SUSE-SU-2022:1397-1: moderate: Security update for SUSE Manager Server 4.2
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Mon Apr 25 19:21:40 UTC 2022
SUSE Security Update: Security update for SUSE Manager Server 4.2
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1397-1
Rating: moderate
References: #1133198 #1173527 #1186336 #1191360 #1191597
#1192150 #1192822 #1193448 #1194363 #1194447
#1194464 #1194909 #1195043 #1195145 #1195271
#1195282 #1195294 #1195666 #1195712 #1195750
#1195757 #1195762 #1195765 #1195772 #1195920
#1196067 #1196094 #1196407 #1196455 #1196693
#1196704 #1196977 #1197007
Cross-References: CVE-2018-20433 CVE-2019-5427
CVSS scores:
CVE-2018-20433 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2018-20433 (SUSE): 4.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
CVE-2019-5427 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2019-5427 (SUSE): 5.7 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Server 4.2
SUSE Manager Server 4.2
______________________________________________________________________________
An update that solves two vulnerabilities and has 31 fixes
is now available.
Description:
This update fixes the following issues:
c3p0:
- Update to version c3p0 0.9.5.5 and mchange-commons-java 0.2.19
* Address CVE-2018-20433
* Address CVE-2019-5427 - XML-config parsing related attacks
(bsc#1133198)
* Properly implement the JDBC 4.1 abort method
grafana-formula:
- Version 0.7.0
* Add SLES 15 SP4 and openSUSE Leap 15.4 to supported versions
hub-xmlrpc-api:
- Updated to build on Enterprise Linux 8.
inter-server-sync:
- Version 0.1.0
* Allow export and import of configuration channels
* Clean lookup cache after processing a channel (bsc#1195750)
* Improve lookup method for generate foreign key export
- Adapted for build on Enterprise Linux 8.
mgr-osad:
- Version 4.2.8-1
* Fix the condition for preventing building python 2 subpackage for SLE15
mgr-push:
- Version 4.2.5-1
* Fix the condition for preventing building python 2 subpackage for SLE15
patterns-suse-manager:
- golang-github-wrouesnel-postgres_exporter was renamed to
prometheus-postgres_exporter
prometheus-exporters-formula:
- Version 1.2.0
* Postres exporter package was renamed for RedHat
- Version 1.1.0
* Postgres exporter package was renamed for SLES/openSUSE
py26-compat-msgpack-python:
- Adapted to build on OBS for Enterprise Linux.
rhnlib:
- Version 4.2.6-1
* Fix the condition for preventing building python 2 subpackage for SLE15
saltboot-formula:
- Update to version 0.1.1645440615.7f1328c
* skip device lookup for correctly provided devices
* improve image url modifications - preparation for ftp/http changes
- Skip device lookup if correct path to device is already provided
(bsc#1195757)
- Improve image url modifications
smdba:
- Version 1.7.10
* adapt pgtune using new defaults for new postgres versions
* support special configuration for SSD storage
* make argument "--backup-dir" symlink aware
- Version 1.7.9
- Allow different standard configuration file location for other OSes
spacecmd:
- Version 4.2.16-1
* implement system.bootstrap (bsc#1194909)
* Fix interactive mode for "system_applyerrata" and "errata_apply"
(bsc#1194363)
spacewalk-admin:
- Version 4.2.10-1
* wait after copying the CA to give systemd time to finish automation
spacewalk-backend:
- Version 4.2.20-1
* Fix reposync update notice formatting and date parsing (bsc#1194447)
* implement more decompression algorithms for reposync (bsc#1196704)
* enable check for client certificates in reposync
* remove auto inherit of host entitlements for virtual guests
spacewalk-branding:
- Version 4.2.13-1
* Fix modal footer misalignment
spacewalk-certs-tools:
- Version 4.2.15-1
