 #1181048 #1181165 
                    #1181228 #1181290 #1181416 #1181423 #1181635 
                    #1181807 #1181814 #1182001 #1182006 #1182008 
                    #1182071 #1182200 #1182492 #1182685 
Cross-References:   CVE-2020-26217 CVE-2020-26258 CVE-2020-26259
                    CVE-2020-28477
CVSS scores:
                    CVE-2020-26217 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-26217 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-26258 (NVD) : 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
                    CVE-2020-26258 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
                    CVE-2020-26259 (NVD) : 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
                    CVE-2020-26259 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
                    CVE-2020-28477 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    SUSE Linux Enterprise Module for SUSE Manager Server 4.1
                    SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1
______________________________________________________________________________

   An update that solves four vulnerabilities and has 25 fixes
   is now available.

Description:

   This update fixes the following issues:

   cobbler:

   - Fix string replacement for @@xyz@@
   - Better performing string replacements

   grafana-formula:

   - Set `supported` to false for unsupported systems (bsc#1182001)
   - Add SLES 15 SP3 and openSUSE Leap 15.3 to supported versions

   mgr-libmod:

   - Fix 'list_modules' JSON serialization (bsc#1182492)

   mgr-osad:

   - Adapt to new SSL implementation of rhnlib (bsc#1181807)

   prometheus-exporters-formula:

   - Add Ubuntu support for Prometheus exporters' reverse proxy

   prometheus-formula:

   - Set server hostname from pillar data (bsc#1180439)

   py26-compat-salt:

   - Do not crash when unexpected cmd output at listing patches (bsc#1181290)

   rhnlib:

   - Change SSL implementation to python ssl for better SAN and hostname
     matching support (bsc#1181807)

   smdba:

   - Do not remove the database if there is no backup and deal with manifest

   spacewalk-backend:

   - Open repomd files as binary (bsc#1173893)
   - Fix requesting Release file in debian repos (bsc#1182006)
   - Reposync: Fixed Kickstart functionality.
   - Reposync: Fixed URLGrabber error handling.
   - Reposync: Fix modular data handling for cloned channels (bsc#1177508)

   spacewalk-client-tools:

   - Adapt to new SSL implementation of rhnlib (bsc#1181807)

   spacewalk-config:

   - Increase apache ssl logs to include response code and process time

   spacewalk-java:

   - Homogenizes style in filter buttons, facilitating testability
   - Cleanup sessions via SQL query instead of SQL function (bsc#1180224)
   - Rebuild and improve rendering of error pages 404 and 500 pages
     (bsc#1181228)
   - Fix user creation with pam auth and no password (bsc#1179579)
   - Fix action chains for saltssh minions (bsc#1182200)
   - FIX: Slow response of 'Software > Install' in Ubuntu minions
     (bsc#1181165)
   - Do not call page decorator in HEAD requests (bsc#1181228)
   - Add 'mgr_origin_server' to Salt pillar data (bsc#1180439)
   - Ensure new files are synced just after writing them (bsc#1175660)
   - Enable openscap auditing for salt systems in SSM (bsc#1157711)
   - Detect debian products (bsc#1181416)
   - Show packages from channels assigned to the targeted system (bsc#1181423)
   - Add an API endpoint to allow/disallow scheduling irrelevant patches
     (bsc#1180757)
   - Open raw output in new tab for ScriptRunAction (bsc#1180547)
   - Default to preferred items per page in content lifecycle lists
     (bsc#1180558)
   - Fix modular data handling for cloned channels (bsc#1177508)
   - Fix: login gets an ISE when SSO is enabled (bsc#1181048)

   spacewalk-utils:

   - Fix modular data handling for cloned channels (bsc#1177508)

   spacewalk-web:

   - Replace CRLF in ssh priv key when bootstrapping (bsc#1182685)
   - Upgrade immer to fix CVE-2020-28477
   - Default to preferred items per page in content lifecycle lists
     (bsc#1180558)
   - Fix sorting in content lifecycle projects and cluster tables
     (bsc#1180558)

   susemanager:

