SUSE-SU-2023:1831-1: important: Maintenance update for SUSE Manager 4.2: Server, Proxy and Retail Branch Server
SLE-SECURITY-UPDATES
null at suse.de
Tue Feb 27 11:10:15 UTC 2024
# Maintenance update for SUSE Manager 4.2: Server, Proxy and Retail Branch
Server
Announcement ID: SUSE-SU-2023:1831-1
Rating: important
References:
* bsc#1179926
* bsc#1197027
* bsc#1206562
* bsc#1206973
* bsc#1207063
* bsc#1207308
* bsc#1207352
* bsc#1207490
* bsc#1207799
* bsc#1207829
* bsc#1207830
* bsc#1207838
* bsc#1207883
* bsc#1208288
* bsc#1208321
* bsc#1208325
* bsc#1208586
* bsc#1208687
* bsc#1208719
* bsc#1208772
* bsc#1208908
* bsc#1209369
* bsc#1209386
* bsc#1209434
* bsc#1209703
* jsc#PED-2777
Cross-References:
* CVE-2020-8908
* CVE-2022-0860
* CVE-2023-22644
CVSS scores:
* CVE-2020-8908 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2020-8908 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2022-0860 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
* CVE-2022-0860 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-22644 ( NVD ): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Affected Products:
* Development Tools Module 15-SP4
* openSUSE Leap 15.4
* SUSE Enterprise Storage 7
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Real Time 15 SP3
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.2
* SUSE Manager Proxy 4.2 Module 4.2
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.2
* SUSE Manager Server 4.2 Module 4.2
* SUSE Manager Server 4.3
An update that solves three vulnerabilities, contains one feature and has 22
security fixes can now be installed.
## Security update for SUSE Manager Server 4.2
### Description:
This update fixes the following issues:
cobbler:
* CVE-2022-0860: Unbreak PAM authentication due to missing encode of user
input in the PAM auth module of Cobbler (bsc#1197027)
* Fix S390X auto-installation for cases where kernel options are longer than
79 characters (bsc#1207308)
* Switch packaging from patch based to Git tree based development
* All patches that are being removed in this revision are contained in the new
Git tree.
guava:
* Upgrade to guava 30.1.1
* CVE-2020-8908: temp directory creation vulnerability in Guava versions prior
to 30.0. (bsc#1179926)
* Remove parent reference from ALL distributed pom files
* Avoid version-less dependencies that can cause problems with some tools
* Build the package with ant in order to prevent build cycles using a
generated and customized ant build system
* Produce with Java >= 9 binaries that are compatible with Java 8
jsr-305:
* Deliver jsr-305 to SUSE Manager as Guava dependency
mgr-libmod:
* Version 4.2.8-1
* Ignore extra metadata fields for Liberty Linux (bsc#1208908)
spacecmd:
* Version 4.2.22-1
* Display activation key details after executing the corresponding command
(bsc#1208719)
* Show targetted packages before actually removing them (bsc#1207830)
* Fix spacecmd not showing any output for softwarechannel_diff and
softwarechannel_errata_diff (bsc#1207352)
spacewalk-backend:
* Version 4.2.27-1
* Fix the mgr-inter-sync not creating valid repository metadata when dealing
with empty channels (bsc#1207829)
* Fix repo sync for cloud "Pay As You Go" connected repositories (bsc#1208772)
* Fix issues with kickstart syncing on mirrorlist repositories
* Do not sync .mirrorlist and other non needed files
* reposync: catch local file not found urlgrabber error properly (bsc#1208288)
spacewalk-client-tools:
* Version 4.2.23-1
* Update translation strings
spacewalk-java:
* Version 4.2.49-1
* Refactor Java notification synchronize to avoid deadlocks (bsc#1209369)
* Version 4.2.48-1
* Prevent logging formula data (bsc#1209386)
* Use gnu-jaf instead of jaf
* Use reload4j instead of log4j or log4j12
* Use slf4j-reload4j
* Save scheduler user when creating Patch actions manually (bsc#1208321)
* Add `mgr_server_is_uyuni` minion pillar item
* Do not execute immediately Package Refresh action for the SSH minion
(bsc#1208325)
* Mark as failed actions that cannot be scheduled because earliest date is too
old
* Update earliest date when rescheduling failed actions (bsc#1206562)
