SUSE-SU-2022:3194-1: moderate: Security update for SUSE Manager Server 4.3
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Thu Sep 8 13:31:47 UTC 2022
SUSE Security Update: Security update for SUSE Manager Server 4.3
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3194-1
Rating: moderate
References: #1172179 #1179962 #1186011 #1187028 #1191925
#1194394 #1195455 #1198356 #1198358 #1198944
#1199147 #1199157 #1199523 #1199629 #1199646
#1199656 #1199659 #1199662 #1199663 #1199679
#1199714 #1199727 #1199779 #1199817 #1199874
#1199950 #1199984 #1199998 #1200276 #1200347
#1200532 #1200591 #1200606 #1200707 #1201003
#1201142 #1201189 #1201224 #1201411 #1201498
#1201782 #1201842
Cross-References: CVE-2022-31248
CVSS scores:
CVE-2022-31248 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2022-31248 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Server 4.3
SUSE Manager Server 4.3
______________________________________________________________________________
An update that solves one vulnerability and has 41 fixes is
now available.
Description:
This update fixes the following issues:
apache-commons-csv:
- Fix the URL for the package
- Declare the LICENSE file as license and not doc
apache-commons-math3:
- Fix the URL for the package
- Declare the LICENSE file as license and not doc
drools:
- Declare the LICENSE file as license and not doc
image-sync-formula:
- Update to version 0.1.1658330139.861779d
* Fix deleting of unused boot images
* Support deltas for system images (bsc#1201498)
* Do not try to show changes in images (bsc#1199998)
inter-server-sync:
- Version 0.2.3
* Compress exported sql data #16631
jakarta-commons-validator:
- Declare the LICENSE file as license and not doc
jose4j:
- Declare the LICENSE file as license and not doc
kie-api:
- Declare the LICENSE file as license and not doc
mvel2:
- Declare the LICENSE file as license and not doc
optaplanner:
- Declare the LICENSE file as license and not doc
python-susemanager-retail:
- Update to version 0.1.1658330139.861779d
* Support deltas for system images (bsc#1201498)
* Fix error message on incorrect --log-level arg (bsc#1199727)
python-urlgrabber:
- Fix wrong logic on find_proxy method causing proxy not being used
reprepro:
- Bump up the maxsize on a fixed-size C buffer to avoid breaking on some
autogenerated rust packages
- Flush stdout and stderr before execv of an end hook
- Add support for Zstd compressed debs
- Added alternative package name for db4-devel.
salt-netapi-client:
- Declare the LICENSE file as license and not doc
smdba:
- Declare the LICENSE file as license and not doc
spacecmd:
- Version 4.3.14-1
* Fix missing argument on system_listmigrationtargets (bsc#1201003)
* Show correct help on calling kickstart_importjson with no arguments
* Fix tracebacks on spacecmd kickstart_export (bsc#1200591)
* Change proxy container config default filename to end with tar.gz
spacewalk:
- Version 4.3.5-1
* Simplified PostgreSQL14 requirement.
* Update server-migrator to dist-upgrade to openSUSE 15.4
spacewalk-backend:
- Version 4.3.15-1
* cleanup leftovers from removing unused xmlrpc endpoint
* Fix issues with "http proxy" not being used by reposync in some cases
spacewalk-certs-tools:
- Version 4.3.14-1
* traditional stack bootstrap: install product packages (bsc#1201142)
* display messages to restart services after certificate change
* improve CA Chain checking by comparing authorityKeyIdentifier with
subjectKeyIdentifier
spacewalk-client-tools:
- Version 4.3.11-1
* Update translation strings
spacewalk-config:
- Version 4.3.9-1
* fix posttrans error "RHN-ORG-TRUSTED-SSL-CERT" not found
spacewalk-java:
- Version 4.3.35-1
* Modify parameter type when communicating with the search server
(bsc#1187028)
* Fix hibernate error on deleting an image with delta
* Changed logout method to POST on HTTP API (bsc#1199663)
* Turned API information endpoints public (bsc#1199817)
* Fix typo and ordering of JSON over HTTP API example scripts
* Improved log handling in HTTP API (bsc#1199662)
* set Channel GPG Key info from SCC data
* set GPG Key Url as channel pillar data (bsc#1199984)
* new API endpoint for addErrataUpdate, that take multiple servers as