   - Add SLE 15 SP3 bootstrap repository definitions (bsc#1182008)
   - Python3-dbus-python and dependencies not installed by default
     on JeOS SLE15 images, add them to the bootstrap repository list
     of packages for traditional (bsc#1182071)

   susemanager-doc-indexes:

   - Updated Command Line Registration with Salt section in the Client
     Configuration Guide for clarity.
   - Adds openSUSE Leap SP migration to the SP migration section of the
     Client Configuration Guide
   - Adds note that bootstrap procedure for selecting a parent channel is
     optional in Client Configuration Guide (bsc#1181635)
   - Adds note about checking for valid UUIDs in fstab when backing up
     (bsc#1181814)
   - Updated command for running configure proxy script when replacing a proxy
   - Fixed bad SUSE Customer Center URL

   susemanager-docs_en:

   - Updated Command Line Registration with Salt section in the Client
     Configuration Guide for clarity.
   - Adds openSUSE Leap SP migration to the SP migration section of the
     Client Configuration Guide
   - Adds note that bootstrap procedure for selecting a parent channel is
     optional in Client Configuration Guide (bsc#1181635)
   - Adds note about checking for valid UUIDs in fstab when backing up
     (bsc#1181814)
   - Updated command for running configure proxy script when replacing a proxy
   - Fixed bad SUSE Customer Center URL

   susemanager-schema:

   - Drop "pxt_session_cleanup" function (bsc#1180224)
   - Enable openscap auditing for salt systems in SSM (bsc#1157711)

   susemanager-sls:

   - Ubuntu 18 has version of apt which does not correctly support
     auth.conf.d directory. Detect the working version and use this feature
     only when we have a higher version installed

   xstream:

   Upgrade to 1.4.15

   - fixes bsc#1180146, CVE-2020-26258 and bsc#1180145, CVE-2020-26259
   - fixes bsc#1180994, CVE-2020-26217

   subscription-matcher:

   - Update the xstream dependency to 1.4.15

   How to apply this update: 1. Log in as root user to the SUSE Manager
   server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply
   the patch using either zypper patch or YaST Online Update. 4. Start the
   Spacewalk service: `spacewalk-service start`


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.1:

      zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2021-906=1

   - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1:

      zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2021-906=1



Package List:

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (ppc64le s390x x86_64):

      smdba-1.7.8-0.3.6.2
      susemanager-4.1.24-3.20.2
      susemanager-tools-4.1.24-3.20.2

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch):

      cobbler-3.0.0+git20190806.32c4bae0-5.6.4
      grafana-formula-0.4.0-3.6.2
      mgr-libmod-4.1.7-3.16.2
      mgr-osa-dispatcher-4.1.5-2.9.4
      prometheus-exporters-formula-0.9.0-3.19.2
      prometheus-formula-0.3.1-3.6.2
      py26-compat-salt-2016.11.10-6.11.2
      python3-mgr-osa-common-4.1.5-2.9.4
      python3-mgr-osa-dispatcher-4.1.5-2.9.4
      python3-rhnlib-4.1.3-4.3.2
      python3-spacewalk-client-tools-4.1.9-4.12.4
      spacewalk-backend-4.1.21-4.22.7
      spacewalk-backend-app-4.1.21-4.22.7
      spacewalk-backend-applet-4.1.21-4.22.7
      spacewalk-backend-config-files-4.1.21-4.22.7
      spacewalk-backend-config-files-common-4.1.21-4.22.7
      spacewalk-backend-config-files-tool-4.1.21-4.22.7
      spacewalk-backend-iss-4.1.21-4.22.7
      spacewalk-backend-iss-export-4.1.21-4.22.7
      spacewalk-backend-package-push-server-4.1.21-4.22.7
      spacewalk-backend-server-4.1.21-4.22.7
      spacewalk-backend-sql-4.1.21-4.22.7
      spacewalk-backend-sql-postgresql-4.1.21-4.22.7
      spacewalk-backend-tools-4.1.21-4.22.7
      spacewalk-backend-xml-export-libs-4.1.21-4.22.7
      spacewalk-backend-xmlrpc-4.1.21-4.22.7
      spacewalk-base-4.1.23-3.18.6
      spacewalk-base-minimal-4.1.23-3.18.6
      spacewalk-base-minimal-config-4.1.23-3.18.6
      spacewalk-client-tools-4.1.9-4.12.4
      spacewalk-config-4.1.5-3.3.2
      spacewalk-html-4.1.23-3.18.6
      spacewalk-java-4.1.30-3.31.7
      spacewalk-java-config-4.1.30-3.31.7
      spacewalk-java-lib-4.1.30-3.31.7
      spacewalk-java-postgresql-4.1.30-3.31.7
      spacewalk-taskomatic-4.1.30-3.31.7
      spacewalk-utils-4.1.14-3.12.2
      spacewalk-utils-extras-4.1.14-3.12.2
      subscription-matcher-0.26-3.6.2
      susemanager-doc-indexes-4.1-11.28.4
      susemanager-docs_en-4.1-11.28.2
      susemanager-docs_en-pdf-4.1-11.28.2
      susemanager-schema-4.1.19-3.24.4
      susemanager-sls-4.1.21-3.26.2
      susemanager-web-libs-4.1.23-3.18.6
      uyuni-config-modules-4.1.21-3.26.2
      xpp3-1.1.4c-11.2.2
      xpp3-minimal-1.1.4c-11.2.2
      xstream-1.4.15-3.5.2

   - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (noarch):

      mgr-osad-4.1.5-2.9.4
      python3-mgr-osa-common-4.1.5-2.9.4
      python3-mgr-osad-4.1.5-2.9.4
      python3-rhnlib-4.1.3-4.3.2
      python3-spacewalk-check-4.1.9-4.12.4
      python3-spacewalk-client-setup-4.1.9-4.12.4
      python3-spacewalk-client-tools-4.1.9-4.12.4
      spacewalk-backend-4.1.21-4.22.7
      spacewalk-base-minimal-4.1.23-3.18.6
      spacewalk-base-minimal-config-4.1.23-3.18.6
      spacewalk-check-4.1.9-4.12.4
      spacewalk-client-setup-4.1.9-4.12.4
      spacewalk-client-tools-4.1.9-4.12.4
      spacewalk-proxy-broker-4.1.4-3.9.4
      spacewalk-proxy-common-4.1.4-3.9.4
      spacewalk-proxy-installer-4.1.6-3.3.2
      spacewalk-proxy-management-4.1.4-3.9.4
      spacewalk-proxy-package-manager-4.1.4-3.9.4
      spacewalk-proxy-redirect-4.1.4-3.9.4
      spacewalk-proxy-salt-4.1.4-3.9.4


References:

   https://www.suse.com/security/cve/CVE-2020-26217.html
   https://www.suse.com/security/cve/CVE-2020-26258.html
   https://www.suse.com/security/cve/CVE-2020-26259.html
   https://www.suse.com/security/cve/CVE-2020-28477.html
   https://bugzilla.suse.com/1157711
   https://bugzilla.suse.com/1173893
   https://bugzilla.suse.com/1175660
   https://bugzilla.suse.com/1177508
   https://bugzilla.suse.com/1179579
   https://bugzilla.suse.com/1180145
   https://bugzilla.suse.com/1180146
   https://bugzilla.suse.com/1180224
   https://bugzilla.suse.com/1180439
   https://bugzilla.suse.com/1180547
   https://bugzilla.suse.com/1180558
   https://bugzilla.suse.com/1180757
   https://bugzilla.suse.com/1180994
   https://bugzilla.suse.com/1181048
   https://bugzilla.suse.com/1181165
   https://bugzilla.suse.com/1181228
   https://bugzilla.suse.com/1181290
   https://bugzilla.suse.com/1181416
   https://bugzilla.suse.com/1181423
   https://bugzilla.suse.com/1181635
   https://bugzilla.suse.com/1181807
   https://bugzilla.suse.com/1181814
   https://bugzilla.suse.com/1182001
   https://bugzilla.suse.com/1182006
   https://bugzilla.suse.com/1182008
   https://bugzilla.suse.com/1182071
   https://bugzilla.suse.com/1182200
   https://bugzilla.suse.com/1182492
   https://bugzilla.suse.com/1182685



More information about the sle-security-updates mailing list