SUSE-SU-2024:1507-1: moderate: Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server

SLE-SECURITY-UPDATES null at suse.de
Mon May 6 12:31:22 UTC 2024



# Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch
Server

Announcement ID: SUSE-SU-2024:1507-1  
Rating: moderate  
References:

  * bsc#1170848
  * bsc#1208572
  * bsc#1214340
  * bsc#1214387
  * bsc#1216085
  * bsc#1217204
  * bsc#1217874
  * bsc#1218764
  * bsc#1218805
  * bsc#1218931
  * bsc#1218957
  * bsc#1219061
  * bsc#1219233
  * bsc#1219634
  * bsc#1219875
  * bsc#1220101
  * bsc#1220169
  * bsc#1220194
  * bsc#1220221
  * bsc#1220376
  * bsc#1220705
  * bsc#1220726
  * bsc#1220903
  * bsc#1220980
  * bsc#1221111
  * bsc#1221182
  * bsc#1221279
  * bsc#1221465
  * bsc#1221571
  * bsc#1221784
  * bsc#1221922
  * bsc#1222110
  * bsc#1222347
  * jsc#MSQA-760

  
Cross-References:

  * CVE-2023-51775

  
CVSS scores:

  * CVE-2023-51775 ( SUSE ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

  
Affected Products:

  * SUSE Manager Proxy 4.3
  * SUSE Manager Proxy 4.3 Module 4.3
  * SUSE Manager Retail Branch Server 4.3
  * SUSE Manager Server 4.3
  * SUSE Manager Server 4.3 Module 4.3

  
  
An update that solves one vulnerability, contains one feature and has 32
security fixes can now be installed.

## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.3

### Description:

This update fixes the following issues:

mgr-daemon:

  * Version 4.3.9-0
  * Update translation strings

spacecmd:

  * Version 4.3.27-0
  * Update translation strings

spacewalk-backend:

  * Version 4.3.28-0
  * Strip whitespace from .deb package metadata (bsc#1214387)
  * Fix inserting NULL into some columns during ISSv1 sync (bsc#1220980)
  * Add support for package signature type V4 RSA/SHA512 (bsc#1221465)
  * Unquote HTML-encoded credentials before synchronizing repositories
    (bsc#1217204)

spacewalk-certs-tools:

  * Version 4.3.23-0
  * Fix liberty bootstrapping when zypper is installed (bsc#1222347)
  * Apply reboot method changes for transactional systems in the bootstrap
    script

spacewalk-client-tools:

  * Version 4.3.19-0
  * Update translation strings

spacewalk-web:

  * Version 4.3.38-0
  * Upgrade json5 to 2.2.3
  * Upgrade semver to 7.6.0
  * Add one-shot action execution to recurring custom state create/edit
  * Add two filters for rpmlint in package spacewalk-web: explicit-lib-
    dependency and filename-too-long-for-joliet
  * Fix virtual systems filters (bsc#1208572)
  * Improve CLM Create New Filter button
  * Bump the WebUI version to 4.3.12

uyuni-common-libs:

  * Version 4.3.10-0
  * Add support for package signature type V4 RSA/SHA384
  * Add support for package signature type V4 RSA/SHA512 (bsc#1221465)

uyuni-proxy-systemd-services:

  * Version 4.3.12-0
  * Update to SUSE Manager 4.3.12
  * Version 4.3.11-1
  * Update the image version

How to apply this update:

  1. Log in as root user to the SUSE Manager Proxy or Retail Branch Server.
  2. Stop the proxy service: `spacewalk-proxy stop`
  3. Apply the patch using either zypper patch or YaST Online Update.
  4. Start the Spacewalk service: `spacewalk-proxy start`

## Security update for SUSE Manager Server 4.3

### Description:

This update fixes the following issues:

cobbler:

  * Provide option to use pre-built GRUB bootloader
  * Prevent parallel executions of cobbler sync actions (bsc#1218764)

image-sync-formula:

