SUSE-SU-2022:2568-1: important: Security update for SUSE Manager Server 4.2

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Jul 27 19:20:29 UTC 2022


   SUSE Security Update: Security update for SUSE Manager Server 4.2
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:2568-1
Rating:             important
References:         #1179962 #1182742 #1189501 #1192850 #1193032 
                    #1193238 #1194262 #1194394 #1196977 #1197429 
                    #1197507 #1198191 #1198356 #1198358 #1198429 
                    #1198646 #1198686 #1198914 #1198944 #1198999 
                    #1199019 #1199036 #1199049 #1199438 #1199466 
                    #1199523 #1199528 #1199577 #1199596 #1199629 
                    #1199646 #1199656 #1199677 #1199679 #1199727 
                    #1199874 #1199888 #1200087 #1200703 #1200707 
                    #1200863 #1201782 #1201842 
Cross-References:   CVE-2022-31248
CVSS scores:
                    CVE-2022-31248 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2022-31248 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:
                    SUSE Linux Enterprise Module for SUSE Manager Server 4.2
                    SUSE Manager Server 4.2
______________________________________________________________________________

   An update that solves one vulnerability and has 42 fixes is
   now available.

Description:


   This update fixes the following issues:

   apache-commons-csv:

   - Fix the URL for the package
   - Declare the LICENSE file as license and not doc

   apache-commons-math3:

   - Fix the URL for the package
   - Declare the LICENSE file as license and not doc

   drools:

   - Declare the LICENSE file as license and not doc

   jakarta-commons-validator:

   - Declare the LICENSE file as license and not doc

   jose4j:

   - Declare the LICENSE file as license and not doc

   kie-api:

   - Declare the LICENSE file as license and not doc

   mvel2:

   - Declare the LICENSE file as license and not doc

   optaplanner:

   - Declare the LICENSE file as license and not doc

   py27-compat-salt:

   - Remove redundant overrides causing confusing DEBUG logging (bsc#1189501)

   python-susemanager-retail:

   - Update to version 1.0.1653987003.92d4870
     * Fix messages and logging in retail_create_delta (bsc#1199727)

   smdba:

   - Declare the LICENSE file as license and not doc
   - Make EL egginfo removal more generic

   spacecmd:

   - Version 4.2.18-1
     * on full system update call schedulePackageUpdate API (bsc#1197507)

   spacewalk-admin:

   - Version 4.2.11-1
     * clarify schema upgrade check message (bsc#1198999)

   spacewalk-backend:

   - Version 4.2.23-1
     * Fix traceback on calling spacewalk-repo-sync --show-packages
       (bsc#1193238)
     * Fix virt_notify SQL syntax error (bsc#1199528)
     * store create-bootstrap logs in spacewalk-debug

   spacewalk-branding:

   - Version 4.2.14-1
     * Stylesheets and relevant assets are now provided by spacewalk-web

   spacewalk-certs-tools:

   - Version 4.2.17-1
     * use RES bootstrap repo as a fallback for Red Hat downstream OS
       (bsc#1200087)

   spacewalk-client-tools:

   - Version 4.2.19-1
     * Update translation strings

   spacewalk-java:
   - version 4.2.40-1
     * Fix conflict when system is assigned to multiple instances of the same
       formula (bsc#1194394)