* Add dynamic version for bootstrap script header (bsc#1186336)
spacewalk-client-tools:
- Version 4.2.18-1
* Fix the condition for preventing building python 2 subpackage for SLE15
- Version 4.2.17-1
* Update translation strings
spacewalk-config:
- Version 4.2.6-1
* Upgrade build tooling, and corresponding cache configuration
spacewalk-java:
- Version 4.2.34-1
* Added new XML-RPC mathod: configchannel.syncSaltFilesOnDisk
* update last checkin only if job is successful (bsc#1197007)
* Fix NPE when accessing cancelled action via system history
(bsc#1195762)
* CVE Audit: Show patch as available in the currently installed product
even if successor patch affects additional packages (bsc#1196455)
* send notifications for new or changed ubuntu errata (bsc#1196977)
* change directory owner and permissions only when needed
* Fixed broken help link for system overview
* Provide link to Sync page when unsynced patches message show up
(bsc#1196094)
* fix class cast exception during action chains (bsc#1195772)
* Finding empty profiles by mac address must be case insensitive
(bsc#1196407)
* prepare to use new postgresql-jdbc driver with stringprep and saslprep
support (bsc#1196693)
* allow SCC to display the last check-in time for registered systems
* generate the system ssh key when bootstrapping a salt-ssh client
(bsc#1194909)
* Provide link for CVEs
* Fix lock/unlock scheduling on page Software Packages Lock (bsc#1195271)
* When adding a product, check if the new vendor channels conflicts with
any of the existing custom channel (bsc#1193448)
* Fix disappearing metadata key files after channel change (bsc#1192822)
* Suggest Product Migration when patch for CVE is in a successor Product
(bsc#1191360)
* Add store info to Equals and hash methods to fix CVE audit process
(bsc#1195282)
* Fix virtualization list rendering for foreign systems (bsc#1195712)
* FIX errors when an image profile / store is deleted during build /
inspect action (bsc#1191597, bsc#1192150)
* Remove verbose token log (bsc#1195666)
* fix ClassCastException during action processing (bsc#1195043)
spacewalk-web:
- Version 4.2.26-1
* Provide link to Sync page when unsynced patches message show up
(bsc#1196094)
* Provide a search box on section name for Formulas content
* Add expand/collapse all button for formula sections
* Improved large data support in channel selection
* Provide link for CVEs
* Improved error handling in the product setup page
* Suggest Product Migration when patch for CVE is in a successor Product
(bsc#1191360)
* susemanager-web-libs is now packaged as a part of spacewalk-html
subscription-matcher:
- Version 0.29
* Migration to log4j 2
- Version 0.28
* Support both antlr3-java and antlr3-runtime as dependencies
* Make it obvious that log4j12 is used
supportutils-plugin-susemanager:
- Version 4.2.4-1
* Get version of bootstrap scripts for supportconfig (bsc#1186336)
suseRegisterInfo:
- Version 4.2.6-1
* Fix the condition for preventing building python 2 subpackage for SLE15
susemanager:
- Version 4.2.28-1
* set default for registration batch size
susemanager-doc-indexes:
- Renamed golang-github-wrouesnel-postgres_exporter to
prometheus-postgres_exporter in the Administration Guide
- Clarified in Client Configuration Guide and Retail Guide that mandatory
channels are automatically checked. Also recommended channels as long as
they are not deactivated (bsc#1173527)
- In Custom Channels chapter of the Administration Guide, provide
information about creating metadata (bsc#1195294)
- In the Client Configuration Guide, mark Yomi as unsupported on SUSE
Linux Enterprise Server 11 and 12
- Documented GPG encrypted Salt Pillars in the Salt book