argument
* Move ImageSync pillars to database (bsc#1199157)
* Fix conflict when system is assigned to multiple instances of the same
formula (bsc#1194394)
* Fix initial profile and build host on Image Build page (bsc#1199659)
* Convert formula integer values when upgrading (bsc#1200347)
* Cleanup salt known_hosts when generating proxy containers config
* Modify proxy containers configuration files set output
* Change proxy containers config to tarball with yaml files
* Fixed date format on scheduler related messages (bsc#1195455)
* Improved dropdown layout handling
* Fix download CSV
* Hide authentication data in PAYG UI (bsc#1199679)
* Clean grub2 reinstall entry in autoyast snippet (bsc#1199950)
* Show reboot alert message on all system detail pages (bsc#1199779)
* Show patch as installed in CVE Audit even if successor patch affects
additional packages (bsc#1199646)
* Fix refresh action confirmation message when no system is selected
* Fix Intenal Server Error when URI contains invalid sysid (bsc#1186011)
* Fix notification message on system properties update to ensure style
consistency (bsc#1172179)
* Fix containerized proxy configuration machine name
* Improve CLM channel cloning performance (bsc#1199523)
* Keep the websocket connections alive with ping/pong frames
(bsc#1199874)
* add detection of Ubuntu 22.04
* fix missing remote command history events for big output (bsc#1199656)
* fix api log message references the wrong user (bsc#1179962)
* Consistently use conf value for SPA engine timeout
* fix download of packages with caret sign in the version due to missing
url decode
* Add specific requirement for Cobbler 3.2.1 to not conflict with Leap
15.4
* Fix send login(s) and send password actions to avoid user enumeration
(bsc#1199629) (CVE-2022-31248)
spacewalk-search:
- Version 4.3.6-1
* Add method to handle session id as String
* Migrated from log4j1.x.x to log4j2.x.x
* update ivy development files
spacewalk-setup:
- Version 4.3.10-1
* spacewalk-setup-cobbler assumes /etc/apache2/conf.d now as a default
instead of /etc/httpd/conf.d (bsc#1198356)
* Allow alternative usage of perl-Net-LibIDN2.
spacewalk-utils:
- Version 4.3.13-1
* change gpg key urls to file urls where possible
* spacewalk-hostname-rename now correctly replaces the hostname for the
mgr-sync configuration file (bsc#1198356)
* spacewalk-hostname-rename now utilizes the "--apache2-conf-dir" flag
for spacewalk-setup-cobbler
* Add repositories for Ubuntu 22.04 LTS
* Add AlmaLinux 9 and Oracle Linux 9 to spacewalk-common-channels
* Add missing SLES 15 SP4 client tools repositories to
spacewalk-common-channels.ini
* add deprecation warning for spacewalk-clone-by-date
* Add EPEL8 for Almalinux 8 and Rocky 8 in spacewalk-common-channels.ini
* openSUSE Leap 15.4 repositories
spacewalk-web:
- Version 4.3.23-1
* Update the version for the WebUI
* Fix initial profile and build host on Image Build page (bsc#1199659)
* Handle multi line error messages in proxy containers config creation
* Hide authentication data in PAYG UI (bsc#1199679)
* add textarea to formulas
* Consistently use conf value for SPA engine timeout
* Remove nodejs-packaging as a build requirement
* Update translation strings
subscription-matcher:
- Declare the LICENSE file as license and not doc
susemanager:
- Version 4.3.18-1
* Add missing python3-gnupg to Debian10 bootstrap repo (bsc#1201842)
* Add clients tool product to generate bootstrap repo on OpenSUSE 15.x
(bsc#1201189)
* Add Oracle Linux 9 bootstrap repositories for Uyuni
* Add AlmaLinux 9 bootstrap repositories for Uyuni
* Add Red Hat Enterprise Linux 9 repositories for Uyuni
* Make the Salt Bundle optional for bootstrap repositories for Debian 9
and SUSE Manager Proxy 4.2
* Enable bootstrapping for Ubuntu 22.04 LTS
* fix pg-migrate-x-to-y.sh comment: migration without creating backup
use -f option
* bootstrap repo: set optional packages
* Add python3-contextvars and python3-immutables to missing bootstrap
repos (bsc#1200606)
* Update server-migrator to dist-upgrade to openSUSE 15.4
susemanager-build-keys:
- Version 15.4.3
* Add Uyuni Client Tools key
