SUSE-SU-2018:4011-1: moderate: Security update for SUSE Manager Server 3.2

Fri Dec 7 10:09:03 MST 2018

   SUSE Security Update: Security update for SUSE Manager Server 3.2
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:4011-1
Rating:             moderate
References:         #1041999 #1080474 #1083094 #1104487 #1105359 
                    #1105724 #1106430 #1106626 #1107869 #1109235 
                    #1110361 #1110625 #1111247 #1111249 #1111387 
                    #1111497 #1111542 #1111810 #1111966 #1112163 
                    #1112445 #1112754 #1113557 #1113747 #1114181 
                    #1114362 #1114814 #1114991 #1115449 #1116517 

Cross-References:   CVE-2018-11761
Affected Products:
                    SUSE Manager Server 3.2
                    SUSE Manager Proxy 3.2
______________________________________________________________________________

   An update that solves one vulnerability and has 29 fixes is
   now available.

Description:

   This update fixes the following issues:

   apache-mybatis:

   - Install missing LICENSE.txt file (bsc#1114814)

   cobbler:

   - Fix service restart after logrotate for cobblerd (bsc#1113747)
   - Rotate cobbler logs at higher frequency to prevent disk fillup
     (bsc#1113747)

   hadoop:

   - Install missing LICENSE.txt file (bsc#1114814)

   image-sync-formula:

   - Handle empty images pillar (bsc#1105359)

   lucene:

   - Install missing LICENSE.txt file (bsc#1114814)

   nekohtml:

   - Install missing LICENSE.txt file (bsc#1114814)

   nutch-core:

   - Install missing LICENSE.txt file (bsc#1114814)
   - Add conditional requirement for java 1.8
   - Use java >= 1.8 - required by tika 0.19.1 to /var/log/nutch (bsc#1107869)
   - Add new tarball file for v1.0.1
   - Bump up version to 1.0.1 and fix paths
   - Adjustments after upgrade of tika-core to v1.19

   picocontainer:

   - Install missing LICENSE.txt file (bsc#1114814)

   python-susemanager-retail:

   - Improve error reporting on duplicate systems
   - Output partition size as int (bsc#1116517)
   - Start partition numbers from 1
   - Warn on long group names
   - Improved logging support
   - Add retail_yaml --only-new option
   - Print import summary (bsc#1112754)
   - Add retail_migration tool
   - Check for duplicate addresses in yaml (bsc#1111497)

   salt-netapi-client:

   - Version 0.15.0 See:
     https://github.com/SUSE/salt-netapi-client/releases/tag/v0.15.0

   saltboot-formula:

   - Send pxe_update by external command to make sure it is finished
     (bsc#1111387)
   - Better error message on missing partitioning pillar (bsc#1110625)

   spacecmd:

   - Show group id on group_details (bsc#1111542)
   - State channels handling: Existing commands configchannel_create and
     configchannel_import were updated while
     system_scheduleapplyconfigchannels and configchannel_updateinitsls were
     added.

   spacewalk-branding:

   - Automatic cleanup of notification messages after a configurable lifetime
   - ActivationKey base and child channel in a reactjs component
   - New messages are added for XMLRPC API for state channels

   spacewalk-config:

   - Add permissions for tomcat & apache to check bootstrap ssh file
     (bsc#1114181)

   spacewalk-java:

   - Improve return value and errors thrown for system.createEmptyProfile
     XMLRPC endpoint
   - Fix scheduling jobs to prevent forever pending events (bsc#1114991)
   - Performance improvements for group listings and detail page (bsc#1111810)
   - Fix wrong counts of systems currency reports when a system belongs to
     more than one group (bsc#1114362)
   - Add check if ssh-file permissions are correct (bsc#1114181)
   - Increase maximum number of threads and open files for taskomatic
     (bsc#1111966)
   - When removing cobbler system record, lookup by mac address as well if
     lookup by id fails(bsc#1110361)
   - Allow listing empty system profiles via XMLRPC
   - Automatic cleanup of notification messages after a configurable lifetime
   - Different methods have been refactored in tomcat/taskomatic for better
     performance(bsc#1106430)
   - Do not try cleanup when deleting empty system profiles (bsc#1111247)
   - Better error handling when a websocket connection is aborted
     (bsc#1080474)
   - Change Requires to allow installing with both Tomcat 8 (SLE-12SP3) and 9
     (SLE12-SP4)
   - ActivationKey base and child channel in a reactjs component
   - Fix typo in messages (bsc#1111249)
   - Cleanup formula data and assignment when migrating formulas or when
     removing system
   - Remove restrictions on SUSE Manager Channel subscriptions (bsc#1105724)
   - Added shortcut for editing Software Channel
   - Fix permissions check on formula list api call (bsc#1106626)
   - Add sp migration dry runs to the daily status report (bsc#1083094)

   spacewalk-search:

   - Fix nutch-core path (bsc#1112445)

   spacewalk-setup:

   - Increase maximum number of threads and open files for taskomatic
     (bsc#1111966)

   spacewalk-utils:

   - Fix typo at --phases option help

   spacewalk-web:

   - Make datetimepicker update displayed time (bsc#1041999)
   - Show human-readable system cleanup error messages
   - ActivationKey base and child channel in a reactjs component
   - Fix typo in messages (bsc#1111249)

   susemanager:

   - Add new option --with-parent-channel to mgr-create-bootrap-repo to
     specify parent channel to use if multiple options are available
     (bsc#1104487)

   susemanager-docs_en:

   - Update text and image files.
   - Add information about SLE12 SP4 as base OS for Server and Proxy

   susemanager-frontend-libs:

   - Fix package version (bsc#1115449)

   susemanager-schema:

   - Automatic cleanup of notification messages after a configurable lifetime
   - Add missing minion-action-chain-cleanup to db init scripts

   susemanager-sls:

   - Deploy SSL certificate during onboarding of openSUSE Leap 15.0
     (bsc#1112163)

   susemanager-sync-data:

   - SUSE OpenStack Cloud 9 enablement (bsc#1113557)
   - Add SUSE Manager 3.1 and 3.2 to SLES12 SP4

   tika-core:

   - Fix improper XML parsing to prevent DoS attacks (CVE-2018-11761)
     (bsc#1109235)
   - Install missing LICENSE.txt file (bsc#1114814)
   - New upstream version (0.19.1)

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Manager Server 3.2:

      zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2018-2869=1

   - SUSE Manager Proxy 3.2:

      zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2018-2869=1

Package List:

   - SUSE Manager Server 3.2 (ppc64le s390x x86_64):

      spacewalk-branding-2.8.5.12-3.10.4
      susemanager-3.2.14-3.13.3
      susemanager-tools-3.2.14-3.13.3

   - SUSE Manager Server 3.2 (noarch):

      apache-mybatis-3.2.3-3.3.3
      cobbler-2.6.6-6.10.3
      hadoop-0.18.1-3.3.3
      image-sync-formula-0.1.1542287363.b8aa274-3.6.3
      lucene-2.4.1-4.3.3
      nekohtml-1.9.21-3.3.3
      nutch-core-1.0.1-7.10.3
      picocontainer-1.3.7-3.3.3
      python-susemanager-retail-1.0.1542643545.8752d17-2.6.3
      salt-netapi-client-0.15.0-4.3.3
      saltboot-formula-0.1.1542287363.b8aa274-3.6.3
      spacecmd-2.8.25.7-3.9.3
      spacewalk-base-2.8.7.11-3.13.3
      spacewalk-base-minimal-2.8.7.11-3.13.3
      spacewalk-base-minimal-config-2.8.7.11-3.13.3
      spacewalk-config-2.8.5.5-3.10.3
      spacewalk-html-2.8.7.11-3.13.3
      spacewalk-java-2.8.78.13-3.13.1
      spacewalk-java-config-2.8.78.13-3.13.1
      spacewalk-java-lib-2.8.78.13-3.13.1
      spacewalk-java-oracle-2.8.78.13-3.13.1
      spacewalk-java-postgresql-2.8.78.13-3.13.1
      spacewalk-search-2.8.3.7-3.12.3
      spacewalk-setup-2.8.7.5-3.10.3
      spacewalk-taskomatic-2.8.78.13-3.13.1
      spacewalk-utils-2.8.18.3-3.3.3
      susemanager-advanced-topics_en-pdf-3.2-11.12.3
      susemanager-best-practices_en-pdf-3.2-11.12.3
      susemanager-docs_en-3.2-11.12.3
      susemanager-frontend-libs-3.2.4-3.7.3
      susemanager-getting-started_en-pdf-3.2-11.12.3
      susemanager-jsp_en-3.2-11.12.3
      susemanager-reference_en-pdf-3.2-11.12.3
      susemanager-retail-tools-1.0.1542643545.8752d17-2.6.3
      susemanager-schema-3.2.15-3.13.3
      susemanager-sls-3.2.18-3.13.3
      susemanager-sync-data-3.2.10-3.9.3
      tika-core-1.19.1-3.3.3

   - SUSE Manager Proxy 3.2 (noarch):

      spacewalk-base-minimal-2.8.7.11-3.13.3
      spacewalk-base-minimal-config-2.8.7.11-3.13.3

References:

   https://www.suse.com/security/cve/CVE-2018-11761.html
   https://bugzilla.suse.com/1041999
   https://bugzilla.suse.com/1080474
   https://bugzilla.suse.com/1083094
   https://bugzilla.suse.com/1104487
   https://bugzilla.suse.com/1105359
   https://bugzilla.suse.com/1105724
   https://bugzilla.suse.com/1106430
   https://bugzilla.suse.com/1106626
   https://bugzilla.suse.com/1107869
   https://bugzilla.suse.com/1109235
   https://bugzilla.suse.com/1110361
   https://bugzilla.suse.com/1110625
   https://bugzilla.suse.com/1111247
   https://bugzilla.suse.com/1111249
   https://bugzilla.suse.com/1111387
   https://bugzilla.suse.com/1111497
   https://bugzilla.suse.com/1111542
   https://bugzilla.suse.com/1111810
   https://bugzilla.suse.com/1111966
   https://bugzilla.suse.com/1112163
   https://bugzilla.suse.com/1112445
   https://bugzilla.suse.com/1112754
   https://bugzilla.suse.com/1113557
   https://bugzilla.suse.com/1113747
   https://bugzilla.suse.com/1114181
   https://bugzilla.suse.com/1114362
   https://bugzilla.suse.com/1114814
   https://bugzilla.suse.com/1114991
   https://bugzilla.suse.com/1115449
   https://bugzilla.suse.com/1116517