SUSE-SU-2022:2568-1: important: Security update for SUSE Manager Server 4.2
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Wed Jul 27 19:20:29 UTC 2022
SUSE Security Update: Security update for SUSE Manager Server 4.2
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2568-1
Rating: important
References: #1179962 #1182742 #1189501 #1192850 #1193032
#1193238 #1194262 #1194394 #1196977 #1197429
#1197507 #1198191 #1198356 #1198358 #1198429
#1198646 #1198686 #1198914 #1198944 #1198999
#1199019 #1199036 #1199049 #1199438 #1199466
#1199523 #1199528 #1199577 #1199596 #1199629
#1199646 #1199656 #1199677 #1199679 #1199727
#1199874 #1199888 #1200087 #1200703 #1200707
#1200863 #1201782 #1201842
Cross-References: CVE-2022-31248
CVSS scores:
CVE-2022-31248 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2022-31248 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Server 4.2
SUSE Manager Server 4.2
______________________________________________________________________________
An update that solves one vulnerability and has 42 fixes is
now available.
Description:
This update fixes the following issues:
apache-commons-csv:
- Fix the URL for the package
- Declare the LICENSE file as license and not doc
apache-commons-math3:
- Fix the URL for the package
- Declare the LICENSE file as license and not doc
drools:
- Declare the LICENSE file as license and not doc
jakarta-commons-validator:
- Declare the LICENSE file as license and not doc
jose4j:
- Declare the LICENSE file as license and not doc
kie-api:
- Declare the LICENSE file as license and not doc
mvel2:
- Declare the LICENSE file as license and not doc
optaplanner:
- Declare the LICENSE file as license and not doc
py27-compat-salt:
- Remove redundant overrides causing confusing DEBUG logging (bsc#1189501)
python-susemanager-retail:
- Update to version 1.0.1653987003.92d4870
* Fix messages and logging in retail_create_delta (bsc#1199727)
smdba:
- Declare the LICENSE file as license and not doc
- Make EL egginfo removal more generic
spacecmd:
- Version 4.2.18-1
* on full system update call schedulePackageUpdate API (bsc#1197507)
spacewalk-admin:
- Version 4.2.11-1
* clarify schema upgrade check message (bsc#1198999)
spacewalk-backend:
- Version 4.2.23-1
* Fix traceback on calling spacewalk-repo-sync --show-packages
(bsc#1193238)
* Fix virt_notify SQL syntax error (bsc#1199528)
* store create-bootstrap logs in spacewalk-debug
spacewalk-branding:
- Version 4.2.14-1
* Stylesheets and relevant assets are now provided by spacewalk-web
spacewalk-certs-tools:
- Version 4.2.17-1
* use RES bootstrap repo as a fallback for Red Hat downstream OS
(bsc#1200087)
spacewalk-client-tools:
- Version 4.2.19-1
* Update translation strings
spacewalk-java:
- version 4.2.40-1
* Fix conflict when system is assigned to multiple instances of the same
formula (bsc#1194394)
- Version 4.2.39-1
* Keep the websocket connections alive with ping/pong frames
(bsc#1199874)
* Fix missing remote command history events for big output (bsc#1199656)
* Improve CLM channel cloning performance (bsc#1199523)
* fix api log message references the wrong user (bsc#1179962)
* Show patch as installed in CVE Audit even if successor patch affects
additional packages (bsc#1199646)
* fix download of packages with caret sign in the version due to missing
url decode
* Prefer the Salt Bundle with Cobbler snippets configuration
(minion_script and redhat_register_using_salt) (bsc#1198646)
* During re-activation, recalculate grains if contact method has been
changed (bsc#1199677)
* Hide authentication data in PAYG UI (bsc#1199679)
* autoinstallation: missing whitespace after install URL (bsc#1199888)