* Install keys for Client Tools Channels in salt filesystem to be able
to deploy them to clients
* Add openEuler 22.03 key
* Add AlmaLinux 9 key
* Add Oracle Linux 9 keys
* RPM-GPG-KEY-openEuler
* RPM-GPG-KEY-AlmaLinux-9
* RPM-GPG-KEY-oracle
* RPM-GPG-KEY-oracle-backup
susemanager-docs_en:
- Described disabling local repositories in Client Configuration Guide
- Remove misleading installation screen shots in the Installation and
Upgrade Guide (bsc#1201411)
- Fixed Ubuntu 18 Client registration in Client Configuration Guide
(bsc#1201224)
- Removed sle-module-pythonX in VM Installation chapter of Installation
and Upgrade Guide because SUSE Manager 4.3 does not require it
- In the Custom Channel section of the Administration Guide add a note
about synchronizing repositories regularly
- Removed SUSE Linux Enterprise 11 from the list of supported client
systems
- Update section about changing SSL certificates
- Added ports 1232 and 1233 in the Ports section of the Installation and
Upgrade Guide; required for Salt SSH Push (bsc#1200532)
- Fixed 'fast' switch ('-f') of the database migration script in
Installation and Upgrade Guide
- Updated Virtualization chapter in Client Configuration Guide; more
on limitation other than Xen and KVM
- Added information about registering RHEL clients on Azure in the Import
Entitlements and Certificates section of the Client Configuration Guide
(bsc#1198944)
- Fixed VisibleIf documentation in Formula section of the Salt Guide
- Added note about importing CA certifcate in Installation and Upgrade
Guide (bsc#1198358)
- Documented defining monitored targets using file-based service discovery
provided in the Prometheus formula in the Salt Guide
- In Supported Clients and Features chapter in Client Configuration Guide,
remove SUSE Linux Enterprise 11 (bsc#1199147)
- Improve traditional client deprecation statement in Client Configuration
Guide (bsc#1199714)
susemanager-schema:
- Version 4.3.13-1
* update GPG key urls in channels set by spacewalk-common-channels
* add gpg key info to suseProductSCCRepository (bsc#1199984)
* Move ImageSync pillars to database (bsc#1199157)
susemanager-sls:
- Version 4.3.24-1
* Fix issue bootstrap issue with Debian 9 because missing
python3-contextvars (bsc#1201782)
* Fix deploy of SLE Micro CA Certificate (bsc#1200276)
* disable local repos before bootstrap and at highstate (bsc#1191925)
* deploy GPG keys to the clients and define trust in channels
(bsc#1199984)
* Enable basic support for Ubuntu 22.04
* Add port parameter to mgrutil.remove_ssh_known_host
* Prevent possible tracebacks on calling module.run from mgrcompat by
setting proper globals with using LazyLoader
* Fix bootstrapping for Ubuntu 18.04 with classic Salt package
(bsc#1200707)
* create CA certificate symlink on Proxies which might get lost due to
de-installation of the ca package
uyuni-common-libs:
- Version 4.3.5-1
* Fix reposync issue about 'rpm.hdr' object has no attribute 'get'
virtual-host-gatherer:
- Declare the LICENSE file as license and not doc
woodstox:
- Declare the LICENSE file as license and not doc
xmlpull-api:
- Declare the LICENSE file as license and not doc
How to apply this update:
1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk
service: `spacewalk-service stop` 3. Apply the patch using either zypper
patch or YaST Online Update. 4. Start the Spacewalk service:
`spacewalk-service start`
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.3:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3194=1
Package List:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (ppc64le s390x x86_64):
inter-server-sync-0.2.3-150400.3.3.1
inter-server-sync-debuginfo-0.2.3-150400.3.3.1
python3-uyuni-common-libs-4.3.5-150400.3.3.2
reprepro-5.3.0-150400.3.3.1
reprepro-debuginfo-5.3.0-150400.3.3.1
reprepro-debugsource-5.3.0-150400.3.3.1
smdba-1.7.10-0.150400.4.3.1
susemanager-4.3.18-150400.3.3.2
susemanager-tools-4.3.18-150400.3.3.2
- SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch):
apache-commons-csv-1.2-150400.3.3.1
apache-commons-math3-3.2-150400.3.3.1
drools-7.17.0-150400.3.3.1
image-sync-formula-0.1.1658330139.861779d-150400.3.3.1
