SUSE-SU-2022:0593-1: moderate: Security update for SUSE Manager Server 4.2
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Mon Feb 28 20:18:25 UTC 2022
SUSE Security Update: Security update for SUSE Manager Server 4.2
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:0593-1
Rating: moderate
References: #1097531 #1173103 #1189561 #1190781 #1191192
#1191285 #1191857 #1192321 #1192368 #1192440
#1192487 #1192510 #1192514 #1192550 #1192566
#1192699 #1192776 #1193008 #1193292 #1193565
#1193585 #1193612 #1193694 #1193832 #1194044
#1194397 #1194862 #1194905 #1194990 #1195171
Cross-References: CVE-2020-25638
CVSS scores:
CVE-2020-25638 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2020-25638 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Server 4.2
SUSE Manager Server 4.2
______________________________________________________________________________
An update that solves one vulnerability and has 29 fixes is
now available.
Description:
This update fixes the following issues:
c3p0:
- Build with log4j mapper
dhcpd-formula:
- Update to version 0.1.1641480250.d5bd14c
* make routers option optional
hibernate5:
- Fix potential SQL injection CVE-2020-25638 (bsc#1193832)
mgr-libmod:
- Version 4.2.7-1
* require python macros for building
mgr-osad:
- Version 4.2.7-1
* Do not build python 2 package for SLE15SP4 and higher
* require python macros for building
mgr-push:
- Version 4.2.4-1
* Do not build python 2 package for SLE15SP4 and higher
py27-compat-salt:
- Fix inspector module export function (bsc#1097531)
- Fix possible traceback on ip6_interface grain (bsc#1193565)
- Don't check for cached pillar errors on state.apply (bsc#1190781)
- Simplify "transactional_update" module to not use SSH wrapper and allow
more flexible execution
- Add "--no-return-event" option to salt-call to prevent sending return
event back to master.
- Make "state.highstate" to acts on concurrent flag.
- Fix the regression with invalid syntax in test_parse_cpe_name_v23.
- Fix tmpfiles.d configuration for salt to not use legacy paths
(bsc#1173103)
- Fix the regression of docker_container state module (bsc#1191285)
rhnlib:
- Version 4.2.5-1
* do not build python 2 package for SLE15
salt-netapi-client:
- Hotfix (bsc#1192550):
- Version 0.19.0
* See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.19.0
saltboot-formula:
- Update to version 0.1.1637232240.87d79ed
* Prevent python failure under some circumstances when filesystem was
not set (bsc#1192440)
* Add missing boot_images option in SLE11 saltboot version
spacecmd:
- Version 4.2.15-1
* require python macros for building
spacewalk-backend:
- Version 4.2.19-1
* Retrieve and store copyright information about patches
* SLES PAYG client support on cloud
* Add headers to update proxy auth token in listChannels (bsc#1193585)
* require python macros for building
* exchange zypp-plugin dependency to use the python3 version
(bsc#1192514)
spacewalk-branding:
- Version 4.2.12-1
* Fix header search autofocus
spacewalk-client-tools:
- Version 4.2.16-1
* do not build python 2 package for SLE15
* require python macros for building
spacewalk-config:
- Version 4.2.5-1
* add migration for changed rhn.conf values
spacewalk-java:
- Version 4.2.32-1
* Pass only selected servers to taskomatic for cancelation (bsc#1194044)
* Added rights field to generated updateinfo.xml to handle copyright
* provide static configuration key name for SSHMinionActionExecutor
parallel threads
* Add support for custom SSH port for SSH minions
* add ubuntu errata data and install handling
* Fix stack overflow when building a CLM project from modular sources
(bsc#1194990)
* SLES PAYG client support on cloud
* Change order of 'Relevant' and 'All' in patches menu
* Handle multiple Kiwi bundles (bsc#1194905)
* Install product by default after a channel is subscribed
* Improve token validation logs
* fix possible race condition in job handling (bsc#1192510)
* Migrate the displaying of the date/time to rhn:formatDate
* Add additional matchers to package (nevra) filter
* Add greater equals matcher to package (nevra) filter
* fix XML syntax in cobbler snippets (bsc#1193694)
* Add new endpoints to packages API: schedulePackageLockChange,