* Fix reconnection of postgres event stream
* fix NumberFormatException when syncing Ubuntu errata (bsc#1207883)
* Fix duplicate keys in image tables (bsc#1207799)
* Fix CLM environments UI for environment labels containing dots (bsc#1207838)
spacewalk-search:
* Version 4.2.10-1
* Use reload4j instead of log4j or log4j12
spacewalk-web:
* Version 4.2.34-1
* Fix datetime picker appearing behind modal edge (bsc#1209703)
* Version 4.2.33-1
* Deprecate jQuery datepicker, integrate React datepicker
* Fix CLM environments UI for environment labels containing dots (bsc#1207838)
subscription-matcher:
* Relax antlr version requirement
supportutils-plugin-susemanager:
* Version 4.2.6-1
* Fix DB connection check tool (bsc#1208586)
susemanager-build-keys:
* Version 15.3.7 (jsc#PED-2777):
* Add new 4096 bit RSA build key gpg-pubkey-3fa1d6ce-63c9481c.asc
* add new 4096 bit RSA reserve build key gpg-pubkey-d588dc46-63c939db.asc
* Add 2022 2048 bit RSA PTF key suse_ptf_key-6F5DA62B.asc
* Add new 4096 bit RSA PTF key suse_ptf_key_2023.asc
susemanager-doc-indexes:
* Removed z196 and z114 from listing in System Z chapter of the Installation
and Upgrade Guide (bsc#1206973)
* Branding updated for 2023
* New search engine optimization improvements for documentation
* Translations are now included in the webui help documentation
* Local search is now provided with the webui help documentation
susemanager-docs_en:
* Removed z196 and z114 from listing in System Z chapter of the Installation
and Upgrade Guide (bsc#1206973)
* Branding updated for 2023
* New search engine optimization improvements for documentation
* Translations are now included in the WebUI help documentation
* Local search is now provided with the WebUI help documentation
susemanager-sls:
* Version 4.2.32-1
* Improve error handling in mgr_events.py (bsc#1208687)
susemanager-tftpsync:
* Version 4.2.4-1
* Fix removal of proxies section in cobbler settings (bsc#1207063)
uyuni-common-libs:
* Version 4.2.10-1
* Allow default component for context manager.
virtual-host-gatherer:
* Version 1.0.25-1
* Report total CPU numbers in the libvirt module
How to apply this update:
1. Log in as root user to the SUSE Manager Server.
2. Stop the Spacewalk service: `spacewalk-service stop`
3. Apply the patch using either zypper patch or YaST Online Update.
4. Start the Spacewalk service: `spacewalk-service start`
## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.2
### Description:
This update fixes the following issues:
mgr-daemon:
* Version 4.2.11-1
* Update translation strings
spacecmd:
* Version 4.2.22-1
* Display activation key details after executing the corresponding command
(bsc#1208719)
* Show targetted packages before actually removing them (bsc#1207830)
* Fix spacecmd not showing any output for softwarechannel_diff and
softwarechannel_errata_diff (bsc#1207352)
spacewalk-backend:
* Version 4.2.27-1
* Fix the mgr-inter-sync not creating valid repository metadata when dealing
with empty channels (bsc#1207829)
* fix repo sync for cloud payg connected repositories (bsc#1208772)
* Fix issues with kickstart syncing on mirrorlist repositories
* Do not sync .mirrorlist and other non needed files
* reposync: catch local file not found urlgrabber error properly (bsc#1208288)
spacewalk-client-tools:
* Version 4.2.23-1
* Update translation strings
spacewalk-proxy:
* Version 4.2.14-1
* Avoid unnecessary debug messages from proxy backend (bsc#1207490)
spacewalk-web:
* Version 4.2.34-1
* Fix datetime picker appearing behind modal edge (bsc#1209703)
* Version 4.2.33-1
* Deprecate jQuery datepicker, integrate React datepicker
* Fix CLM environments UI for environment labels containing dots (bsc#1207838)
susemanager-build-keys:
* Version 15.3.7 (jsc#PED-2777):
* Add new 4096 bit RSA build key gpg-pubkey-3fa1d6ce-63c9481c.asc
* Add new 4096 bit RSA reserve build key gpg-pubkey-d588dc46-63c939db.asc
* Add 2022 2048 bit RSA PTF key suse_ptf_key-6F5DA62B.asc
* Add new 4096 bit RSA PTF key suse_ptf_key_2023.asc
uyuni-common-libs:
* Version 4.2.10-1
* Allow default component for context manager.