* Improved handling of error messages during bootstrapping
* skip forwarding data to scc if no credentials are available
* Change system details lock tab name to lock/unlock (bsc#1193032)
* Added a notification to inform the administrators about the product
end-of-life
* Set profile tag has no-mandatory in XCCDF result (bsc#1194262)
* provisioning thought proxy should use proxy for self_update
(bsc#1199036)
* Allow removing duplicated packages names in the same Salt action
(bsc#1198686)
* fix NoSuchElementException when pkg install date is missing
* Improve API documentation
* Fix outdated documentation and release notes links
* Fix error message in Kubernetes VHM creation dialog
* Add createAppStreamFilters() XMLRPC function
* Correct concurrency error on payg taskomatic task for updating
certificates (#17783)
* Fix ACL rules for config diff download for SLS files (bsc#1198914)
* fix package selection for ubuntu errata install (bsc#1199049)
* fix invalid link to action schedule
* add schedulePackageUpdate() XMLRPC function (bsc#1197507)
* update server needed cache after adding Ubuntu Errata (bsc#1196977)
* check if file exists before sending it to xsendfile (bsc#1198191)
* Display usertime instead of server time for clm issue date filter
(bsc#1198429)
* Redesign the auto errata task to schedule combined actions
(bsc#1197429)
* Fix send login(s) and send password actions to avoid user enumeration
(bsc#1199629) (CVE-2022-31248)
spacewalk-search:
- Version 4.2.7-1
* Update development configuration file
spacewalk-setup:
- Version 4.2.11-1
* spacewalk-setup-cobbler assumes /etc/apache2/conf.d now as a default
instead of /etc/httpd/conf.d (bsc#1198356)
spacewalk-utils:
- Version 4.2.17-1
* spacewalk-hostname-rename now correctly replaces the hostname for the
mgr-sync configuration file (bsc#1198356)
* spacewalk-hostname-rename now utilizes the "--apache2-conf-dir" flag
for spacewalk-setup-cobbler (bsc#1198356)
spacewalk-web:
- Version 4.2.28-1
* Stylesheets and relevant assets are now provided by spacewalk-web
* Remove nodejs-packaging as a build requirement
* Hide authentication data in PAYG UI (bsc#1199679)
* Improved handling of error messages during bootstrapping
* Added support for end of life notifications
* Improved test integration for dropdowns
* Upgrade moment to 2.29.2
* Fix outdated documentation and release notes links
* Fix mimetype in kubeconfig validation request (bsc#1199019)
subscription-matcher:
- Declare the LICENSE file as license and not doc
susemanager:
- version 4.2.35-1
* Add missing python3-gnupg to Debian10 bootstrap repo (bsc#1201842)
- Version 4.2.34-1
* mgr-sync: Raise a proper exception when duplicated lines exist in a
config file (bsc#1182742)
* add SLED 12 SP3 bootstrap repo definition (bsc#1199438)
- Version 4.2.33-1
* Fix issue with bootstrap repo definitions for RHEL/RES8 variants
(bsc#1200863)
susemanager-doc-indexes:
- Fixed the 'fast' switch ('-f') of the database migration script in the
Installation and Upgrade Guides
- Updated the Virtualization chapter in the Client Configuration Guide
- Added information about registering RHEL clients on Azure in the Import
Entitlements and Certificates section of the Client Configuration Guide
(bsc#1198944)
- In the Client Configuration Guide, package locking is now supported for
Ubuntu and Debian
- Fixed VisibleIf documentation in the Formula section of the Salt Guide
- Added note about importing CA certifcates in the Installation and
Upgrade Guide (bsc#1198358)
- Documented how to define monitored targets using the file-based service
discovery provided in the Prometheus formula of the Salt Guide
- Add note about OpenSCAP security profile support in OpenSCAP section of
