SUSE-SU-2023:0345-1: important: Security update for SUSE Manager Server 4.3
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Feb 10 17:34:14 UTC 2023
SUSE Security Update: Security update for SUSE Manager Server 4.3
______________________________________________________________________________
Announcement ID: SUSE-SU-2023:0345-1
Rating: important
References: #1172110 #1195979 #1200801 #1202150 #1203478
#1203532 #1203826 #1204032 #1204126 #1204186
#1204235 #1204270 #1204330 #1204712 #1204715
#1204879 #1204932 #1205012 #1205040 #1205207
#1205255 #1205350 #1205489 #1205523 #1205644
#1205663 #1205749 #1205754 #1205890 #1205919
#1205943 #1206055 #1206160 #1206168 #1206186
#1206249 #1206276 #1206294 #1206336 #1206375
#1206470 #1206613 #1206666 #1206799 #1207136
Cross-References: CVE-2022-1415
CVSS scores:
CVE-2022-1415 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Server 4.3
SUSE Manager Server 4.3
______________________________________________________________________________
An update that solves one vulnerability and has 44 fixes is
now available.
Description:
This update fixes the following issues:
cobbler:
- Improve Cobbler performance with item cache and threadpool (bsc#1205489)
- Skip collections that are inconsistent instead of crashing (bsc#1205749)
- Add new "cobbler-tests-containers" subpackage which contains setup and
configuration files to run Cobbler tests in containers.
- Add missing code for previous patch file around boot_loaders migration.
- Avoid possible override of existing values during migration
of collections to 3.0.0 (bsc#1206160)
- Fix regression: allow empty string as interface_type value (bsc#1203478)
- Fix failing Cobbler tests after upgrading to 3.3.3.
drools:
- CVE-2022-1415: Deserialization of Untrusted Data: unsafe data
deserialization in DroolsStreamUtils.java (bsc#1204879)
grafana-formula:
- Version 0.8.0
* Set dashboard names depending on project
* Update dashboards to use new JSON schema
* Fix PostgreSQL dashboard queries
* Migrate deprecated panels to their current replacements
image-sync-formula:
- Update to version 0.1.1673279145.e7616bd
* Add form entry for use lates boot image pillar value (bsc#1206055)
inter-server-sync:
- Version 0.2.6
* Export package extra tags for complete debian repo metatdata
(bsc#1206375)
* Replace URLs in OS Images pillars when exporting and importing images
mgr-osad:
- Version 4.3.7-1
* Updated logrotate configuration (bsc#1206470)
mgr-push:
- Version 4.3.5-1
* Update translation strings
rhnlib:
- Version 4.3.5-1
* Don't get stuck at the end of SSL transfers (bsc#1204032)
saltboot-formula:
- Update to version 0.1.1673279145.e7616bd
* Add failsafe stop file when salt-minion does not stop (bsc#1172110)
* Add use case of saltboot group formula outside containerized env
(bsc#1206186)
* Add 'kernel_action' to saltboot form (bsc#1206055)
spacecmd:
- Version 4.3.18-1
* Add python-dateutil dependency, required to process date values in
spacecmd api calls
- Version 4.3.17-1
* Remove python3-simplejson dependency
* Correctly understand 'ssm' keyword on scap scheduling
* Add vendor_advisory information to errata_details call (bsc#1205207)
* Added two missing options to schedule product migration:
allow-vendor-change and remove-products-without-successor (bsc#1204126)
* Changed schedule product migration to use the correct API method
* Change default port of "Containerized Proxy configuration" 8022
spacewalk-backend:
- Version 4.3.18-1
* Add 'octet-stream' to accepted content-types for reposync mirrorlists
* Exclude invalid mirror urls for reposync (bsc#1203826)
* Compute headers as list of two-tuples to be used by url grabber
(bsc#1205523)
* Updated logrotate configuration (bsc#1206470)
* Add rhel_9 as Salt-enabled kickstart installation
* do not fetch mirrorlist when a file url is given
spacewalk-certs-tools:
- Version 4.3.17-1
* Backport SLE Micro bootstrap fixes
spacewalk-client-tools:
- Version 4.3.14-1
* Update translation strings
spacewalk-java:
- Version 4.3.46-1
* action chains: recognize transactional_update.reboot as a reboot action
- Version 4.3.45-1
* Improve logs when sls action chain file is missing
- Version 4.3.44-1
* Add reboot needed indicator to systems list
* Fix transaction commit behavior for Spark routes
* Fix modular channel check during system update via XMLRPC (bsc#1206613)
* Fix CVE Audit ignoring errata in parent channels if patch in successor
product exists (bsc#1206168)
* Fix CVE Audit incorrectly displaying predecessor product (bsc#1205663)
* Improve automatic dependency selection for vendor clones
* Optimize the number of salt calls on minion startup (bsc#1203532)
* Fix name for autoinstall snippets after Cobbler 3.3.3