jakarta-commons-validator-1.1.4-21.150400.21.3.4
jose4j-0.5.1-150400.3.3.1
kie-api-7.17.0-150400.3.3.1
mvel2-2.2.6.Final-150400.3.3.1
optaplanner-7.17.0-150400.3.3.1
python3-spacewalk-certs-tools-4.3.14-150400.3.3.2
python3-spacewalk-client-tools-4.3.11-150400.3.3.4
python3-susemanager-retail-1.0.1658330139.861779d-150400.3.3.1
python3-urlgrabber-4.1.0-150400.3.3.1
salt-netapi-client-0.20.0-150400.3.3.5
spacecmd-4.3.14-150400.3.3.2
spacewalk-backend-4.3.15-150400.3.3.5
spacewalk-backend-app-4.3.15-150400.3.3.5
spacewalk-backend-applet-4.3.15-150400.3.3.5
spacewalk-backend-config-files-4.3.15-150400.3.3.5
spacewalk-backend-config-files-common-4.3.15-150400.3.3.5
spacewalk-backend-config-files-tool-4.3.15-150400.3.3.5
spacewalk-backend-iss-4.3.15-150400.3.3.5
spacewalk-backend-iss-export-4.3.15-150400.3.3.5
spacewalk-backend-package-push-server-4.3.15-150400.3.3.5
spacewalk-backend-server-4.3.15-150400.3.3.5
spacewalk-backend-sql-4.3.15-150400.3.3.5
spacewalk-backend-sql-postgresql-4.3.15-150400.3.3.5
spacewalk-backend-tools-4.3.15-150400.3.3.5
spacewalk-backend-xml-export-libs-4.3.15-150400.3.3.5
spacewalk-backend-xmlrpc-4.3.15-150400.3.3.5
spacewalk-base-4.3.23-150400.3.3.4
spacewalk-base-minimal-4.3.23-150400.3.3.4
spacewalk-base-minimal-config-4.3.23-150400.3.3.4
spacewalk-certs-tools-4.3.14-150400.3.3.2
spacewalk-client-tools-4.3.11-150400.3.3.4
spacewalk-common-4.3.5-150400.3.3.2
spacewalk-config-4.3.9-150400.3.3.3
spacewalk-html-4.3.23-150400.3.3.4
spacewalk-java-4.3.35-150400.3.3.5
spacewalk-java-config-4.3.35-150400.3.3.5
spacewalk-java-lib-4.3.35-150400.3.3.5
spacewalk-java-postgresql-4.3.35-150400.3.3.5
spacewalk-postgresql-4.3.5-150400.3.3.2
spacewalk-search-4.3.6-150400.3.3.3
spacewalk-setup-4.3.10-150400.3.3.3
spacewalk-taskomatic-4.3.35-150400.3.3.5
spacewalk-utils-4.3.13-150400.3.3.3
spacewalk-utils-extras-4.3.13-150400.3.3.3
subscription-matcher-0.29-150400.3.3.1
susemanager-build-keys-15.4.3-150400.3.3.1
susemanager-build-keys-web-15.4.3-150400.3.3.1
susemanager-docs_en-4.3-150400.9.3.1
susemanager-docs_en-pdf-4.3-150400.9.3.1
susemanager-retail-tools-1.0.1658330139.861779d-150400.3.3.1
susemanager-schema-4.3.13-150400.3.3.3
susemanager-schema-utility-4.3.13-150400.3.3.3
susemanager-sls-4.3.24-150400.3.3.1
uyuni-config-modules-4.3.24-150400.3.3.1
virtual-host-gatherer-1.0.23-150400.3.3.1
virtual-host-gatherer-Kubernetes-1.0.23-150400.3.3.1
virtual-host-gatherer-Nutanix-1.0.23-150400.3.3.1
virtual-host-gatherer-VMware-1.0.23-150400.3.3.1
virtual-host-gatherer-libcloud-1.0.23-150400.3.3.1
woodstox-4.4.2-150400.3.3.1
xmlpull-api-1.1.3.1-150400.3.3.1
References:
https://www.suse.com/security/cve/CVE-2022-31248.html
https://bugzilla.suse.com/1172179
https://bugzilla.suse.com/1179962
https://bugzilla.suse.com/1186011
https://bugzilla.suse.com/1187028
https://bugzilla.suse.com/1191925
https://bugzilla.suse.com/1194394
https://bugzilla.suse.com/1195455
https://bugzilla.suse.com/1198356
https://bugzilla.suse.com/1198358
https://bugzilla.suse.com/1198944
https://bugzilla.suse.com/1199147
https://bugzilla.suse.com/1199157
https://bugzilla.suse.com/1199523
https://bugzilla.suse.com/1199629
https://bugzilla.suse.com/1199646
https://bugzilla.suse.com/1199656
https://bugzilla.suse.com/1199659
https://bugzilla.suse.com/1199662
https://bugzilla.suse.com/1199663
https://bugzilla.suse.com/1199679
https://bugzilla.suse.com/1199714
https://bugzilla.suse.com/1199727
https://bugzilla.suse.com/1199779
https://bugzilla.suse.com/1199817
https://bugzilla.suse.com/1199874
https://bugzilla.suse.com/1199950
https://bugzilla.suse.com/1199984
https://bugzilla.suse.com/1199998
https://bugzilla.suse.com/1200276
https://bugzilla.suse.com/1200347
https://bugzilla.suse.com/1200532
https://bugzilla.suse.com/1200591
https://bugzilla.suse.com/1200606
https://bugzilla.suse.com/1200707
https://bugzilla.suse.com/1201003
https://bugzilla.suse.com/1201142
https://bugzilla.suse.com/1201189
https://bugzilla.suse.com/1201224
https://bugzilla.suse.com/1201411
https://bugzilla.suse.com/1201498
https://bugzilla.suse.com/1201782
https://bugzilla.suse.com/1201842
More information about the sle-security-updates
mailing list