<div class="container">
<h1>Maintenance update for SUSE Manager 4.2: Server, Proxy and Retail Branch Server</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2023:3474-1</td>
</tr>
<tr>
<th>Rating:</th>
<td>important</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1175823">bsc#1175823</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1208528">bsc#1208528</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1208577">bsc#1208577</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1209156">bsc#1209156</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1210103">bsc#1210103</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1210994">bsc#1210994</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1211100">bsc#1211100</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1211469">bsc#1211469</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1211650">bsc#1211650</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1211884">bsc#1211884</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212032">bsc#1212032</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212106">bsc#1212106</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212416">bsc#1212416</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212507">bsc#1212507</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212589">bsc#1212589</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212700">bsc#1212700</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212943">bsc#1212943</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1213880">bsc#1213880</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214187">bsc#1214187</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214333">bsc#1214333</a>
</li>
<li style="display: inline;">
<a href="https://jira.suse.com/browse/MSQA-698">jsc#MSQA-698</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-29409.html">CVE-2023-29409</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-29409</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-29409</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.3</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Manager Proxy 4.2</li>
<li class="list-group-item">SUSE Manager Proxy 4.2 Module 4.2</li>
<li class="list-group-item">SUSE Manager Retail Branch Server 4.2</li>
<li class="list-group-item">SUSE Manager Server 4.2</li>
<li class="list-group-item">SUSE Manager Server 4.2 Module 4.2</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves one vulnerability, contains one feature and has 19 security fixes can now be installed.</p>
<h2>Recommended update for SUSE Manager Proxy and Retail Branch Server 4.2</h2>
<h3>Description:</h3>
<p>This update fixes the following issues:</p>
<p>spacecmd:</p>
<ul>
<li>Version 4.2.24-1</li>
<li>Update translations</li>
</ul>
<p>spacewalk-backend:</p>
<ul>
<li>Version 4.2.29-1</li>
<li>Use a constant to get the product name in python code rather than reading rhn.conf (bsc#1212943)</li>
<li>Only show missing /root/.curlrc error with log_level = 5 (bsc#1212507)</li>
</ul>
<p>spacewalk-web:</p>
<ul>
<li>Version 4.2.36-1</li>
<li>Update translations</li>
<li>Fix VHM CPU and RAM display when 0 (bsc#1175823)</li>
<li>Fix parsing error when showing notification message details (bsc#1211469)</li>
</ul>
<p>How to apply this update:</p>
<ol>
<li>Log in as root user to the SUSE Manager Proxy or Retail Branch Server.</li>
<li>Stop the proxy service:
<code>spacewalk-proxy stop</code></li>
<li>Apply the patch using either zypper patch or YaST Online Update.</li>
<li>Start the Spacewalk service:
<code>spacewalk-proxy start</code></li>
</ol>
<h2>Recommended update for SUSE Manager Server 4.2</h2>
<h3>Description:</h3>
<p>This update fixes the following issues:</p>
<p>hub-xmlrpc-api:</p>
<ul>
<li>Security fix:</li>
<li>CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server
while validating signatures for extremely large RSA keys. (bsc#1213880)<ul>
<li>There are no direct source changes. The CVE on hub-xmlrpc-api is fixed rebuilding the sources with the patched Go
version.</li>
</ul>
</li>
</ul>
<p>spacecmd:</p>
<ul>
<li>Version 4.2.24-1</li>
<li>Update translations</li>
</ul>
<p>spacewalk-backend:</p>
<ul>
<li>Version 4.2.29-1</li>
<li>Use a constant to get the product name in python code rather than reading rhn.conf (bsc#1212943)</li>
<li>Only show missing /root/.curlrc error with log_level = 5 (bsc#1212507)</li>
</ul>
<p>spacewalk-java:</p>
<ul>
<li>Version 4.2.55-1</li>
<li>Set swap memory value if available</li>