   - Version 4.2.39-1
     * Keep the websocket connections alive with ping/pong frames
       (bsc#1199874)
     * Fix missing remote command history events for big output (bsc#1199656)
     * Improve CLM channel cloning performance (bsc#1199523)
     * fix api log message references the wrong user (bsc#1179962)
     * Show patch as installed in CVE Audit even if successor patch affects
       additional packages (bsc#1199646)
     * fix download of packages with caret sign in the version due to missing
       url decode
     * Prefer the Salt Bundle with Cobbler snippets configuration
       (minion_script and redhat_register_using_salt) (bsc#1198646)
     * During re-activation, recalculate grains if contact method has been
       changed (bsc#1199677)
     * Hide authentication data in PAYG UI (bsc#1199679)
     * autoinstallation: missing whitespace after install URL (bsc#1199888)
     * Improved handling of error messages during bootstrapping
     * skip forwarding data to scc if no credentials are available
     * Change system details lock tab name to lock/unlock (bsc#1193032)
     * Added a notification to inform the administrators about the product
       end-of-life
     * Set profile tag has no-mandatory in XCCDF result (bsc#1194262)
     * provisioning thought proxy should use proxy for self_update
       (bsc#1199036)
     * Allow removing duplicated packages names in the same Salt action
       (bsc#1198686)
     * fix NoSuchElementException when pkg install date is missing
     * Improve API documentation
     * Fix outdated documentation and release notes links
     * Fix error message in Kubernetes VHM creation dialog
     * Add createAppStreamFilters() XMLRPC function
     * Correct concurrency error on payg taskomatic task for updating
       certificates (#17783)
     * Fix ACL rules for config diff download for SLS files (bsc#1198914)
     * fix package selection for ubuntu errata install (bsc#1199049)
     * fix invalid link to action schedule
     * add schedulePackageUpdate() XMLRPC function (bsc#1197507)
     * update server needed cache after adding Ubuntu Errata (bsc#1196977)
     * check if file exists before sending it to xsendfile (bsc#1198191)
     * Display usertime instead of server time for clm issue date filter
       (bsc#1198429)
     * Redesign the auto errata task to schedule combined actions
       (bsc#1197429)
     * Fix send login(s) and send password actions to avoid user enumeration
       (bsc#1199629) (CVE-2022-31248)

   spacewalk-search:

   - Version 4.2.7-1
     * Update development configuration file

   spacewalk-setup:

   - Version 4.2.11-1
     * spacewalk-setup-cobbler assumes /etc/apache2/conf.d now as a default
       instead of /etc/httpd/conf.d (bsc#1198356)

   spacewalk-utils:

   - Version 4.2.17-1
     * spacewalk-hostname-rename now correctly replaces the hostname for the
       mgr-sync configuration file (bsc#1198356)
     * spacewalk-hostname-rename now utilizes the "--apache2-conf-dir" flag
       for spacewalk-setup-cobbler (bsc#1198356)

   spacewalk-web:

   - Version 4.2.28-1
     * Stylesheets and relevant assets are now provided by spacewalk-web
     * Remove nodejs-packaging as a build requirement
     * Hide authentication data in PAYG UI (bsc#1199679)
     * Improved handling of error messages during bootstrapping
     * Added support for end of life notifications
     * Improved test integration for dropdowns
     * Upgrade moment to 2.29.2
     * Fix outdated documentation and release notes links
     * Fix mimetype in kubeconfig validation request (bsc#1199019)

   subscription-matcher:

   - Declare the LICENSE file as license and not doc

   susemanager:

   - version 4.2.35-1
     * Add missing python3-gnupg to Debian10 bootstrap repo (bsc#1201842)
   - Version 4.2.34-1
     * mgr-sync: Raise a proper exception when duplicated lines exist in a
       config file (bsc#1182742)
     * add SLED 12 SP3 bootstrap repo definition (bsc#1199438)
   - Version 4.2.33-1
     * Fix issue with bootstrap repo definitions for RHEL/RES8 variants
       (bsc#1200863)

   susemanager-doc-indexes:

   - Fixed the 'fast' switch ('-f') of the database migration script in the
     Installation and Upgrade Guides
   - Updated the Virtualization chapter in the Client Configuration Guide
   - Added information about registering RHEL clients on Azure in the Import
     Entitlements and Certificates section of the Client Configuration Guide
     (bsc#1198944)
   - In the Client Configuration Guide, package locking is now supported for
     Ubuntu and Debian
   - Fixed VisibleIf documentation in the Formula section of the Salt Guide
   - Added note about importing CA certifcates in the Installation and
     Upgrade Guide (bsc#1198358)
   - Documented how to define monitored targets using the file-based service
     discovery provided in the Prometheus formula of the Salt Guide
   - Add note about OpenSCAP security profile support in OpenSCAP section of
     the Administration Guide
   - Fixed spacewalk-remove-channel command in Delete Channels section of the
     Administration Guide (bsc#1199596)
   - Large deployments guide now includes a mention of the proxy (bsc#1199577)
   - Enhanced the Product Migration chapter of the Client Configuration Guide
     with a SUSE Linux Enterprise example

   susemanager-docs_en:

