SUSE-SU-2023:0345-1: important: Security update for SUSE Manager Server 4.3

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Feb 10 17:34:14 UTC 2023


   SUSE Security Update: Security update for SUSE Manager Server 4.3
______________________________________________________________________________

Announcement ID:    SUSE-SU-2023:0345-1
Rating:             important
References:         #1172110 #1195979 #1200801 #1202150 #1203478 
                    #1203532 #1203826 #1204032 #1204126 #1204186 
                    #1204235 #1204270 #1204330 #1204712 #1204715 
                    #1204879 #1204932 #1205012 #1205040 #1205207 
                    #1205255 #1205350 #1205489 #1205523 #1205644 
                    #1205663 #1205749 #1205754 #1205890 #1205919 
                    #1205943 #1206055 #1206160 #1206168 #1206186 
                    #1206249 #1206276 #1206294 #1206336 #1206375 
                    #1206470 #1206613 #1206666 #1206799 #1207136 
                    
Cross-References:   CVE-2022-1415
CVSS scores:
                    CVE-2022-1415 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected Products:
                    SUSE Linux Enterprise Module for SUSE Manager Server 4.3
                    SUSE Manager Server 4.3
______________________________________________________________________________

   An update that solves one vulnerability and has 44 fixes is
   now available.

Description:


   This update fixes the following issues:

   cobbler:

   - Improve Cobbler performance with item cache and threadpool (bsc#1205489)
   - Skip collections that are inconsistent instead of crashing (bsc#1205749)
   - Add new "cobbler-tests-containers" subpackage which contains setup and
     configuration files to run Cobbler tests in containers.
   - Add missing code for previous patch file around boot_loaders migration.
   - Avoid possible override of existing values during migration
     of collections to 3.0.0 (bsc#1206160)
   - Fix regression: allow empty string as interface_type value (bsc#1203478)
   - Fix failing Cobbler tests after upgrading to 3.3.3.

   drools:

   - CVE-2022-1415: Deserialization of Untrusted Data: unsafe data
     deserialization in DroolsStreamUtils.java (bsc#1204879)

   grafana-formula:

   - Version 0.8.0
     * Set dashboard names depending on project
     * Update dashboards to use new JSON schema
     * Fix PostgreSQL dashboard queries
     * Migrate deprecated panels to their current replacements

   image-sync-formula:

   - Update to version 0.1.1673279145.e7616bd
     * Add form entry for use lates boot image pillar value (bsc#1206055)

   inter-server-sync:

   - Version 0.2.6
     * Export package extra tags for complete debian repo metatdata
       (bsc#1206375)
     * Replace URLs in OS Images pillars when exporting and importing images

   mgr-osad:

   - Version 4.3.7-1
     * Updated logrotate configuration (bsc#1206470)

   mgr-push:

   - Version 4.3.5-1
     * Update translation strings

   rhnlib:

   - Version 4.3.5-1
     * Don't get stuck at the end of SSL transfers (bsc#1204032)

   saltboot-formula:

   - Update to version 0.1.1673279145.e7616bd
     * Add failsafe stop file when salt-minion does not stop (bsc#1172110)
     * Add use case of saltboot group formula outside containerized env
       (bsc#1206186)
     * Add 'kernel_action' to saltboot form (bsc#1206055)

   spacecmd:

   - Version 4.3.18-1
     * Add python-dateutil dependency, required to process date values in
       spacecmd api calls
   - Version 4.3.17-1
     * Remove python3-simplejson dependency
     * Correctly understand 'ssm' keyword on scap scheduling
     * Add vendor_advisory information to errata_details call (bsc#1205207)
     * Added two missing options to schedule product migration:
       allow-vendor-change and remove-products-without-successor (bsc#1204126)
     * Changed schedule product migration to use the correct API method
     * Change default port of "Containerized Proxy configuration" 8022

   spacewalk-backend:

   - Version 4.3.18-1
     * Add 'octet-stream' to accepted content-types for reposync mirrorlists
     * Exclude invalid mirror urls for reposync (bsc#1203826)
     * Compute headers as list of two-tuples to be used by url grabber
       (bsc#1205523)
     * Updated logrotate configuration (bsc#1206470)
     * Add rhel_9 as Salt-enabled kickstart installation
     * do not fetch mirrorlist when a file url is given

   spacewalk-certs-tools:

   - Version 4.3.17-1
     * Backport SLE Micro bootstrap fixes

   spacewalk-client-tools:

   - Version 4.3.14-1
     * Update translation strings

   spacewalk-java:

   - Version 4.3.46-1
     * action chains: recognize transactional_update.reboot as a reboot action
   - Version 4.3.45-1
     * Improve logs when sls action chain file is missing
   - Version 4.3.44-1
     * Add reboot needed indicator to systems list
     * Fix transaction commit behavior for Spark routes
     * Fix modular channel check during system update via XMLRPC (bsc#1206613)
     * Fix CVE Audit ignoring errata in parent channels if patch in successor
       product exists (bsc#1206168)
     * Fix CVE Audit incorrectly displaying predecessor product (bsc#1205663)
     * Improve automatic dependency selection for vendor clones
     * Optimize the number of salt calls on minion startup (bsc#1203532)
     * Fix name for autoinstall snippets after Cobbler 3.3.3
     * prevent ISE on activation key page when selected base channel value is
       null
     * Trigger a package profile update when a new live-patch is installed
       (bsc#1206249)
     * Fix HTTP API login status code when using wrong credentials
       (bsc#1206666)
     * Configure the reboot action for transactional systems appropriately
     * Fix link to documentation in monitoring page
     * Fix server error in product migration outside maintenance window
       (bsc#1206276)
     * Updated logrotate configuration (bsc#1206470)
     * Only remove product catalog if PAYG ssh credentials are defined
       (bsc#1205943)
     * Source Select2 and jQuery UI from susemanager-frontend-libs
     * Don't use hash in apidoc links
     * Limit changelog data in generated metadata to 20 entries
     * Fix internal server error when transferring system between
       organizations
     * Fix products controller to keep loading mandatory channels even when
       there are broken channels (bsc#1204270)
     * Move web dependencies from susemanager-frontend-libs to spacewalk-web
     * Fix server error while bootstrapping SSH-managed Red Hat-like minion
       (bsc#1205890)
     * send notifications also as email if email notifications are enabled
     * Add subscription warning notification to overview page
     * Fix CLM to not remove necessary packages when filtering erratas
       (bsc#1195979)
     * Add vendor_advisory to errata.getDetails (bsc#1205207)
     * Fix ClassCastException
     * disable cloned vendor channel auto selection by default (bsc#1204186)
     * Add SUSE Liberty Linux support for RHEL9 based clients
     * Removed contents of certificates from the web UI logs (bsc#1204715)
     * Fix kickstart for RHEL 9 to not add install command
     * Remove RHEL kickstart types below 6
     * Don't persist the YAML parser in FormulaFactory (bsc#1205754)
     * format results for package, errata and image build actions in system
       history similar to state apply results
     * check for NULL in DEB package install size value
     * adapt permissions of temporary ssh key directory
     * Fixed traditional stack warning message to be displayed only when the
       system has enterprise entitlement (bsc#1205350)
     * Remove invalid errata selection after patch installation (bsc#1204235)
     * Ignore insert conflicts during reporting database update (bsc#1202150)
     * Allowed cancelling pending actions with a failed prerequisite
       (bsc#1204712)
     * Run only minion actions that are in the pending status (bsc#1205012)
     * Allow usage of one FQDN to deploy containerized proxy in VM (#19586)
     * Migrate formulas with default values to database (bsc#1204932)

   spacewalk-search:

   - Version 4.3.8-1
     * Updated logrotate configuration (bsc#1206470)
     * fix logging configuration of the search daemon (bsc#1206336)

   spacewalk-utils:

   - Version 4.3.16-1
     * spacewalk-hostname-rename changes also report db host(bsc#1200801)
     * Add Uyuni SLE-Micro Client Tools repositories

   spacewalk-web:

   - Version 4.3.27-1
     * Add reboot needed indicator to systems list
     * Fix salt keys page keeps loading when no key exists (bsc#1206799)
     * Fix link to documentation in monitoring page
     * Source Select2 and jQuery UI from susemanager-frontend-libs
     * fix frontend logging in react pages
     * Move web dependencies from susemanager-frontend-libs to spacewalk-web

   supportutils-plugin-susemanager:

   - Version 4.3.6-1
     * update susemanager plugin to export the number of pending salt events

   susemanager:

   - Version 4.3.23-1
     * fix bootstrap repo definition for SUSE Liberty Linux 9 and RHEL9
       (bsc#1207136)
   - Version 4.3.22-1
     * fix tools channel detection on Uyuni

   susemanager-build-keys:

   - Version 15.4.7:
     * add SUSE Liberty v2 key

   susemanager-docs_en:

   - Removed SUSE Linux Enterprise MicroOS technical preview admonitions from
     the Client Configuration Guide
   - Action chains now supported for SUSE Linux Enterprise MicroOS Product
     Migration listed as unsupported for now for SUSE Linux Enterprise MicroOS
   - Remove SUSE Linux Enterprise Micro requirement to preinstall
     salt-transactional package
   - Organized navigation bar in the Installation and Upgrade Guide
   - Fixed SUSE Linux Enterprise Micro channel names in the Client
     Configuration Guide
   - Added SUSE Liberty Linux 9 clients as supported and now use the SUSE
     Liberty Linux name more consistently
   - Containerized proxy now allows usage of single FQDN. Documented in the
     Installation and Upgrade Guide
   - Added information about GPG key usuage in the Debian section of the
     Client Configuration Guide
   - Clarified monitoring components support matrix in the Client
     Configuration Guide
   - Added information on using Hub when managing greater than 10K clients to
     the Hardware Requirements in the Installation and Upgrade Guide
   - Improved Grafana configuration instructions in the Administration Guide
   - Limit the changelog data in generated metadata in Administration Guide.
     The default number of entries is now 20 and it is consistent with the
     number of entries from SUSE Linux Enterprise
   - Warning to emphasize about storage requirements before migration in the
     Installation and Upgrade Guide

   susemanager-schema:

   - Version 4.3.16-1
     * Remove legacy cluster_admin user group
     * add subscription warning info pane
     * Remove data related to RHEL below 6
     * Increase cron_expr varchar length to 120 in suseRecurringAction table
       (bsc#1205040)

   susemanager-sls:

   - Version 4.3.29-1
     * Improve _mgractionchains.conf logs
     * Prevent possible errors from "mgractionschains" module when there is
       no action chain to resume
   - Version 4.3.28-1
     * Move transactional_update.conf to correct location
   - Version 4.3.27-1
     * Do not include pillar_only formulas in highstate
     * Optimize the number of salt calls on minion startup (bsc#1203532)
     * install SUSE Liberty v2 GPG key
     * Bootstrap state now writes salt config in correct overlay on SLE Micro
       (bsc#1206294)
     * Fix reboot info beacon installation
     * Add state to properly configure the reboot action for transactional
       systems
     * Updated logrotate configuration (bsc#1206470)
     * Fix server error while bootstrapping SSH-managed Red Hat-like minion
       (bsc#1205890)
     * Avoid installing recommended packages from assigned products
       (bsc#1204330) with suma_minion salt pillar extension module
       (bsc#1205255)

   susemanager-sync-data:

   - Version 4.3.12-1
     * change OES 2023 URL to https and make the tools channels mandatory
       (bsc#1205644)
     * remove version from product names as they are held separate

   susemanager-tftpsync:

   - Version 4.3.3-1
     * Introduce threadpool for tftpsync to increase performance while
       syncing files to proxies (bsc#1205489)

   uyuni-common-libs:

   - Version 4.3.7-1
     * unify user notification code on java side

   uyuni-setup-reportdb:

   - Version 4.3.6-1
     * Fix password generation in uyuni-setup-reportdb (bsc#1205919)

   virtual-host-gatherer:

   - Version 1.0.24-1
     * Report total memory of a libvirt hypervisor
     * Improve interoperability with other Python projects

   How to apply this update:

   1. Log in as root user to the SUSE Manager Server. 2. Stop the Spacewalk
   service: `spacewalk-service stop` 3. Apply the patch using either zypper
   patch or YaST Online Update. 4. Start the Spacewalk service:
   `spacewalk-service start`


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.3:

      zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-345=1



Package List:

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (ppc64le s390x x86_64):

      inter-server-sync-0.2.6-150400.3.12.3
      inter-server-sync-debuginfo-0.2.6-150400.3.12.3
      python3-uyuni-common-libs-4.3.7-150400.3.9.4
      susemanager-4.3.23-150400.3.16.3
      susemanager-tftpsync-4.3.3-150400.3.6.5
      susemanager-tools-4.3.23-150400.3.16.3

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch):