* prevent ISE on activation key page when selected base channel value is
null
* Trigger a package profile update when a new live-patch is installed
(bsc#1206249)
* Fix HTTP API login status code when using wrong credentials
(bsc#1206666)
* Configure the reboot action for transactional systems appropriately
* Fix link to documentation in monitoring page
* Fix server error in product migration outside maintenance window
(bsc#1206276)
* Updated logrotate configuration (bsc#1206470)
* Only remove product catalog if PAYG ssh credentials are defined
(bsc#1205943)
* Source Select2 and jQuery UI from susemanager-frontend-libs
* Don't use hash in apidoc links
* Limit changelog data in generated metadata to 20 entries
* Fix internal server error when transferring system between
organizations
* Fix products controller to keep loading mandatory channels even when
there are broken channels (bsc#1204270)
* Move web dependencies from susemanager-frontend-libs to spacewalk-web
* Fix server error while bootstrapping SSH-managed Red Hat-like minion
(bsc#1205890)
* send notifications also as email if email notifications are enabled
* Add subscription warning notification to overview page
* Fix CLM to not remove necessary packages when filtering erratas
(bsc#1195979)
* Add vendor_advisory to errata.getDetails (bsc#1205207)
* Fix ClassCastException
* disable cloned vendor channel auto selection by default (bsc#1204186)
* Add SUSE Liberty Linux support for RHEL9 based clients
* Removed contents of certificates from the web UI logs (bsc#1204715)
* Fix kickstart for RHEL 9 to not add install command
* Remove RHEL kickstart types below 6
* Don't persist the YAML parser in FormulaFactory (bsc#1205754)
* format results for package, errata and image build actions in system
history similar to state apply results
* check for NULL in DEB package install size value
* adapt permissions of temporary ssh key directory
* Fixed traditional stack warning message to be displayed only when the
system has enterprise entitlement (bsc#1205350)
* Remove invalid errata selection after patch installation (bsc#1204235)
* Ignore insert conflicts during reporting database update (bsc#1202150)
* Allowed cancelling pending actions with a failed prerequisite
(bsc#1204712)
* Run only minion actions that are in the pending status (bsc#1205012)
* Allow usage of one FQDN to deploy containerized proxy in VM (#19586)
* Migrate formulas with default values to database (bsc#1204932)
spacewalk-search:
- Version 4.3.8-1
* Updated logrotate configuration (bsc#1206470)
* fix logging configuration of the search daemon (bsc#1206336)
spacewalk-utils:
- Version 4.3.16-1
* spacewalk-hostname-rename changes also report db host(bsc#1200801)
* Add Uyuni SLE-Micro Client Tools repositories
spacewalk-web:
- Version 4.3.27-1
* Add reboot needed indicator to systems list
* Fix salt keys page keeps loading when no key exists (bsc#1206799)
* Fix link to documentation in monitoring page
* Source Select2 and jQuery UI from susemanager-frontend-libs
* fix frontend logging in react pages
* Move web dependencies from susemanager-frontend-libs to spacewalk-web
supportutils-plugin-susemanager:
- Version 4.3.6-1
* update susemanager plugin to export the number of pending salt events
susemanager:
- Version 4.3.23-1
* fix bootstrap repo definition for SUSE Liberty Linux 9 and RHEL9
(bsc#1207136)
- Version 4.3.22-1
* fix tools channel detection on Uyuni
susemanager-build-keys:
- Version 15.4.7:
* add SUSE Liberty v2 key
susemanager-docs_en:
- Removed SUSE Linux Enterprise MicroOS technical preview admonitions from
the Client Configuration Guide
- Action chains now supported for SUSE Linux Enterprise MicroOS Product
Migration listed as unsupported for now for SUSE Linux Enterprise MicroOS
- Remove SUSE Linux Enterprise Micro requirement to preinstall
salt-transactional package
- Organized navigation bar in the Installation and Upgrade Guide
- Fixed SUSE Linux Enterprise Micro channel names in the Client
Configuration Guide
- Added SUSE Liberty Linux 9 clients as supported and now use the SUSE
Liberty Linux name more consistently
- Containerized proxy now allows usage of single FQDN. Documented in the
Installation and Upgrade Guide
- Added information about GPG key usuage in the Debian section of the
Client Configuration Guide
- Clarified monitoring components support matrix in the Client
Configuration Guide
- Added information on using Hub when managing greater than 10K clients to
the Hardware Requirements in the Installation and Upgrade Guide
- Improved Grafana configuration instructions in the Administration Guide
- Limit the changelog data in generated metadata in Administration Guide.