   - Fixed the 'fast' switch ('-f') of the database migration script in the
     Installation and Upgrade Guides
   - Updated the Virtualization chapter in the Client Configuration Guide
   - Added information about registering RHEL clients on Azure in the Import
     Entitlements and Certificates section of the Client Configuration Guide
     (bsc#1198944)
   - In the Client Configuration Guide, package locking is now supported for
     Ubuntu and Debian
   - Fixed VisibleIf documentation in the Formula section of the Salt Guide
   - Added note about importing CA certifcates in the Installation and
     Upgrade Guide (bsc#1198358)
   - Documented how to define monitored targets using the file-based service
     discovery provided in the Prometheus formula of the Salt Guide
   - Add note about OpenSCAP security profile support in OpenSCAP section of
     the Administration Guide
   - Fixed spacewalk-remove-channel command in Delete Channels section of the
     Administration Guide (bsc#1199596)
   - Large deployments guide now includes a mention of the proxy (bsc#1199577)
   - Enhanced the Product Migration chapter of the Client Configuration Guide
     with a SUSE Linux Enterprise example

   susemanager-schema:

   - Version 4.2.23-1
     * Add schema directory for susemanager-schema-4.2.22

   susemanager-sls:

   - version 4.2.26-1
     * Fix issue bootstrap issue with Debian 9 because missing
       python3-contextvars (bsc#1201782)
   - Version 4.2.25-1
     * use RES bootstrap repo as a fallback for Red Hat downstream OS
       (bsc#1200087)
     * Add support to packages.pkgremove to deal with duplicated pkg names
       (bsc#1198686)
     * do not install products and gpg keys when performing distupgrade
       dry-run (bsc#1199466)
     * Fix deprecated warning when getting pillar data (bsc#1192850)
     * remove unknown repository flags on EL
     * add packages.pkgupdate state (bsc#1197507)
   - Version 4.2.24-1
     * Manage the correct minion config file when venv-salt-minion is
       installed (bsc#1200703)
     * Fix bootstrapping for Ubuntu 18.04 with classic Salt package
       (bsc#1200707)

   susemanager-sync-data:

   - Version 4.2.13-1
     * change release status of Debian 11 to released

   virtual-host-gatherer:

   - Declare the LICENSE file as license and not doc

   woodstox:

   - Declare the LICENSE file as license and not doc

   xmlpull-api:

   - Declare the LICENSE file as license and not doc

   How to apply this update:

   1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk
   service: `spacewalk-service stop` 3. Apply the patch using either zypper
   patch or YaST Online Update. 4. Start the Spacewalk service:
   `spacewalk-service start`


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.2:

      zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-2568=1



Package List:

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (ppc64le s390x x86_64):

      smdba-1.7.10-0.150300.3.9.2
      spacewalk-branding-4.2.14-150300.3.12.3
      susemanager-4.2.35-150300.3.36.1
      susemanager-tools-4.2.35-150300.3.36.1

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch):