      cobbler-3.3.3-150400.5.17.3
      drools-7.17.0-150400.3.9.3
      grafana-formula-0.8.0-150400.3.6.3
      image-sync-formula-0.1.1673279145.e7616bd-150400.3.9.3
      mgr-osa-dispatcher-4.3.7-150400.3.3.4
      mgr-push-4.3.5-150400.3.3.5
      python3-mgr-osa-common-4.3.7-150400.3.3.4
      python3-mgr-osa-dispatcher-4.3.7-150400.3.3.4
      python3-mgr-push-4.3.5-150400.3.3.5
      python3-rhnlib-4.3.5-150400.3.3.3
      python3-spacewalk-certs-tools-4.3.17-150400.3.12.4
      python3-spacewalk-client-tools-4.3.14-150400.3.12.5
      saltboot-formula-0.1.1673279145.e7616bd-150400.3.6.3
      spacecmd-4.3.18-150400.3.12.3
      spacewalk-backend-4.3.18-150400.3.12.5
      spacewalk-backend-app-4.3.18-150400.3.12.5
      spacewalk-backend-applet-4.3.18-150400.3.12.5
      spacewalk-backend-config-files-4.3.18-150400.3.12.5
      spacewalk-backend-config-files-common-4.3.18-150400.3.12.5
      spacewalk-backend-config-files-tool-4.3.18-150400.3.12.5
      spacewalk-backend-iss-4.3.18-150400.3.12.5
      spacewalk-backend-iss-export-4.3.18-150400.3.12.5
      spacewalk-backend-package-push-server-4.3.18-150400.3.12.5
      spacewalk-backend-server-4.3.18-150400.3.12.5
      spacewalk-backend-sql-4.3.18-150400.3.12.5
      spacewalk-backend-sql-postgresql-4.3.18-150400.3.12.5
      spacewalk-backend-tools-4.3.18-150400.3.12.5
      spacewalk-backend-xml-export-libs-4.3.18-150400.3.12.5
      spacewalk-backend-xmlrpc-4.3.18-150400.3.12.5
      spacewalk-base-4.3.27-150400.3.12.5
      spacewalk-base-minimal-4.3.27-150400.3.12.5
      spacewalk-base-minimal-config-4.3.27-150400.3.12.5
      spacewalk-certs-tools-4.3.17-150400.3.12.4
      spacewalk-client-tools-4.3.14-150400.3.12.5
      spacewalk-html-4.3.27-150400.3.12.5
      spacewalk-java-4.3.46-150400.3.28.1
      spacewalk-java-config-4.3.46-150400.3.28.1
      spacewalk-java-lib-4.3.46-150400.3.28.1
      spacewalk-java-postgresql-4.3.46-150400.3.28.1
      spacewalk-search-4.3.8-150400.3.9.3
      spacewalk-taskomatic-4.3.46-150400.3.28.1
      spacewalk-utils-4.3.16-150400.3.12.3
      spacewalk-utils-extras-4.3.16-150400.3.12.3
      supportutils-plugin-susemanager-4.3.6-150400.3.6.3
      susemanager-build-keys-15.4.7-150400.3.12.3
      susemanager-build-keys-web-15.4.7-150400.3.12.3
      susemanager-docs_en-4.3-150400.9.19.1
      susemanager-docs_en-pdf-4.3-150400.9.19.1
      susemanager-schema-4.3.16-150400.3.12.4
      susemanager-schema-utility-4.3.16-150400.3.12.4
      susemanager-sls-4.3.29-150400.3.16.1
      susemanager-sync-data-4.3.12-150400.3.11.3
      uyuni-config-modules-4.3.29-150400.3.16.1
      uyuni-setup-reportdb-4.3.6-150400.3.3.4
      virtual-host-gatherer-1.0.24-150400.3.6.3
      virtual-host-gatherer-Kubernetes-1.0.24-150400.3.6.3
      virtual-host-gatherer-Nutanix-1.0.24-150400.3.6.3
      virtual-host-gatherer-VMware-1.0.24-150400.3.6.3
      virtual-host-gatherer-libcloud-1.0.24-150400.3.6.3


References:

   https://www.suse.com/security/cve/CVE-2022-1415.html
   https://bugzilla.suse.com/1172110
   https://bugzilla.suse.com/1195979
   https://bugzilla.suse.com/1200801
   https://bugzilla.suse.com/1202150
   https://bugzilla.suse.com/1203478
   https://bugzilla.suse.com/1203532
   https://bugzilla.suse.com/1203826
   https://bugzilla.suse.com/1204032
   https://bugzilla.suse.com/1204126
   https://bugzilla.suse.com/1204186
   https://bugzilla.suse.com/1204235
   https://bugzilla.suse.com/1204270
   https://bugzilla.suse.com/1204330
   https://bugzilla.suse.com/1204712
   https://bugzilla.suse.com/1204715
   https://bugzilla.suse.com/1204879
   https://bugzilla.suse.com/1204932
   https://bugzilla.suse.com/1205012
   https://bugzilla.suse.com/1205040
   https://bugzilla.suse.com/1205207
   https://bugzilla.suse.com/1205255
   https://bugzilla.suse.com/1205350
   https://bugzilla.suse.com/1205489
   https://bugzilla.suse.com/1205523
   https://bugzilla.suse.com/1205644
   https://bugzilla.suse.com/1205663
   https://bugzilla.suse.com/1205749
   https://bugzilla.suse.com/1205754
   https://bugzilla.suse.com/1205890
   https://bugzilla.suse.com/1205919
   https://bugzilla.suse.com/1205943
   https://bugzilla.suse.com/1206055
   https://bugzilla.suse.com/1206160
   https://bugzilla.suse.com/1206168
   https://bugzilla.suse.com/1206186
   https://bugzilla.suse.com/1206249
   https://bugzilla.suse.com/1206276
   https://bugzilla.suse.com/1206294
   https://bugzilla.suse.com/1206336
   https://bugzilla.suse.com/1206375
   https://bugzilla.suse.com/1206470
   https://bugzilla.suse.com/1206613
   https://bugzilla.suse.com/1206666
   https://bugzilla.suse.com/1206799
   https://bugzilla.suse.com/1207136



More information about the sle-security-updates mailing list