listPackagesLockStatus
* Avoid using RPM tags when filtering modular packages in CLM
(bsc#1192487)
* Fix stripping module metadata when cloning channels in CLM
(bsc#1193008)
* UI and API call for changing proxy
* require postgresql14 on SLE15 SP4
* Update proxy path on minion connection
* fix actionchain stuck in pending/picked up (bsc#1189561)
* fix parsing error by making SCAP Profile description attribute
optional (bsc#1192321)
* Show salt ssh error message in failed action details
spacewalk-reports:
- Version 4.2.7-1
* Fixes query for system-history report to prevent more than one row
returned by a subquery with rhnxccdftestresult.identifier (bsc#1191192)
spacewalk-search:
- Version 4.2.6-1
* Rename jakarta to apache on SPEC
spacewalk-setup:
- Version 4.2.10-1
* During upgrade, set tomcat connector connectionTimeout to 900000 if
the previous values is the old default (20000)
spacewalk-utils:
- Version 4.2.15-1
* require python macros for building
spacewalk-web:
- Version 4.2.25-1
* Add support for custom SSH port for SSH minions
* SLES PAYG client support on cloud
* Migrate the displaying of the date/time to rhn:formatDate, get rid of
the legacy fmt:formatDate glue
* Fix header search autofocus
* Fix virtual systems list request error (bsc#1194397)
* UI for changing proxy
* Fix legacy timepicker passing wrong time to the backend if server and
user time differ (bsc#1192699)
* Fix legacy timepicker passing wrong time to the backend if selected
date is in summer time (bsc#1192776)
suseRegisterInfo:
- Version 4.2.5-1
* require python macros for building
* Do not build python 2 package for SLE15 and higher
susemanager:
- Version 4.2.27-1
* mgr-setup: do not concanate www and apache groups (bsc#1195171)
* fix pg-migrate to check version of postgresql??-server (bsc#1192368)
* remove obsoleted sysv init script (bsc#1191857)
susemanager-doc-indexes:
- Added instructions for Pay-as-you-go to the Installation Guide
- In the Client Configuration Guide, documented finding channel names for
registering older SUSE Linux Enterprise clients
- Documented moving Salt clients between proxies in the Client
Configuration Guide
- Added grub.cfg for GRUB 2 in the Upgrade chapter of the Client
- In the Troubleshooting section of the Client Configuration Guide,
documented that SUSE Linux Enterprise Server 11 clients require previous
SSL versions installed on the server
- In the Retail Guide, adjust branch server version numbers (bsc#1193292)
susemanager-docs_en:
- Added instructions for Pay-as-you-go to the Installation Guide
- In the Client Configuration Guide, documented finding channel names for
registering older SUSE Linux Enterprise clients
- Documented moving Salt clients between proxies in the Client
Configuration Guide
- Added grub.cfg for GRUB 2 in the Upgrade chapter of the Client
- In the Troubleshooting section of the Client Configuration Guide,
documented that SUSE Linux Enterprise Server 11 clients require previous
SSL versions installed on the server
- In the Retail Guide, adjust branch server version numbers (bsc#1193292)
susemanager-schema:
- Version 4.2.20-1
* Added rights column to rhnerrata to handle copyright information
* Add support for custom SSH port for SSH minions
* add ubuntu errata data and install handling
* SLES PAYG client support on cloud
* Replace not existing Asia/Beijing timezone with Asia/Shanghai
(bsc#1194862)
* Continue with index migration when the expected indexes do not exist
(bsc#1192566)
* Fix changing of existing proxy path
* Add pillars to Apply States action
* Fix rhnChannelNewestPackageView in case there are duplicates
(bsc#1193612)
susemanager-sls:
- Version 4.2.20-1
* Handle multiple Kiwi bundles (bsc#1194905)
* enforce correct minion configuration similar to bootstrapping
(bsc#1192510)
* Add state for changing proxy
* Update proxy path on minion connection
* Fix problem installing/removing packages using action chains in
transactional systems
uyuni-common-libs:
- Version 4.2.6-1
* Read modularity data from DISTTAG tag as fallback (bsc#1192487)
* require python macros for building
uyuni-config-formula:
- Version 0.2
* support to manager activation keys
How to apply this update:
1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk
service: `spacewalk-service stop` 3. Apply the patch using either zypper
patch or YaST Online Update. 4. Start the Spacewalk service:
`spacewalk-service start`
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-593=1
Package List:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (ppc64le s390x x86_64):
inter-server-sync-0.0.7-150300.8.9.1
inter-server-sync-debuginfo-0.0.7-150300.8.9.1
python3-uyuni-common-libs-4.2.6-150300.3.6.1
spacewalk-branding-4.2.12-150300.3.6.1
susemanager-4.2.27-150300.3.19.1
susemanager-tools-4.2.27-150300.3.19.1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch):
c3p0-0.9.5.2-150300.4.3.1
dhcpd-formula-0.1.1641480250.d5bd14c-150300.3.3.1
hibernate5-5.3.7-150300.5.3.1
mgr-libmod-4.2.7-150300.3.6.1
mgr-osa-dispatcher-4.2.7-150300.2.6.1
mgr-push-4.2.4-150300.2.6.1
py27-compat-salt-3000.3-150300.7.7.17.1
python3-mgr-osa-common-4.2.7-150300.2.6.1
python3-mgr-osa-dispatcher-4.2.7-150300.2.6.1
python3-mgr-push-4.2.4-150300.2.6.1
python3-rhnlib-4.2.5-150300.4.6.1
python3-spacewalk-client-tools-4.2.16-150300.4.15.1
python3-suseRegisterInfo-4.2.5-150300.4.6.1
salt-netapi-client-0.19.0-150300.3.3.1
saltboot-formula-0.1.1637232240.87d79ed-150300.3.6.1
spacecmd-4.2.15-150300.4.15.1
spacewalk-backend-4.2.19-150300.4.15.1
spacewalk-backend-app-4.2.19-150300.4.15.1
spacewalk-backend-applet-4.2.19-150300.4.15.1
spacewalk-backend-config-files-4.2.19-150300.4.15.1
spacewalk-backend-config-files-common-4.2.19-150300.4.15.1
spacewalk-backend-config-files-tool-4.2.19-150300.4.15.1
spacewalk-backend-iss-4.2.19-150300.4.15.1
spacewalk-backend-iss-export-4.2.19-150300.4.15.1
spacewalk-backend-package-push-server-4.2.19-150300.4.15.1
spacewalk-backend-server-4.2.19-150300.4.15.1
spacewalk-backend-sql-4.2.19-150300.4.15.1
spacewalk-backend-sql-postgresql-4.2.19-150300.4.15.1
spacewalk-backend-tools-4.2.19-150300.4.15.1
spacewalk-backend-xml-export-libs-4.2.19-150300.4.15.1
spacewalk-backend-xmlrpc-4.2.19-150300.4.15.1
spacewalk-base-4.2.25-150300.3.15.2
spacewalk-base-minimal-4.2.25-150300.3.15.2
spacewalk-base-minimal-config-4.2.25-150300.3.15.2
spacewalk-client-tools-4.2.16-150300.4.15.1
spacewalk-config-4.2.5-150300.3.3.1
spacewalk-html-4.2.25-150300.3.15.2
spacewalk-java-4.2.32-150300.3.20.1
spacewalk-java-config-4.2.32-150300.3.20.1
spacewalk-java-lib-4.2.32-150300.3.20.1
spacewalk-java-postgresql-4.2.32-150300.3.20.1
spacewalk-reports-4.2.7-150300.3.9.1
spacewalk-search-4.2.6-150300.3.6.1
spacewalk-setup-4.2.10-150300.3.12.1
spacewalk-taskomatic-4.2.32-150300.3.20.1
spacewalk-utils-4.2.15-150300.3.12.1
spacewalk-utils-extras-4.2.15-150300.3.12.1
suseRegisterInfo-4.2.5-150300.4.6.1
susemanager-doc-indexes-4.2-150300.12.19.1
susemanager-docs_en-4.2-150300.12.19.1
susemanager-docs_en-pdf-4.2-150300.12.19.1
susemanager-schema-4.2.20-150300.3.15.1
susemanager-sls-4.2.20-150300.3.17.1
susemanager-web-libs-4.2.25-150300.3.15.2
uyuni-config-formula-0.2-150300.3.3.1
uyuni-config-modules-4.2.20-150300.3.17.1
References:
https://www.suse.com/security/cve/CVE-2020-25638.html
https://bugzilla.suse.com/1097531
https://bugzilla.suse.com/1173103
https://bugzilla.suse.com/1189561
https://bugzilla.suse.com/1190781
https://bugzilla.suse.com/1191192
https://bugzilla.suse.com/1191285
https://bugzilla.suse.com/1191857
https://bugzilla.suse.com/1192321
https://bugzilla.suse.com/1192368
https://bugzilla.suse.com/1192440
https://bugzilla.suse.com/1192487
https://bugzilla.suse.com/1192510
https://bugzilla.suse.com/1192514
https://bugzilla.suse.com/1192550
https://bugzilla.suse.com/1192566
https://bugzilla.suse.com/1192699
https://bugzilla.suse.com/1192776
https://bugzilla.suse.com/1193008
https://bugzilla.suse.com/1193292
https://bugzilla.suse.com/1193565
https://bugzilla.suse.com/1193585
https://bugzilla.suse.com/1193612
https://bugzilla.suse.com/1193694
https://bugzilla.suse.com/1193832
https://bugzilla.suse.com/1194044
https://bugzilla.suse.com/1194397
https://bugzilla.suse.com/1194862
https://bugzilla.suse.com/1194905
https://bugzilla.suse.com/1194990
https://bugzilla.suse.com/1195171
More information about the sle-security-updates
mailing list