<li>Set primary FQDN to hostname if none is set (bsc#1209156, bsc#1214333)</li>
<li>Version 4.2.54-1</li>
<li>Consider venv-salt-minion package update as a Salt update to prevent backtraces on
upgrading salt with itself (bsc#1211884)</li>
<li>Version 4.2.53-1</li>
<li>Fix "more then one method candidate found" for API function (bsc#1211100)</li>
<li>Fixed a bug that caused the tab Autoinstallation to hide when clicking on Power
Management Management/Operations on SSM -> Provisioning</li>
<li>Update copyright year (bsc#1212106)</li>
<li>Disable jinja processing for the roster file (bsc#1211650)</li>
<li>Version 4.2.52-1</li>
<li>Update jetty-util to version 9.4.51</li>
<li>Version 4.2.51-1</li>
<li>Update version of Tomcat build dependencies</li>
</ul>
<p>spacewalk-reports:</p>
<ul>
<li>Version 4.2.8-1</li>
<li>Drop Python2 compatibility (bsc#1212589)</li>
</ul>
<p>spacewalk-setup:</p>
<ul>
<li>Version 4.2.13-1</li>
<li>Drop usage of salt.ext.six in embedded_diskspace_check</li>
</ul>
<p>spacewalk-utils:</p>
<ul>
<li>Version 4.2.20-1</li>
<li>Drop Python2 compatibility</li>
</ul>
<p>spacewalk-web:</p>
<ul>
<li>Version 4.2.36-1</li>
<li>Update translation</li>
<li>Fix VHM CPU and RAM display when 0 (bsc#1175823)</li>
<li>Fix parsing error when showing notification message details (bsc#1211469)</li>
</ul>
<p>susemanager:</p>
<ul>
<li>Version 4.2.44-1</li>
<li>Require LTSS channels for SUSE Linux Enterprise 15 SP1/SP2/SP3 and SUSE Manager Proxy 4.2 (bsc#1214187) </li>
<li>Version 4.2.43-1</li>
<li>Add missing Salt 3006.0 dependencies to bootstrap repo definitions (bsc#1212700)</li>
<li>Make mgr-salt-ssh to properly fix HOME environment to avoid issues with gitfs (bsc#1210994)</li>
</ul>
<p>susemanager-doc-indexes:</p>
<ul>
<li>Typo correction for Cobbler buildiso command in Client Configuration Guide</li>
<li>Replaced plain text with dedicated attribute for AutoYaST</li>
<li>Added a note about Oracle Unbreakable Linux Network mirroring requirements in
Client Configuration Guide (bsc#1212032)</li>
<li>Added SUSE Linux Enterprise 15 SP5 and openSUSE Leap 15.5
as supported clients in the Client Configuration Guide</li>
<li>Fixed missing tables of content in the Reference Guide (bsc#1208577)</li>
<li>Fixed instruction for Single sign-on implementation example in the Administration Guide (bsc#1210103)</li>
<li>Removed reference to non-exitent files in Reference Guide (bsc#1208528)</li>
</ul>
<p>susemanager-docs_en:</p>
<ul>
<li>Typo correction for Cobbler buildiso command in Client Configuration Guide</li>
<li>Replaced plain text with dedicated attribute for AutoYaST</li>
<li>Added a note about Oracle Unbreakable Linux Network mirroring
requirements in Client Configuration Guide (bsc#1212032)</li>
<li>Added SUSE Linux Enterprise 15 SP5 and openSUSE Leap 15.5
as supported clients in the Client Configuration Guide</li>
<li>Fixed missing tables of content in the Reference Guide (bsc#1208577)</li>
<li>Fixed instruction for Single sign-on implementation example in the Administration Guide (bsc#1210103)</li>
<li>Removed reference to non-exitent files in Reference Guide (bsc#1208528)</li>
</ul>
<p>susemanager-schema:</p>
<ul>
<li>Version 4.2.29-1</li>
<li>Add schema directory for susemanager-schema-4.2.29</li>
</ul>
<p>susemanager-sls:</p>
<ul>
<li>Version 4.2.35-1</li>
<li>Do not disable salt-minion on salt-ssh managed clients</li>
<li>Use venv-salt-minion instead of salt for docker states (bsc#1212416)</li>
</ul>
<p>How to apply this update:</p>
<ol>
<li>Log in as root user to the SUSE Manager Server.</li>
<li>Stop the Spacewalk service:
<code>spacewalk-service stop</code></li>
<li>Apply the patch using either zypper patch or YaST Online Update.</li>
<li>Start the Spacewalk service:
<code>spacewalk-service start</code></li>
</ol>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Manager Proxy 4.2 Module 4.2
<br/>
<code>zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-3474=1</code>
</li>
<li class="list-group-item">
SUSE Manager Server 4.2 Module 4.2
<br/>
<code>zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-3474=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Manager Proxy 4.2 Module 4.2 (noarch)
<ul>
<li>spacewalk-backend-4.2.29-150300.4.44.5</li>
<li>spacewalk-base-minimal-config-4.2.36-150300.3.47.5</li>
<li>spacecmd-4.2.24-150300.4.42.3</li>
<li>spacewalk-base-minimal-4.2.36-150300.3.47.5</li>
</ul>
</li>
<li>
SUSE Manager Server 4.2 Module 4.2 (ppc64le s390x x86_64)
<ul>
<li>inter-server-sync-debuginfo-0.3.0-150300.8.36.1</li>
<li>susemanager-4.2.44-150300.3.59.1</li>