How to apply this update:
1. Log in as root user to the SUSE Manager Proxy or Retail Branch Server.
2. Stop the proxy service: `spacewalk-proxy stop`
3. Apply the patch using either zypper patch or YaST Online Update.
4. Start the Spacewalk service: `spacewalk-proxy start`
## Recommended update for jsr-305
### Description:
This update for jsr-305 provides the following fix:
- Ship the correct versions of jsr-305 on SUSE Manager repositories (no source changes).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Manager Proxy 4.2 Module 4.2
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-1831=1
* SUSE Manager Server 4.2 Module 4.2
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-1831=1
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-1831=1
* Development Tools Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-1831=1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1831=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1831=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1831=1
* SUSE Linux Enterprise Real Time 15 SP3
zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1831=1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1831=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1831=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1831=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1831=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-1831=1
* SUSE Enterprise Storage 7
zypper in -t patch SUSE-Storage-7-2023-1831=1
## Package List:
* SUSE Manager Proxy 4.2 Module 4.2 (noarch)
* spacewalk-proxy-salt-4.2.14-150300.3.27.6
* python3-spacewalk-client-tools-4.2.23-150300.4.33.7
* spacewalk-client-setup-4.2.23-150300.4.33.7
* spacewalk-base-minimal-4.2.34-150300.3.41.5
* python3-spacewalk-client-setup-4.2.23-150300.4.33.7
* susemanager-build-keys-15.3.6-150300.3.9.5
* spacewalk-client-tools-4.2.23-150300.4.33.7
* spacewalk-proxy-management-4.2.14-150300.3.27.6
* spacecmd-4.2.22-150300.4.36.7
* mgr-daemon-4.2.11-150300.2.12.5
* spacewalk-proxy-redirect-4.2.14-150300.3.27.6
* spacewalk-check-4.2.23-150300.4.33.7
* spacewalk-base-minimal-config-4.2.34-150300.3.41.5
* spacewalk-proxy-package-manager-4.2.14-150300.3.27.6
* susemanager-build-keys-web-15.3.6-150300.3.9.5
* spacewalk-proxy-common-4.2.14-150300.3.27.6
* python3-spacewalk-check-4.2.23-150300.4.33.7
* spacewalk-proxy-broker-4.2.14-150300.3.27.6
* spacewalk-backend-4.2.27-150300.4.38.7
* SUSE Manager Proxy 4.2 Module 4.2 (x86_64)
* python3-uyuni-common-libs-4.2.10-150300.3.17.6
* SUSE Manager Server 4.2 Module 4.2 (noarch)
* guava-30.1.1-150300.4.3.4
* virtual-host-gatherer-libcloud-1.0.25-150300.3.12.5
* virtual-host-gatherer-VMware-1.0.25-150300.3.12.5
* spacewalk-backend-package-push-server-4.2.27-150300.4.38.7
* spacewalk-backend-xmlrpc-4.2.27-150300.4.38.7
* spacewalk-java-lib-4.2.49-150300.3.63.3
* spacewalk-backend-app-4.2.27-150300.4.38.7
* spacewalk-java-4.2.49-150300.3.63.3
* spacewalk-base-minimal-config-4.2.34-150300.3.41.5
* susemanager-sls-4.2.32-150300.3.46.5
* susemanager-docs_en-pdf-4.2-150300.12.42.5
* susemanager-doc-indexes-4.2-150300.12.42.6
* subscription-matcher-0.29-150300.6.15.5
* virtual-host-gatherer-Nutanix-1.0.25-150300.3.12.5
* spacewalk-backend-4.2.27-150300.4.38.7
* spacewalk-search-4.2.10-150300.3.18.6
* spacewalk-base-minimal-4.2.34-150300.3.41.5
* spacewalk-backend-sql-postgresql-4.2.27-150300.4.38.7
* mgr-libmod-4.2.8-150300.3.9.6
* spacewalk-backend-iss-export-4.2.27-150300.4.38.7
* susemanager-docs_en-4.2-150300.12.42.5
* supportutils-plugin-susemanager-4.2.6-150300.3.12.5
* spacewalk-backend-applet-4.2.27-150300.4.38.7
* spacewalk-backend-config-files-common-4.2.27-150300.4.38.7
* spacewalk-html-4.2.34-150300.3.41.5