- In Client Configuration Guide, fixed channel configuration and
registration of Expanded Support clients
- Clarified channel label name in Registering Clients with RHUI section of
the Client Configuration Guide (bsc#1196067)
- In Throubleshooting Synchronization chapter in the Administration Guide
added instructions for GPG removal
- In Client Configuration Guide, integrated SUSE Linux Enterprise Micro
Client documentation next to SUSE Linux Enterprise Client documentation
and other related documentation improvements (bsc#1195145)
- Added a warning about the origin of the salt-minion package in the
Register on the Command Line (Salt) section of the Client Configuration
Guide
- Add troubleshooting section about avoiding package conflicts with custom
channels
susemanager-docs_en:
- Renamed golang-github-wrouesnel-postgres_exporter to
prometheus-postgres_exporter in the Administration Guide
- Clarified in Client Configuration Guide and Retail Guide that mandatory
channels are automatically checked. Also recommended channels as long as
they are not deactivated (bsc#1173527)
- In Custom Channels chapter of the Administration Guide, provide
information about creating metadata (bsc#1195294)
- In the Client Configuration Guide, mark Yomi as unsupported on SUSE
Linux Enterprise Server 11 and 12
- Documented GPG encrypted Salt Pillars in the Salt book
- In Client Configuration Guide, fixed channel configuration and
registration of Expanded Support clients
- Clarified channel label name in Registering Clients with RHUI section of
the Client Configuration Guide (bsc#1196067)
- In Throubleshooting Synchronization chapter in the Administration Guide
added instructions for GPG removal
- In Client Configuration Guide, integrated SUSE Linux Enterprise Micro
Client documentation next to SUSE Linux Enterprise Client documentation
and other related documentation improvements (bsc#1195145)
- Added a warning about the origin of the salt-minion package in the
Register on the Command Line (Salt) section of the Client Configuration
Guide
- Add troubleshooting section about avoiding package conflicts with custom
channels
susemanager-schema:
- Version 4.2.21-1
* fix check on allowVendorChange
* fix advisory status migration (bsc#1195765)
* FIX error when an image profile / store is deleted during build /
inspect action (bsc#1191597, bsc#1192150)
susemanager-sls:
- Version 4.2.21-1
* Improve `pkgset` beacon with using `salt.cache` to notify about the
changes made while the minion was stopped
* Align the code of pkgset beacon to prevent warnings (bsc#1194464)
* fixing how the return code is returned in mgrutil runner (bsc#1194909)
* Fix errors on calling sed -E ... by force_restart_minion with action
chains
* Avoid using lscpu -J option in grains (bsc#1195920)
* Postgres exporter package was renamed
* fix deprecation warnings
virtualization-formulas:
- Update to version 0.6.2
* Ensure qemu-ksm is installed on host
How to apply this update:
1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk
service: `spacewalk-service stop` 3. Apply the patch using either zypper
patch or YaST Online Update. 4. Start the Spacewalk service:
`spacewalk-service start`
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-1397=1
Package List:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (ppc64le s390x x86_64):
hub-xmlrpc-api-0.7-150300.3.6.1
inter-server-sync-0.1.0-150300.8.12.1
inter-server-sync-debuginfo-0.1.0-150300.8.12.1
patterns-suma_retail-4.2-150300.4.9.1
patterns-suma_server-4.2-150300.4.9.1
py26-compat-msgpack-python-0.4.6-150300.4.3.1
py26-compat-msgpack-python-debuginfo-0.4.6-150300.4.3.1
py26-compat-msgpack-python-debugsource-0.4.6-150300.4.3.1
smdba-1.7.10-0.150300.3.3.1