the Administration Guide
- Fixed spacewalk-remove-channel command in Delete Channels section of the
Administration Guide (bsc#1199596)
- Large deployments guide now includes a mention of the proxy (bsc#1199577)
- Enhanced the Product Migration chapter of the Client Configuration Guide
with a SUSE Linux Enterprise example
susemanager-docs_en:
- Fixed the 'fast' switch ('-f') of the database migration script in the
Installation and Upgrade Guides
- Updated the Virtualization chapter in the Client Configuration Guide
- Added information about registering RHEL clients on Azure in the Import
Entitlements and Certificates section of the Client Configuration Guide
(bsc#1198944)
- In the Client Configuration Guide, package locking is now supported for
Ubuntu and Debian
- Fixed VisibleIf documentation in the Formula section of the Salt Guide
- Added note about importing CA certifcates in the Installation and
Upgrade Guide (bsc#1198358)
- Documented how to define monitored targets using the file-based service
discovery provided in the Prometheus formula of the Salt Guide
- Add note about OpenSCAP security profile support in OpenSCAP section of
the Administration Guide
- Fixed spacewalk-remove-channel command in Delete Channels section of the
Administration Guide (bsc#1199596)
- Large deployments guide now includes a mention of the proxy (bsc#1199577)
- Enhanced the Product Migration chapter of the Client Configuration Guide
with a SUSE Linux Enterprise example
susemanager-schema:
- Version 4.2.23-1
* Add schema directory for susemanager-schema-4.2.22
susemanager-sls:
- version 4.2.26-1
* Fix issue bootstrap issue with Debian 9 because missing
python3-contextvars (bsc#1201782)
- Version 4.2.25-1
* use RES bootstrap repo as a fallback for Red Hat downstream OS
(bsc#1200087)
* Add support to packages.pkgremove to deal with duplicated pkg names
(bsc#1198686)
* do not install products and gpg keys when performing distupgrade
dry-run (bsc#1199466)
* Fix deprecated warning when getting pillar data (bsc#1192850)
* remove unknown repository flags on EL
* add packages.pkgupdate state (bsc#1197507)
- Version 4.2.24-1
* Manage the correct minion config file when venv-salt-minion is
installed (bsc#1200703)
* Fix bootstrapping for Ubuntu 18.04 with classic Salt package
(bsc#1200707)
susemanager-sync-data:
- Version 4.2.13-1
* change release status of Debian 11 to released
virtual-host-gatherer:
- Declare the LICENSE file as license and not doc
woodstox:
- Declare the LICENSE file as license and not doc
xmlpull-api:
- Declare the LICENSE file as license and not doc
How to apply this update:
1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk
service: `spacewalk-service stop` 3. Apply the patch using either zypper
patch or YaST Online Update. 4. Start the Spacewalk service:
`spacewalk-service start`
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-2568=1
Package List:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (ppc64le s390x x86_64):
smdba-1.7.10-0.150300.3.9.2
spacewalk-branding-4.2.14-150300.3.12.3
susemanager-4.2.35-150300.3.36.1
susemanager-tools-4.2.35-150300.3.36.1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch):
apache-commons-csv-1.2-150300.3.3.2
apache-commons-math3-3.2-150300.3.3.2
drools-7.17.0-150300.4.3.2
jakarta-commons-validator-1.1.4-21.150300.21.3.3
jose4j-0.5.1-150300.3.3.2
kie-api-7.17.0-150300.4.3.2
mvel2-2.2.6.Final-150300.3.3.2
optaplanner-7.17.0-150300.4.3.2
py27-compat-salt-3000.3-150300.7.7.20.2
python3-spacewalk-certs-tools-4.2.17-150300.3.21.2
python3-spacewalk-client-tools-4.2.19-150300.4.21.3
python3-susemanager-retail-1.0.1653987003.92d4870-150300.3.3.2
spacecmd-4.2.18-150300.4.24.3