* spacewalk-backend-server-4.2.27-150300.4.38.7
* spacewalk-backend-config-files-tool-4.2.27-150300.4.38.7
* spacewalk-backend-config-files-4.2.27-150300.4.38.7
* cobbler-3.1.2-150300.5.22.5
* spacewalk-base-4.2.34-150300.3.41.5
* spacewalk-backend-xml-export-libs-4.2.27-150300.4.38.7
* virtual-host-gatherer-1.0.25-150300.3.12.5
* spacewalk-backend-iss-4.2.27-150300.4.38.7
* spacecmd-4.2.22-150300.4.36.7
* spacewalk-backend-tools-4.2.27-150300.4.38.7
* virtual-host-gatherer-Kubernetes-1.0.25-150300.3.12.5
* susemanager-build-keys-15.3.6-150300.3.9.5
* spacewalk-java-postgresql-4.2.49-150300.3.63.3
* jsr-305-3.0.2-150200.3.7.5
* python3-spacewalk-client-tools-4.2.23-150300.4.33.7
* uyuni-config-modules-4.2.32-150300.3.46.5
* spacewalk-client-tools-4.2.23-150300.4.33.7
* spacewalk-backend-sql-4.2.27-150300.4.38.7
* susemanager-build-keys-web-15.3.6-150300.3.9.5
* spacewalk-java-config-4.2.49-150300.3.63.3
* spacewalk-taskomatic-4.2.49-150300.3.63.3
* SUSE Manager Server 4.2 Module 4.2 (ppc64le s390x x86_64)
* susemanager-tftpsync-4.2.4-150300.3.6.6
* python3-uyuni-common-libs-4.2.10-150300.3.17.6
* openSUSE Leap 15.4 (noarch)
* jsr-305-3.0.2-150200.3.7.5
* jsr-305-javadoc-3.0.2-150200.3.7.5
* Development Tools Module 15-SP4 (noarch)
* jsr-305-3.0.2-150200.3.7.5
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
* jsr-305-3.0.2-150200.3.7.5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch)
* jsr-305-3.0.2-150200.3.7.5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* jsr-305-3.0.2-150200.3.7.5
* SUSE Linux Enterprise Real Time 15 SP3 (noarch)
* jsr-305-3.0.2-150200.3.7.5
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
* jsr-305-3.0.2-150200.3.7.5
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
* jsr-305-3.0.2-150200.3.7.5
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
* jsr-305-3.0.2-150200.3.7.5
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* jsr-305-3.0.2-150200.3.7.5
* SUSE Enterprise Storage 7.1 (noarch)
* jsr-305-3.0.2-150200.3.7.5
* SUSE Enterprise Storage 7 (noarch)
* jsr-305-3.0.2-150200.3.7.5
## References:
* https://www.suse.com/security/cve/CVE-2020-8908.html
* https://www.suse.com/security/cve/CVE-2022-0860.html
* https://www.suse.com/security/cve/CVE-2023-22644.html
* https://bugzilla.suse.com/show_bug.cgi?id=1179926
* https://bugzilla.suse.com/show_bug.cgi?id=1197027
* https://bugzilla.suse.com/show_bug.cgi?id=1206562
* https://bugzilla.suse.com/show_bug.cgi?id=1206973
* https://bugzilla.suse.com/show_bug.cgi?id=1207063
* https://bugzilla.suse.com/show_bug.cgi?id=1207308
* https://bugzilla.suse.com/show_bug.cgi?id=1207352
* https://bugzilla.suse.com/show_bug.cgi?id=1207490
* https://bugzilla.suse.com/show_bug.cgi?id=1207799
* https://bugzilla.suse.com/show_bug.cgi?id=1207829
* https://bugzilla.suse.com/show_bug.cgi?id=1207830
* https://bugzilla.suse.com/show_bug.cgi?id=1207838
* https://bugzilla.suse.com/show_bug.cgi?id=1207883
* https://bugzilla.suse.com/show_bug.cgi?id=1208288
* https://bugzilla.suse.com/show_bug.cgi?id=1208321
* https://bugzilla.suse.com/show_bug.cgi?id=1208325
* https://bugzilla.suse.com/show_bug.cgi?id=1208586
* https://bugzilla.suse.com/show_bug.cgi?id=1208687
* https://bugzilla.suse.com/show_bug.cgi?id=1208719
* https://bugzilla.suse.com/show_bug.cgi?id=1208772
* https://bugzilla.suse.com/show_bug.cgi?id=1208908
* https://bugzilla.suse.com/show_bug.cgi?id=1209369
* https://bugzilla.suse.com/show_bug.cgi?id=1209386
* https://bugzilla.suse.com/show_bug.cgi?id=1209434
* https://bugzilla.suse.com/show_bug.cgi?id=1209703
* https://jira.suse.com/browse/PED-2777
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20240227/4c25c725/attachment.htm>
More information about the sle-security-updates
mailing list