spacewalk-branding-4.2.13-150300.3.9.1
susemanager-4.2.28-150300.3.22.1
susemanager-tools-4.2.28-150300.3.22.1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch):
c3p0-0.9.5.5-150300.4.6.1
grafana-formula-0.7.0-150300.3.6.1
mgr-osa-dispatcher-4.2.8-150300.2.9.1
mgr-push-4.2.5-150300.2.9.1
prometheus-exporters-formula-1.2.0-150300.3.9.1
python3-mgr-osa-common-4.2.8-150300.2.9.1
python3-mgr-osa-dispatcher-4.2.8-150300.2.9.1
python3-mgr-push-4.2.5-150300.2.9.1
python3-rhnlib-4.2.6-150300.4.9.1
python3-spacewalk-certs-tools-4.2.15-150300.3.15.1
python3-spacewalk-client-tools-4.2.18-150300.4.18.1
python3-suseRegisterInfo-4.2.6-150300.4.9.1
saltboot-formula-0.1.1645440615.7f1328c-150300.3.9.1
spacecmd-4.2.16-150300.4.18.1
spacewalk-admin-4.2.10-150300.3.9.1
spacewalk-backend-4.2.20-150300.4.18.1
spacewalk-backend-app-4.2.20-150300.4.18.1
spacewalk-backend-applet-4.2.20-150300.4.18.1
spacewalk-backend-config-files-4.2.20-150300.4.18.1
spacewalk-backend-config-files-common-4.2.20-150300.4.18.1
spacewalk-backend-config-files-tool-4.2.20-150300.4.18.1
spacewalk-backend-iss-4.2.20-150300.4.18.1
spacewalk-backend-iss-export-4.2.20-150300.4.18.1
spacewalk-backend-package-push-server-4.2.20-150300.4.18.1
spacewalk-backend-server-4.2.20-150300.4.18.1
spacewalk-backend-sql-4.2.20-150300.4.18.1
spacewalk-backend-sql-postgresql-4.2.20-150300.4.18.1
spacewalk-backend-tools-4.2.20-150300.4.18.1
spacewalk-backend-xml-export-libs-4.2.20-150300.4.18.1
spacewalk-backend-xmlrpc-4.2.20-150300.4.18.1
spacewalk-base-4.2.26-150300.3.18.2
spacewalk-base-minimal-4.2.26-150300.3.18.2
spacewalk-base-minimal-config-4.2.26-150300.3.18.2
spacewalk-certs-tools-4.2.15-150300.3.15.1
spacewalk-client-tools-4.2.18-150300.4.18.1
spacewalk-config-4.2.6-150300.3.6.1
spacewalk-html-4.2.26-150300.3.18.2
spacewalk-java-4.2.34-150300.3.26.2
spacewalk-java-config-4.2.34-150300.3.26.2
spacewalk-java-lib-4.2.34-150300.3.26.2
spacewalk-java-postgresql-4.2.34-150300.3.26.2
spacewalk-taskomatic-4.2.34-150300.3.26.2
subscription-matcher-0.29-150300.6.6.1
supportutils-plugin-susemanager-4.2.4-150300.3.6.1
suseRegisterInfo-4.2.6-150300.4.9.1
susemanager-doc-indexes-4.2-150300.12.22.1
susemanager-docs_en-4.2-150300.12.22.1
susemanager-docs_en-pdf-4.2-150300.12.22.1
susemanager-schema-4.2.21-150300.3.18.1
susemanager-sls-4.2.21-150300.3.20.1
uyuni-config-modules-4.2.21-150300.3.20.1
virtualization-formulas-0.6.2-150300.8.6.1
References:
https://www.suse.com/security/cve/CVE-2018-20433.html
https://www.suse.com/security/cve/CVE-2019-5427.html
https://bugzilla.suse.com/1133198
https://bugzilla.suse.com/1173527
https://bugzilla.suse.com/1186336
https://bugzilla.suse.com/1191360
https://bugzilla.suse.com/1191597
https://bugzilla.suse.com/1192150
https://bugzilla.suse.com/1192822
https://bugzilla.suse.com/1193448
https://bugzilla.suse.com/1194363
https://bugzilla.suse.com/1194447
https://bugzilla.suse.com/1194464
https://bugzilla.suse.com/1194909
https://bugzilla.suse.com/1195043
https://bugzilla.suse.com/1195145
https://bugzilla.suse.com/1195271
https://bugzilla.suse.com/1195282
https://bugzilla.suse.com/1195294
https://bugzilla.suse.com/1195666
https://bugzilla.suse.com/1195712
https://bugzilla.suse.com/1195750
https://bugzilla.suse.com/1195757
https://bugzilla.suse.com/1195762
https://bugzilla.suse.com/1195765
https://bugzilla.suse.com/1195772
https://bugzilla.suse.com/1195920
https://bugzilla.suse.com/1196067
https://bugzilla.suse.com/1196094
https://bugzilla.suse.com/1196407
https://bugzilla.suse.com/1196455
https://bugzilla.suse.com/1196693
https://bugzilla.suse.com/1196704
https://bugzilla.suse.com/1196977
https://bugzilla.suse.com/1197007
More information about the sle-security-updates
mailing list