The default number of entries is now 20 and it is consistent with the
number of entries from SUSE Linux Enterprise
- Warning to emphasize about storage requirements before migration in the
Installation and Upgrade Guide
susemanager-schema:
- Version 4.3.16-1
* Remove legacy cluster_admin user group
* add subscription warning info pane
* Remove data related to RHEL below 6
* Increase cron_expr varchar length to 120 in suseRecurringAction table
(bsc#1205040)
susemanager-sls:
- Version 4.3.29-1
* Improve _mgractionchains.conf logs
* Prevent possible errors from "mgractionschains" module when there is
no action chain to resume
- Version 4.3.28-1
* Move transactional_update.conf to correct location
- Version 4.3.27-1
* Do not include pillar_only formulas in highstate
* Optimize the number of salt calls on minion startup (bsc#1203532)
* install SUSE Liberty v2 GPG key
* Bootstrap state now writes salt config in correct overlay on SLE Micro
(bsc#1206294)
* Fix reboot info beacon installation
* Add state to properly configure the reboot action for transactional
systems
* Updated logrotate configuration (bsc#1206470)
* Fix server error while bootstrapping SSH-managed Red Hat-like minion
(bsc#1205890)
* Avoid installing recommended packages from assigned products
(bsc#1204330) with suma_minion salt pillar extension module
(bsc#1205255)
susemanager-sync-data:
- Version 4.3.12-1
* change OES 2023 URL to https and make the tools channels mandatory
(bsc#1205644)
* remove version from product names as they are held separate
susemanager-tftpsync:
- Version 4.3.3-1
* Introduce threadpool for tftpsync to increase performance while
syncing files to proxies (bsc#1205489)
uyuni-common-libs:
- Version 4.3.7-1
* unify user notification code on java side
uyuni-setup-reportdb:
- Version 4.3.6-1
* Fix password generation in uyuni-setup-reportdb (bsc#1205919)
virtual-host-gatherer:
- Version 1.0.24-1
* Report total memory of a libvirt hypervisor
* Improve interoperability with other Python projects
How to apply this update:
1. Log in as root user to the SUSE Manager Server. 2. Stop the Spacewalk
service: `spacewalk-service stop` 3. Apply the patch using either zypper
patch or YaST Online Update. 4. Start the Spacewalk service:
`spacewalk-service start`
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.3:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-345=1
Package List:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (ppc64le s390x x86_64):
inter-server-sync-0.2.6-150400.3.12.3
inter-server-sync-debuginfo-0.2.6-150400.3.12.3
python3-uyuni-common-libs-4.3.7-150400.3.9.4
susemanager-4.3.23-150400.3.16.3
susemanager-tftpsync-4.3.3-150400.3.6.5
susemanager-tools-4.3.23-150400.3.16.3
- SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch):
cobbler-3.3.3-150400.5.17.3
drools-7.17.0-150400.3.9.3
grafana-formula-0.8.0-150400.3.6.3
image-sync-formula-0.1.1673279145.e7616bd-150400.3.9.3
mgr-osa-dispatcher-4.3.7-150400.3.3.4
mgr-push-4.3.5-150400.3.3.5
python3-mgr-osa-common-4.3.7-150400.3.3.4
python3-mgr-osa-dispatcher-4.3.7-150400.3.3.4
python3-mgr-push-4.3.5-150400.3.3.5
python3-rhnlib-4.3.5-150400.3.3.3
python3-spacewalk-certs-tools-4.3.17-150400.3.12.4
python3-spacewalk-client-tools-4.3.14-150400.3.12.5
saltboot-formula-0.1.1673279145.e7616bd-150400.3.6.3
spacecmd-4.3.18-150400.3.12.3
spacewalk-backend-4.3.18-150400.3.12.5
spacewalk-backend-app-4.3.18-150400.3.12.5
spacewalk-backend-applet-4.3.18-150400.3.12.5
spacewalk-backend-config-files-4.3.18-150400.3.12.5