  * Update to version 0.1.1711646883.4a44375
  * Add missing URL tag
  * Update license to SPDX syntax

inter-server-sync:

  * Version 0.3.3-1
  * Correct primary key export for table suseproductsccrepository (bsc#1220169)

jose4j:

  * CVE-2023-51775: Fix denial of service (CPU consumption) via a large p2c (aka
    PBES2 Count) value (bsc#1220726)

smdba:

  * Version 1.7.13
  * postmaster no longer exists from >=16 and it's an alias for postgresql,
    using postgresql command

spacecmd:

  * Version 4.3.27-0
  * Update translation strings

spacewalk-backend:

  * Version 4.3.28-0
  * Strip whitespace from .deb package metadata (bsc#1214387)
  * Fix inserting NULL into some columns during ISSv1 sync (bsc#1220980)
  * Add support for package signature type V4 RSA/SHA512 (bsc#1221465)
  * Unquote HTML-encoded credentials before synchronizing repositories
    (bsc#1217204)

spacewalk-certs-tools:

  * Version 4.3.23-0
  * Fix liberty bootstrapping when zypper is installed (bsc#1222347)
  * Apply reboot method changes for transactional systems in the bootstrap
    script

spacewalk-client-tools:

  * Version 4.3.19-0
  * Update translation strings

spacewalk-config:

  * Version 4.3.13-0
  * Be explicit about default Apache configs being overwritten on updates and
    point to making custom configs. (bsc#1219061)

spacewalk-java:

  * Version 4.3.73-0
  * New API endpoint for getRelevantErrata. It takes multiple servers as
    argument and it returns an array of maps representing the errata that can be
    applied to each system
  * Version 4.3.72-0
  * Use execution module call to detect client instance flavor (PAYG/BYOS) in
    public cloud (bsc#1218805)
  * Update help text for the custom repo filter field (bsc#1217874)
  * Fix issue where Salt cannot access autoinstallation files (bsc#1220221)
  * Fix issue when checking for credential duplication (bsc#1218957)
  * Fix matching epoch while creating Ubuntu erratas
  * When an action that belongs to an action chain is unscheduled, unschedule
    the action chain as well (bsc#1221784)
  * Reschedule failed SSH actions caused by a connection error due to a
    scheduled reboot
  * Fix removal of old IPv6 addresses (bsc#1214340)
  * Do not automatically add child channels outside of selected base channel
    (bsc#1220101)
  * Fix listProxies API call (bsc#1219233)
  * Fix system.provisionSystem when called via HTTP API (bsc#1219875)
  * Remove package sync not available message in Software > Packages > Profile
    since it is no longer available for supported clients (bsc#1221279)
  * Fix login for read-only users when using HTTP API (bsc#1221111)
  * Add one-shot action execution to recurring custom state create/edit
  * Fix a typo in 'Deploy Files' page
  * Drop system password as identifier on SCC system registration (bsc#1219634,
    bsc#1221182)
  * Fix memory size extraction in virtual instances (bsc#1219634)
  * Fix virtual systems filters (bsc#1208572)
  * Update license to include the year 2024
  * Add timeout for SMTP server connection (bsc#1218931)
  * Commit Salt event removal in case of process failure (bsc#1218931)
  * Users with API read only are only allowed to make GET requests
  * Ignore retry suffix when getting recurring action id from schedule name
  * Sort CLM project filters by filter name

spacewalk-web:

  * Version 4.3.38-0
  * Upgrade json5 to 2.2.3
  * Upgrade semver to 7.6.0
  * Add one-shot action execution to recurring custom state create/edit
  * Fix virtual systems filters (bsc#1208572)
  * Improve CLM Create New Filter button
  * Bump the WebUI version to 4.3.12

subscription-matcher:

  * Version 0.37
  * add missing part number (bsc#1221922)
  * Fix penalties logging by initializing the score director consistently
  * Removed wrong apache-commons-lang dependency
  * Version 0.36
  * Fixed Log4j 2 initialization

supportutils-plugin-susemanager:

  * Version 4.3.11-0
  * Add Salt and Reposync connections to minimum required DB connections
    calculation

susemanager:

  * Version 4.3.35-0
  * Add bootstrap repository definition for openSUSE Leap 15.6
  * Add bootstrap repository definition for SUSE Linux Enterprise 15 SP6

susemanager-docs_en:

  * Removed Debian 10 from the list of supported clients
  * Added new workflow describing updating of clients using recurring actions to
    Commown Workflows
  * Added documentation on adding a storage device for VMWare
  * Documented registercloudguest tools for registering public cloud
    installation (BYOS) by adding a reference to the Public Cloud Guide
  * Added information about requirements for the PostgreSQL database to the
    Installation and Upgrade Guide (bsc#1220376)
  * Fixed the instructions for SSL Certificates (bsc#1219061)
  * Remove package sync paragraph in package-management doc since it is not
    available for Salt clients and traditional clients are no longer supported
    (bsc#1221279)
  * Fixed incorrect reference to SUSE Linux Enterprise Server 15 SP5 as base
    product for SUSE Manager 4.3, even in public cloud
  * Updated VM based installation for 4.3 VM image with ignition or cloudinit in
    Installation and Upgrade Guide
  * Added reference from Hub documentation to Inter-Server Synchronization in
    Large Deployment Guide
  * Documented Virtualization Guest and Virtualization Host Formula
  * Reformatted Supported Clients tables in Client Configuration Guide and
    Installation and Upgrade Guide
  * Add documentation about SMTP timeout configuration
  * Documented SSH key rotation in Salt Guide (bsc#1170848)
  * Documented liberate formula in Salt Guide
  * Fixed Prepare on-demand images section in Client Configuration
  * Fixed a changed configuration parameter for salt-ssh
  * Added Pay-as-you-go on the Cloud: FAQ document
  * Updated max-connections tuning recommendation in Large Deployment
  * Added troubleshooting instructions for setting up in public cloud (BYOS) to
    Administration Guide
  * Added section about migrating Enterprise Linux (EL) clients to SUSE Liberty
    Linux to Client Configuration Guide
  * Added detailed information about the messages produced by subscription
    matcher
  * Added Pay-as-you-go as supported service on Azure to the Public Cloud Guide
  * Added and fixed configuration details in Troubleshooting Renaming Server in
    Administration Guide

susemanager-schema:

  * Version 4.3.25-0
  * Add update-salt to internal state table

susemanager-sls:

  * Version 4.3.41-0
  * Use execution module call to detect client instance flavor (PAYG/BYOS) in
    public cloud (bsc#1218805)
  * Do not log dnf needs-restarting output in Salt's log (bsc#1220194)
  * Dynamically load an SELinux policy for "Push via SSH tunnel" for SELinux
    enabled clients. This policy allows communication over a custom SSH port
  * Fix reboot needed detection for SUSE systems
  * Fix SUSE Liberty Linux bootstrapping when Zypper is installed (bsc#1222347)
  * Distinguish between different SUSE versions when detecting if a reboot is
    needed (bsc#1220903, bsc#1221571)
  * Improve updatestack update in uptodate state
  * Add a standalone update-salt state
  * Add pillar check to skip reboot_if_needed state
  * Recognize .tar.xz and .ext4 image files (bsc#1216085)
  * Avoid issues on reactivating traditional clients as Salt managed
  * Fix the case of missing requisites on bootstrap (bsc#1220705)

susemanager-sync-data:

  * Version 4.3.17-0
  * AlmaLinux 9 PowerTools was renamed into CRB (bsc#1222110)

uyuni-common-libs:

  * Version 4.3.10-0
  * Add support for package signature type V4 RSA/SHA384
  * Add support for package signature type V4 RSA/SHA512 (bsc#1221465)

uyuni-reportdb-schema:

  * Version 4.3.10-0
  * Provide reportdb upgrade schema path structure

How to apply this update:

  1. Log in as root user to the SUSE Manager Server.
  2. Stop the Spacewalk service: `spacewalk-service stop`
  3. Apply the patch using either zypper patch or YaST Online Update.
  4. Start the Spacewalk service: `spacewalk-service start`

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Manager Proxy 4.3 Module 4.3  
    zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2024-1507=1

  * SUSE Manager Server 4.3 Module 4.3  
    zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2024-1507=1

## Package List:

  * SUSE Manager Proxy 4.3 Module 4.3 (noarch)
    * spacewalk-base-minimal-4.3.38-150400.3.42.6
    * python3-spacewalk-certs-tools-4.3.23-150400.3.28.5
    * python3-spacewalk-client-setup-4.3.19-150400.3.27.5
    * python3-spacewalk-client-tools-4.3.19-150400.3.27.5
    * mgr-daemon-4.3.9-150400.3.15.5
    * spacewalk-backend-4.3.28-150400.3.41.7
    * spacecmd-4.3.27-150400.3.36.5
    * spacewalk-certs-tools-4.3.23-150400.3.28.5
    * spacewalk-client-setup-4.3.19-150400.3.27.5
    * spacewalk-client-tools-4.3.19-150400.3.27.5
    * python3-spacewalk-check-4.3.19-150400.3.27.5
    * spacewalk-check-4.3.19-150400.3.27.5
    * spacewalk-base-minimal-config-4.3.38-150400.3.42.6
  * SUSE Manager Proxy 4.3 Module 4.3 (x86_64)
    * python3-uyuni-common-libs-4.3.10-150400.3.18.4
  * SUSE Manager Server 4.3 Module 4.3 (noarch)
    * spacewalk-java-lib-4.3.73-150400.3.79.1
    * susemanager-docs_en-4.3-150400.9.56.4
    * spacewalk-backend-package-push-server-4.3.28-150400.3.41.7
    * spacewalk-backend-4.3.28-150400.3.41.7
    * spacewalk-java-4.3.73-150400.3.79.1
    * spacewalk-backend-iss-export-4.3.28-150400.3.41.7
    * spacewalk-backend-xmlrpc-4.3.28-150400.3.41.7
    * spacewalk-base-4.3.38-150400.3.42.6
    * spacewalk-taskomatic-4.3.73-150400.3.79.1
    * spacewalk-backend-sql-4.3.28-150400.3.41.7
    * spacewalk-backend-sql-postgresql-4.3.28-150400.3.41.7
    * python3-spacewalk-certs-tools-4.3.23-150400.3.28.5
    * python3-spacewalk-client-tools-4.3.19-150400.3.27.5
    * susemanager-docs_en-pdf-4.3-150400.9.56.4
    * jose4j-0.5.1-150400.3.9.4
    * spacewalk-backend-config-files-tool-4.3.28-150400.3.41.7
    * spacecmd-4.3.27-150400.3.36.5
    * spacewalk-certs-tools-4.3.23-150400.3.28.5
    * susemanager-schema-4.3.25-150400.3.39.5
    * spacewalk-backend-config-files-common-4.3.28-150400.3.41.7
    * supportutils-plugin-susemanager-4.3.11-150400.3.21.4
    * spacewalk-java-config-4.3.73-150400.3.79.1
    * image-sync-formula-0.1.1711646883.4a44375-150400.3.18.4
    * spacewalk-base-minimal-config-4.3.38-150400.3.42.6
    * spacewalk-java-postgresql-4.3.73-150400.3.79.1
    * subscription-matcher-0.37-150400.3.22.4
    * susemanager-schema-utility-4.3.25-150400.3.39.5
    * uyuni-reportdb-schema-4.3.10-150400.3.15.6
    * spacewalk-backend-xml-export-libs-4.3.28-150400.3.41.7
    * spacewalk-backend-iss-4.3.28-150400.3.41.7
    * susemanager-sync-data-4.3.17-150400.3.25.4
    * cobbler-3.3.3-150400.5.42.5
    * spacewalk-backend-config-files-4.3.28-150400.3.41.7
    * spacewalk-backend-applet-4.3.28-150400.3.41.7
    * spacewalk-base-minimal-4.3.38-150400.3.42.6
    * spacewalk-backend-app-4.3.28-150400.3.41.7
    * uyuni-config-modules-4.3.41-150400.3.47.6
    * susemanager-sls-4.3.41-150400.3.47.6
    * spacewalk-html-4.3.38-150400.3.42.6
    * spacewalk-client-tools-4.3.19-150400.3.27.5
    * spacewalk-backend-tools-4.3.28-150400.3.41.7
    * spacewalk-backend-server-4.3.28-150400.3.41.7
    * spacewalk-config-4.3.13-150400.3.15.5
  * SUSE Manager Server 4.3 Module 4.3 (ppc64le s390x x86_64)
    * smdba-1.7.13-0.150400.4.12.4
    * susemanager-4.3.35-150400.3.48.6
    * inter-server-sync-debuginfo-0.3.3-150400.3.30.4
    * inter-server-sync-0.3.3-150400.3.30.4
    * susemanager-tools-4.3.35-150400.3.48.6
    * python3-uyuni-common-libs-4.3.10-150400.3.18.4

