SUSE-SU-2023:3474-1: important: Maintenance update for SUSE Manager 4.2: Server, Proxy and Retail Branch Server
SLE-SECURITY-UPDATES
null at suse.de
Tue Feb 27 12:30:25 UTC 2024
# Maintenance update for SUSE Manager 4.2: Server, Proxy and Retail Branch
Server
Announcement ID: SUSE-SU-2023:3474-1
Rating: important
References:
* bsc#1175823
* bsc#1208528
* bsc#1208577
* bsc#1209156
* bsc#1210103
* bsc#1210994
* bsc#1211100
* bsc#1211469
* bsc#1211650
* bsc#1211884
* bsc#1212032
* bsc#1212106
* bsc#1212416
* bsc#1212507
* bsc#1212589
* bsc#1212700
* bsc#1212943
* bsc#1213880
* bsc#1214187
* bsc#1214333
* jsc#MSQA-698
Cross-References:
* CVE-2023-29409
CVSS scores:
* CVE-2023-29409 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-29409 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:
* SUSE Manager Proxy 4.2
* SUSE Manager Proxy 4.2 Module 4.2
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Server 4.2
* SUSE Manager Server 4.2 Module 4.2
An update that solves one vulnerability, contains one feature and has 19
security fixes can now be installed.
## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.2
### Description:
This update fixes the following issues:
spacecmd:
* Version 4.2.24-1
* Update translations
spacewalk-backend:
* Version 4.2.29-1
* Use a constant to get the product name in python code rather than reading
rhn.conf (bsc#1212943)
* Only show missing /root/.curlrc error with log_level = 5 (bsc#1212507)
spacewalk-web:
* Version 4.2.36-1
* Update translations
* Fix VHM CPU and RAM display when 0 (bsc#1175823)
* Fix parsing error when showing notification message details (bsc#1211469)
How to apply this update:
1. Log in as root user to the SUSE Manager Proxy or Retail Branch Server.
2. Stop the proxy service: `spacewalk-proxy stop`
3. Apply the patch using either zypper patch or YaST Online Update.
4. Start the Spacewalk service: `spacewalk-proxy start`
## Recommended update for SUSE Manager Server 4.2
### Description:
This update fixes the following issues:
hub-xmlrpc-api:
* Security fix:
* CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to
8192 bits to avoid DoSing client/server while validating signatures for
extremely large RSA keys. (bsc#1213880)
* There are no direct source changes. The CVE on hub-xmlrpc-api is fixed rebuilding the sources with the patched Go version.
spacecmd:
* Version 4.2.24-1
* Update translations
spacewalk-backend:
* Version 4.2.29-1
* Use a constant to get the product name in python code rather than reading
rhn.conf (bsc#1212943)
* Only show missing /root/.curlrc error with log_level = 5 (bsc#1212507)
spacewalk-java:
* Version 4.2.55-1
* Set swap memory value if available
* Set primary FQDN to hostname if none is set (bsc#1209156, bsc#1214333)
* Version 4.2.54-1
* Consider venv-salt-minion package update as a Salt update to prevent
backtraces on upgrading salt with itself (bsc#1211884)
* Version 4.2.53-1
* Fix "more then one method candidate found" for API function (bsc#1211100)
* Fixed a bug that caused the tab Autoinstallation to hide when clicking on
Power Management Management/Operations on SSM -> Provisioning
* Update copyright year (bsc#1212106)
* Disable jinja processing for the roster file (bsc#1211650)
* Version 4.2.52-1
* Update jetty-util to version 9.4.51
* Version 4.2.51-1
* Update version of Tomcat build dependencies
spacewalk-reports:
* Version 4.2.8-1
* Drop Python2 compatibility (bsc#1212589)
spacewalk-setup:
* Version 4.2.13-1
* Drop usage of salt.ext.six in embedded_diskspace_check
spacewalk-utils:
* Version 4.2.20-1
* Drop Python2 compatibility
spacewalk-web:
* Version 4.2.36-1
* Update translation
* Fix VHM CPU and RAM display when 0 (bsc#1175823)
* Fix parsing error when showing notification message details (bsc#1211469)
susemanager:
* Version 4.2.44-1
* Require LTSS channels for SUSE Linux Enterprise 15 SP1/SP2/SP3 and SUSE
Manager Proxy 4.2 (bsc#1214187)
* Version 4.2.43-1
* Add missing Salt 3006.0 dependencies to bootstrap repo definitions
(bsc#1212700)
* Make mgr-salt-ssh to properly fix HOME environment to avoid issues with
gitfs (bsc#1210994)
susemanager-doc-indexes:
* Typo correction for Cobbler buildiso command in Client Configuration Guide
* Replaced plain text with dedicated attribute for AutoYaST
* Added a note about Oracle Unbreakable Linux Network mirroring requirements
in Client Configuration Guide (bsc#1212032)
* Added SUSE Linux Enterprise 15 SP5 and openSUSE Leap 15.5 as supported
clients in the Client Configuration Guide
* Fixed missing tables of content in the Reference Guide (bsc#1208577)
* Fixed instruction for Single sign-on implementation example in the
Administration Guide (bsc#1210103)
* Removed reference to non-exitent files in Reference Guide (bsc#1208528)
susemanager-docs_en:
* Typo correction for Cobbler buildiso command in Client Configuration Guide
* Replaced plain text with dedicated attribute for AutoYaST
* Added a note about Oracle Unbreakable Linux Network mirroring requirements
in Client Configuration Guide (bsc#1212032)
* Added SUSE Linux Enterprise 15 SP5 and openSUSE Leap 15.5 as supported
clients in the Client Configuration Guide
* Fixed missing tables of content in the Reference Guide (bsc#1208577)
* Fixed instruction for Single sign-on implementation example in the
Administration Guide (bsc#1210103)
* Removed reference to non-exitent files in Reference Guide (bsc#1208528)
susemanager-schema:
* Version 4.2.29-1
* Add schema directory for susemanager-schema-4.2.29
susemanager-sls:
* Version 4.2.35-1
* Do not disable salt-minion on salt-ssh managed clients
* Use venv-salt-minion instead of salt for docker states (bsc#1212416)
How to apply this update:
1. Log in as root user to the SUSE Manager Server.
2. Stop the Spacewalk service: `spacewalk-service stop`
3. Apply the patch using either zypper patch or YaST Online Update.
4. Start the Spacewalk service: `spacewalk-service start`
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Manager Proxy 4.2 Module 4.2
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-3474=1
* SUSE Manager Server 4.2 Module 4.2
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-3474=1
## Package List:
* SUSE Manager Proxy 4.2 Module 4.2 (noarch)
* spacewalk-backend-4.2.29-150300.4.44.5
* spacewalk-base-minimal-config-4.2.36-150300.3.47.5
* spacecmd-4.2.24-150300.4.42.3
* spacewalk-base-minimal-4.2.36-150300.3.47.5
* SUSE Manager Server 4.2 Module 4.2 (ppc64le s390x x86_64)
* inter-server-sync-debuginfo-0.3.0-150300.8.36.1
* susemanager-4.2.44-150300.3.59.1
* hub-xmlrpc-api-0.7-150300.3.14.2
* inter-server-sync-0.3.0-150300.8.36.1
* susemanager-tools-4.2.44-150300.3.59.1
* SUSE Manager Server 4.2 Module 4.2 (noarch)
* spacewalk-java-lib-4.2.55-150300.3.73.2
* spacewalk-backend-package-push-server-4.2.29-150300.4.44.5
* spacewalk-backend-xml-export-libs-4.2.29-150300.4.44.5
* spacewalk-base-minimal-4.2.36-150300.3.47.5
* spacewalk-utils-extras-4.2.20-150300.3.27.3
* spacewalk-setup-4.2.13-150300.3.21.3
* spacewalk-backend-iss-4.2.29-150300.4.44.5
* spacewalk-backend-xmlrpc-4.2.29-150300.4.44.5
* spacewalk-html-4.2.36-150300.3.47.5
* spacewalk-java-4.2.55-150300.3.73.2
* susemanager-doc-indexes-4.2-150300.12.48.5
* spacewalk-utils-4.2.20-150300.3.27.3
* spacewalk-backend-4.2.29-150300.4.44.5
* spacewalk-base-4.2.36-150300.3.47.5
* spacewalk-backend-tools-4.2.29-150300.4.44.5
* spacewalk-backend-sql-postgresql-4.2.29-150300.4.44.5
* susemanager-sls-4.2.35-150300.3.54.3
* spacecmd-4.2.24-150300.4.42.3
* spacewalk-java-config-4.2.55-150300.3.73.2
* susemanager-schema-4.2.29-150300.3.41.5
* spacewalk-backend-server-4.2.29-150300.4.44.5
* spacewalk-base-minimal-config-4.2.36-150300.3.47.5
* spacewalk-backend-sql-4.2.29-150300.4.44.5
* spacewalk-backend-applet-4.2.29-150300.4.44.5
* spacewalk-backend-config-files-4.2.29-150300.4.44.5
* susemanager-docs_en-pdf-4.2-150300.12.48.3
* susemanager-docs_en-4.2-150300.12.48.3
* spacewalk-java-postgresql-4.2.55-150300.3.73.2
* spacewalk-backend-config-files-tool-4.2.29-150300.4.44.5
* spacewalk-backend-app-4.2.29-150300.4.44.5
* spacewalk-reports-4.2.8-150300.3.12.3
* spacewalk-backend-iss-export-4.2.29-150300.4.44.5
* uyuni-config-modules-4.2.35-150300.3.54.3
* spacewalk-taskomatic-4.2.55-150300.3.73.2
* spacewalk-backend-config-files-common-4.2.29-150300.4.44.5
## References:
* https://www.suse.com/security/cve/CVE-2023-29409.html
* https://bugzilla.suse.com/show_bug.cgi?id=1175823
* https://bugzilla.suse.com/show_bug.cgi?id=1208528
* https://bugzilla.suse.com/show_bug.cgi?id=1208577
* https://bugzilla.suse.com/show_bug.cgi?id=1209156
* https://bugzilla.suse.com/show_bug.cgi?id=1210103
* https://bugzilla.suse.com/show_bug.cgi?id=1210994
* https://bugzilla.suse.com/show_bug.cgi?id=1211100
* https://bugzilla.suse.com/show_bug.cgi?id=1211469
* https://bugzilla.suse.com/show_bug.cgi?id=1211650
* https://bugzilla.suse.com/show_bug.cgi?id=1211884
* https://bugzilla.suse.com/show_bug.cgi?id=1212032
* https://bugzilla.suse.com/show_bug.cgi?id=1212106
* https://bugzilla.suse.com/show_bug.cgi?id=1212416
* https://bugzilla.suse.com/show_bug.cgi?id=1212507
* https://bugzilla.suse.com/show_bug.cgi?id=1212589
* https://bugzilla.suse.com/show_bug.cgi?id=1212700
* https://bugzilla.suse.com/show_bug.cgi?id=1212943
* https://bugzilla.suse.com/show_bug.cgi?id=1213880
* https://bugzilla.suse.com/show_bug.cgi?id=1214187
* https://bugzilla.suse.com/show_bug.cgi?id=1214333
* https://jira.suse.com/browse/MSQA-698
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20240227/4ce6816c/attachment.htm>
More information about the sle-security-updates
mailing list