<li>hub-xmlrpc-api-0.7-150300.3.14.2</li>
<li>inter-server-sync-0.3.0-150300.8.36.1</li>
<li>susemanager-tools-4.2.44-150300.3.59.1</li>
</ul>
</li>
<li>
SUSE Manager Server 4.2 Module 4.2 (noarch)
<ul>
<li>spacewalk-java-lib-4.2.55-150300.3.73.2</li>
<li>spacewalk-backend-package-push-server-4.2.29-150300.4.44.5</li>
<li>spacewalk-backend-xml-export-libs-4.2.29-150300.4.44.5</li>
<li>spacewalk-base-minimal-4.2.36-150300.3.47.5</li>
<li>spacewalk-utils-extras-4.2.20-150300.3.27.3</li>
<li>spacewalk-setup-4.2.13-150300.3.21.3</li>
<li>spacewalk-backend-iss-4.2.29-150300.4.44.5</li>
<li>spacewalk-backend-xmlrpc-4.2.29-150300.4.44.5</li>
<li>spacewalk-html-4.2.36-150300.3.47.5</li>
<li>spacewalk-java-4.2.55-150300.3.73.2</li>
<li>susemanager-doc-indexes-4.2-150300.12.48.5</li>
<li>spacewalk-utils-4.2.20-150300.3.27.3</li>
<li>spacewalk-backend-4.2.29-150300.4.44.5</li>
<li>spacewalk-base-4.2.36-150300.3.47.5</li>
<li>spacewalk-backend-tools-4.2.29-150300.4.44.5</li>
<li>spacewalk-backend-sql-postgresql-4.2.29-150300.4.44.5</li>
<li>susemanager-sls-4.2.35-150300.3.54.3</li>
<li>spacecmd-4.2.24-150300.4.42.3</li>
<li>spacewalk-java-config-4.2.55-150300.3.73.2</li>
<li>susemanager-schema-4.2.29-150300.3.41.5</li>
<li>spacewalk-backend-server-4.2.29-150300.4.44.5</li>
<li>spacewalk-base-minimal-config-4.2.36-150300.3.47.5</li>
<li>spacewalk-backend-sql-4.2.29-150300.4.44.5</li>
<li>spacewalk-backend-applet-4.2.29-150300.4.44.5</li>
<li>spacewalk-backend-config-files-4.2.29-150300.4.44.5</li>
<li>susemanager-docs_en-pdf-4.2-150300.12.48.3</li>
<li>susemanager-docs_en-4.2-150300.12.48.3</li>
<li>spacewalk-java-postgresql-4.2.55-150300.3.73.2</li>
<li>spacewalk-backend-config-files-tool-4.2.29-150300.4.44.5</li>
<li>spacewalk-backend-app-4.2.29-150300.4.44.5</li>
<li>spacewalk-reports-4.2.8-150300.3.12.3</li>
<li>spacewalk-backend-iss-export-4.2.29-150300.4.44.5</li>
<li>uyuni-config-modules-4.2.35-150300.3.54.3</li>
<li>spacewalk-taskomatic-4.2.55-150300.3.73.2</li>
<li>spacewalk-backend-config-files-common-4.2.29-150300.4.44.5</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-29409.html">https://www.suse.com/security/cve/CVE-2023-29409.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1175823">https://bugzilla.suse.com/show_bug.cgi?id=1175823</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1208528">https://bugzilla.suse.com/show_bug.cgi?id=1208528</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1208577">https://bugzilla.suse.com/show_bug.cgi?id=1208577</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1209156">https://bugzilla.suse.com/show_bug.cgi?id=1209156</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1210103">https://bugzilla.suse.com/show_bug.cgi?id=1210103</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1210994">https://bugzilla.suse.com/show_bug.cgi?id=1210994</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1211100">https://bugzilla.suse.com/show_bug.cgi?id=1211100</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1211469">https://bugzilla.suse.com/show_bug.cgi?id=1211469</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1211650">https://bugzilla.suse.com/show_bug.cgi?id=1211650</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1211884">https://bugzilla.suse.com/show_bug.cgi?id=1211884</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212032">https://bugzilla.suse.com/show_bug.cgi?id=1212032</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212106">https://bugzilla.suse.com/show_bug.cgi?id=1212106</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212416">https://bugzilla.suse.com/show_bug.cgi?id=1212416</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212507">https://bugzilla.suse.com/show_bug.cgi?id=1212507</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212589">https://bugzilla.suse.com/show_bug.cgi?id=1212589</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212700">https://bugzilla.suse.com/show_bug.cgi?id=1212700</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212943">https://bugzilla.suse.com/show_bug.cgi?id=1212943</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1213880">https://bugzilla.suse.com/show_bug.cgi?id=1213880</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214187">https://bugzilla.suse.com/show_bug.cgi?id=1214187</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214333">https://bugzilla.suse.com/show_bug.cgi?id=1214333</a>
</li>
<li>
<a href="https://jira.suse.com/browse/MSQA-698">https://jira.suse.com/browse/MSQA-698</a>
</li>
</ul>
</div>