spacewalk-backend-config-files-common-4.3.18-150400.3.12.5
spacewalk-backend-config-files-tool-4.3.18-150400.3.12.5
spacewalk-backend-iss-4.3.18-150400.3.12.5
spacewalk-backend-iss-export-4.3.18-150400.3.12.5
spacewalk-backend-package-push-server-4.3.18-150400.3.12.5
spacewalk-backend-server-4.3.18-150400.3.12.5
spacewalk-backend-sql-4.3.18-150400.3.12.5
spacewalk-backend-sql-postgresql-4.3.18-150400.3.12.5
spacewalk-backend-tools-4.3.18-150400.3.12.5
spacewalk-backend-xml-export-libs-4.3.18-150400.3.12.5
spacewalk-backend-xmlrpc-4.3.18-150400.3.12.5
spacewalk-base-4.3.27-150400.3.12.5
spacewalk-base-minimal-4.3.27-150400.3.12.5
spacewalk-base-minimal-config-4.3.27-150400.3.12.5
spacewalk-certs-tools-4.3.17-150400.3.12.4
spacewalk-client-tools-4.3.14-150400.3.12.5
spacewalk-html-4.3.27-150400.3.12.5
spacewalk-java-4.3.46-150400.3.28.1
spacewalk-java-config-4.3.46-150400.3.28.1
spacewalk-java-lib-4.3.46-150400.3.28.1
spacewalk-java-postgresql-4.3.46-150400.3.28.1
spacewalk-search-4.3.8-150400.3.9.3
spacewalk-taskomatic-4.3.46-150400.3.28.1
spacewalk-utils-4.3.16-150400.3.12.3
spacewalk-utils-extras-4.3.16-150400.3.12.3
supportutils-plugin-susemanager-4.3.6-150400.3.6.3
susemanager-build-keys-15.4.7-150400.3.12.3
susemanager-build-keys-web-15.4.7-150400.3.12.3
susemanager-docs_en-4.3-150400.9.19.1
susemanager-docs_en-pdf-4.3-150400.9.19.1
susemanager-schema-4.3.16-150400.3.12.4
susemanager-schema-utility-4.3.16-150400.3.12.4
susemanager-sls-4.3.29-150400.3.16.1
susemanager-sync-data-4.3.12-150400.3.11.3
uyuni-config-modules-4.3.29-150400.3.16.1
uyuni-setup-reportdb-4.3.6-150400.3.3.4
virtual-host-gatherer-1.0.24-150400.3.6.3
virtual-host-gatherer-Kubernetes-1.0.24-150400.3.6.3
virtual-host-gatherer-Nutanix-1.0.24-150400.3.6.3
virtual-host-gatherer-VMware-1.0.24-150400.3.6.3
virtual-host-gatherer-libcloud-1.0.24-150400.3.6.3
References:
https://www.suse.com/security/cve/CVE-2022-1415.html
https://bugzilla.suse.com/1172110
https://bugzilla.suse.com/1195979
https://bugzilla.suse.com/1200801
https://bugzilla.suse.com/1202150
https://bugzilla.suse.com/1203478
https://bugzilla.suse.com/1203532
https://bugzilla.suse.com/1203826
https://bugzilla.suse.com/1204032
https://bugzilla.suse.com/1204126
https://bugzilla.suse.com/1204186
https://bugzilla.suse.com/1204235
https://bugzilla.suse.com/1204270
https://bugzilla.suse.com/1204330
https://bugzilla.suse.com/1204712
https://bugzilla.suse.com/1204715
https://bugzilla.suse.com/1204879
https://bugzilla.suse.com/1204932
https://bugzilla.suse.com/1205012
https://bugzilla.suse.com/1205040
https://bugzilla.suse.com/1205207
https://bugzilla.suse.com/1205255
https://bugzilla.suse.com/1205350
https://bugzilla.suse.com/1205489
https://bugzilla.suse.com/1205523
https://bugzilla.suse.com/1205644
https://bugzilla.suse.com/1205663
https://bugzilla.suse.com/1205749
https://bugzilla.suse.com/1205754
https://bugzilla.suse.com/1205890
https://bugzilla.suse.com/1205919
https://bugzilla.suse.com/1205943
https://bugzilla.suse.com/1206055
https://bugzilla.suse.com/1206160
https://bugzilla.suse.com/1206168
https://bugzilla.suse.com/1206186
https://bugzilla.suse.com/1206249
https://bugzilla.suse.com/1206276
https://bugzilla.suse.com/1206294
https://bugzilla.suse.com/1206336
https://bugzilla.suse.com/1206375
https://bugzilla.suse.com/1206470
https://bugzilla.suse.com/1206613
https://bugzilla.suse.com/1206666
https://bugzilla.suse.com/1206799
https://bugzilla.suse.com/1207136
More information about the sle-security-updates
mailing list