      apache-commons-csv-1.2-150300.3.3.2
      apache-commons-math3-3.2-150300.3.3.2
      drools-7.17.0-150300.4.3.2
      jakarta-commons-validator-1.1.4-21.150300.21.3.3
      jose4j-0.5.1-150300.3.3.2
      kie-api-7.17.0-150300.4.3.2
      mvel2-2.2.6.Final-150300.3.3.2
      optaplanner-7.17.0-150300.4.3.2
      py27-compat-salt-3000.3-150300.7.7.20.2
      python3-spacewalk-certs-tools-4.2.17-150300.3.21.2
      python3-spacewalk-client-tools-4.2.19-150300.4.21.3
      python3-susemanager-retail-1.0.1653987003.92d4870-150300.3.3.2
      spacecmd-4.2.18-150300.4.24.3
      spacewalk-admin-4.2.11-150300.3.12.3
      spacewalk-backend-4.2.23-150300.4.26.3
      spacewalk-backend-app-4.2.23-150300.4.26.3
      spacewalk-backend-applet-4.2.23-150300.4.26.3
      spacewalk-backend-config-files-4.2.23-150300.4.26.3
      spacewalk-backend-config-files-common-4.2.23-150300.4.26.3
      spacewalk-backend-config-files-tool-4.2.23-150300.4.26.3
      spacewalk-backend-iss-4.2.23-150300.4.26.3
      spacewalk-backend-iss-export-4.2.23-150300.4.26.3
      spacewalk-backend-package-push-server-4.2.23-150300.4.26.3
      spacewalk-backend-server-4.2.23-150300.4.26.3
      spacewalk-backend-sql-4.2.23-150300.4.26.3
      spacewalk-backend-sql-postgresql-4.2.23-150300.4.26.3
      spacewalk-backend-tools-4.2.23-150300.4.26.3
      spacewalk-backend-xml-export-libs-4.2.23-150300.4.26.3
      spacewalk-backend-xmlrpc-4.2.23-150300.4.26.3
      spacewalk-base-4.2.28-150300.3.24.3
      spacewalk-base-minimal-4.2.28-150300.3.24.3
      spacewalk-base-minimal-config-4.2.28-150300.3.24.3
      spacewalk-certs-tools-4.2.17-150300.3.21.2
      spacewalk-client-tools-4.2.19-150300.4.21.3
      spacewalk-html-4.2.28-150300.3.24.3
      spacewalk-java-4.2.40-150300.3.40.2
      spacewalk-java-config-4.2.40-150300.3.40.2
      spacewalk-java-lib-4.2.40-150300.3.40.2
      spacewalk-java-postgresql-4.2.40-150300.3.40.2
      spacewalk-search-4.2.7-150300.3.9.2
      spacewalk-setup-4.2.11-150300.3.15.2
      spacewalk-taskomatic-4.2.40-150300.3.40.2
      spacewalk-utils-4.2.17-150300.3.18.3
      spacewalk-utils-extras-4.2.17-150300.3.18.3
      subscription-matcher-0.29-150300.6.9.2
      susemanager-doc-indexes-4.2-150300.12.30.3
      susemanager-docs_en-4.2-150300.12.30.2
      susemanager-docs_en-pdf-4.2-150300.12.30.2
      susemanager-retail-tools-1.0.1653987003.92d4870-150300.3.3.2
      susemanager-schema-4.2.23-150300.3.24.3
      susemanager-sls-4.2.26-150300.3.30.1
      susemanager-sync-data-4.2.13-150300.3.21.2
      uyuni-config-modules-4.2.26-150300.3.30.1
      virtual-host-gatherer-1.0.23-150300.3.6.2
      virtual-host-gatherer-Kubernetes-1.0.23-150300.3.6.2
      virtual-host-gatherer-Nutanix-1.0.23-150300.3.6.2
      virtual-host-gatherer-VMware-1.0.23-150300.3.6.2
      virtual-host-gatherer-libcloud-1.0.23-150300.3.6.2
      woodstox-4.4.2-150300.3.3.2
      xmlpull-api-1.1.3.1-150300.3.3.2


References:

   https://www.suse.com/security/cve/CVE-2022-31248.html
   https://bugzilla.suse.com/1179962
   https://bugzilla.suse.com/1182742
   https://bugzilla.suse.com/1189501
   https://bugzilla.suse.com/1192850
   https://bugzilla.suse.com/1193032
   https://bugzilla.suse.com/1193238
   https://bugzilla.suse.com/1194262
   https://bugzilla.suse.com/1194394
   https://bugzilla.suse.com/1196977
   https://bugzilla.suse.com/1197429
   https://bugzilla.suse.com/1197507
   https://bugzilla.suse.com/1198191
   https://bugzilla.suse.com/1198356
   https://bugzilla.suse.com/1198358
   https://bugzilla.suse.com/1198429
   https://bugzilla.suse.com/1198646
   https://bugzilla.suse.com/1198686
   https://bugzilla.suse.com/1198914
   https://bugzilla.suse.com/1198944
   https://bugzilla.suse.com/1198999
   https://bugzilla.suse.com/1199019
   https://bugzilla.suse.com/1199036
   https://bugzilla.suse.com/1199049
   https://bugzilla.suse.com/1199438
   https://bugzilla.suse.com/1199466
   https://bugzilla.suse.com/1199523
   https://bugzilla.suse.com/1199528
   https://bugzilla.suse.com/1199577
   https://bugzilla.suse.com/1199596
   https://bugzilla.suse.com/1199629
   https://bugzilla.suse.com/1199646
   https://bugzilla.suse.com/1199656
   https://bugzilla.suse.com/1199677
   https://bugzilla.suse.com/1199679
   https://bugzilla.suse.com/1199727
   https://bugzilla.suse.com/1199874
   https://bugzilla.suse.com/1199888
   https://bugzilla.suse.com/1200087
   https://bugzilla.suse.com/1200703
   https://bugzilla.suse.com/1200707
   https://bugzilla.suse.com/1200863
   https://bugzilla.suse.com/1201782
   https://bugzilla.suse.com/1201842



More information about the sle-security-updates mailing list