spacewalk-admin-4.2.11-150300.3.12.3
spacewalk-backend-4.2.23-150300.4.26.3
spacewalk-backend-app-4.2.23-150300.4.26.3
spacewalk-backend-applet-4.2.23-150300.4.26.3
spacewalk-backend-config-files-4.2.23-150300.4.26.3
spacewalk-backend-config-files-common-4.2.23-150300.4.26.3
spacewalk-backend-config-files-tool-4.2.23-150300.4.26.3
spacewalk-backend-iss-4.2.23-150300.4.26.3
spacewalk-backend-iss-export-4.2.23-150300.4.26.3
spacewalk-backend-package-push-server-4.2.23-150300.4.26.3
spacewalk-backend-server-4.2.23-150300.4.26.3
spacewalk-backend-sql-4.2.23-150300.4.26.3
spacewalk-backend-sql-postgresql-4.2.23-150300.4.26.3
spacewalk-backend-tools-4.2.23-150300.4.26.3
spacewalk-backend-xml-export-libs-4.2.23-150300.4.26.3
spacewalk-backend-xmlrpc-4.2.23-150300.4.26.3
spacewalk-base-4.2.28-150300.3.24.3
spacewalk-base-minimal-4.2.28-150300.3.24.3
spacewalk-base-minimal-config-4.2.28-150300.3.24.3
spacewalk-certs-tools-4.2.17-150300.3.21.2
spacewalk-client-tools-4.2.19-150300.4.21.3
spacewalk-html-4.2.28-150300.3.24.3
spacewalk-java-4.2.40-150300.3.40.2
spacewalk-java-config-4.2.40-150300.3.40.2
spacewalk-java-lib-4.2.40-150300.3.40.2
spacewalk-java-postgresql-4.2.40-150300.3.40.2
spacewalk-search-4.2.7-150300.3.9.2
spacewalk-setup-4.2.11-150300.3.15.2
spacewalk-taskomatic-4.2.40-150300.3.40.2
spacewalk-utils-4.2.17-150300.3.18.3
spacewalk-utils-extras-4.2.17-150300.3.18.3
subscription-matcher-0.29-150300.6.9.2
susemanager-doc-indexes-4.2-150300.12.30.3
susemanager-docs_en-4.2-150300.12.30.2
susemanager-docs_en-pdf-4.2-150300.12.30.2
susemanager-retail-tools-1.0.1653987003.92d4870-150300.3.3.2
susemanager-schema-4.2.23-150300.3.24.3
susemanager-sls-4.2.26-150300.3.30.1
susemanager-sync-data-4.2.13-150300.3.21.2
uyuni-config-modules-4.2.26-150300.3.30.1
virtual-host-gatherer-1.0.23-150300.3.6.2
virtual-host-gatherer-Kubernetes-1.0.23-150300.3.6.2
virtual-host-gatherer-Nutanix-1.0.23-150300.3.6.2
virtual-host-gatherer-VMware-1.0.23-150300.3.6.2
virtual-host-gatherer-libcloud-1.0.23-150300.3.6.2
woodstox-4.4.2-150300.3.3.2
xmlpull-api-1.1.3.1-150300.3.3.2
References:
https://www.suse.com/security/cve/CVE-2022-31248.html
https://bugzilla.suse.com/1179962
https://bugzilla.suse.com/1182742
https://bugzilla.suse.com/1189501
https://bugzilla.suse.com/1192850
https://bugzilla.suse.com/1193032
https://bugzilla.suse.com/1193238
https://bugzilla.suse.com/1194262
https://bugzilla.suse.com/1194394
https://bugzilla.suse.com/1196977
https://bugzilla.suse.com/1197429
https://bugzilla.suse.com/1197507
https://bugzilla.suse.com/1198191
https://bugzilla.suse.com/1198356
https://bugzilla.suse.com/1198358
https://bugzilla.suse.com/1198429
https://bugzilla.suse.com/1198646
https://bugzilla.suse.com/1198686
https://bugzilla.suse.com/1198914
https://bugzilla.suse.com/1198944
https://bugzilla.suse.com/1198999
https://bugzilla.suse.com/1199019
https://bugzilla.suse.com/1199036
https://bugzilla.suse.com/1199049
https://bugzilla.suse.com/1199438
https://bugzilla.suse.com/1199466
https://bugzilla.suse.com/1199523
https://bugzilla.suse.com/1199528
https://bugzilla.suse.com/1199577
https://bugzilla.suse.com/1199596
https://bugzilla.suse.com/1199629
https://bugzilla.suse.com/1199646
https://bugzilla.suse.com/1199656
https://bugzilla.suse.com/1199677
https://bugzilla.suse.com/1199679
https://bugzilla.suse.com/1199727
https://bugzilla.suse.com/1199874
https://bugzilla.suse.com/1199888
https://bugzilla.suse.com/1200087
https://bugzilla.suse.com/1200703
https://bugzilla.suse.com/1200707
https://bugzilla.suse.com/1200863
https://bugzilla.suse.com/1201782
https://bugzilla.suse.com/1201842
More information about the sle-security-updates
mailing list