## References:

  * https://www.suse.com/security/cve/CVE-2023-51775.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1170848
  * https://bugzilla.suse.com/show_bug.cgi?id=1208572
  * https://bugzilla.suse.com/show_bug.cgi?id=1214340
  * https://bugzilla.suse.com/show_bug.cgi?id=1214387
  * https://bugzilla.suse.com/show_bug.cgi?id=1216085
  * https://bugzilla.suse.com/show_bug.cgi?id=1217204
  * https://bugzilla.suse.com/show_bug.cgi?id=1217874
  * https://bugzilla.suse.com/show_bug.cgi?id=1218764
  * https://bugzilla.suse.com/show_bug.cgi?id=1218805
  * https://bugzilla.suse.com/show_bug.cgi?id=1218931
  * https://bugzilla.suse.com/show_bug.cgi?id=1218957
  * https://bugzilla.suse.com/show_bug.cgi?id=1219061
  * https://bugzilla.suse.com/show_bug.cgi?id=1219233
  * https://bugzilla.suse.com/show_bug.cgi?id=1219634
  * https://bugzilla.suse.com/show_bug.cgi?id=1219875
  * https://bugzilla.suse.com/show_bug.cgi?id=1220101
  * https://bugzilla.suse.com/show_bug.cgi?id=1220169
  * https://bugzilla.suse.com/show_bug.cgi?id=1220194
  * https://bugzilla.suse.com/show_bug.cgi?id=1220221
  * https://bugzilla.suse.com/show_bug.cgi?id=1220376
  * https://bugzilla.suse.com/show_bug.cgi?id=1220705
  * https://bugzilla.suse.com/show_bug.cgi?id=1220726
  * https://bugzilla.suse.com/show_bug.cgi?id=1220903
  * https://bugzilla.suse.com/show_bug.cgi?id=1220980
  * https://bugzilla.suse.com/show_bug.cgi?id=1221111
  * https://bugzilla.suse.com/show_bug.cgi?id=1221182
  * https://bugzilla.suse.com/show_bug.cgi?id=1221279
  * https://bugzilla.suse.com/show_bug.cgi?id=1221465
  * https://bugzilla.suse.com/show_bug.cgi?id=1221571
  * https://bugzilla.suse.com/show_bug.cgi?id=1221784
  * https://bugzilla.suse.com/show_bug.cgi?id=1221922
  * https://bugzilla.suse.com/show_bug.cgi?id=1222110
  * https://bugzilla.suse.com/show_bug.cgi?id=1222347
  * https://jira.suse.com/browse/MSQA-760

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20240506/703caff9/attachment.htm>


More information about the sle-security-updates mailing list