SUSE-SU-2020:2650-1: important: Security update for SUSE Manager Server 4.0

sle-updates at lists.suse.com sle-updates at lists.suse.com
Wed Sep 16 10:30:40 MDT 2020


   SUSE Security Update: Security update for SUSE Manager Server 4.0
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:2650-1
Rating:             important
References:         #1136857 #1165829 #1167907 #1169664 #1170244 
                    #1171281 #1172079 #1172279 #1172504 #1172831 
                    #1173073 #1173535 #1173554 #1173566 #1173584 
                    #1173982 #1173997 #1174201 #1174254 #1174470 
                    #1175224 #1175529 #1175555 #1175556 #1175558 
                    #1175724 #1175791 #1175884 #1175889 
Cross-References:   CVE-2019-14900 CVE-2020-11022 CVE-2020-8028
                   
Affected Products:
                    SUSE Linux Enterprise Module for SUSE Manager Server 4.0
                    SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0
______________________________________________________________________________

   An update that solves three vulnerabilities and has 26
   fixes is now available.

Description:


   This update fixes the following issues:

   hibernate5:

   - Address CVE-2019-14900 (bsc#1172079)

   image-sync-formula:

   - Allow image-sync state on regular minion. Image sync state requires
     branch-network pillars to get the directory where to sync images. Use
     default `/srv/saltboot` if that pillar is missing so image-sync can be
     applied on non branch minions as well.

   openvpn-formula:

   - Add hint that ssl certs must be on system (bsc#1172279)

   prometheus-exporters-formula:

   - Bugfix: Handle exporters proxy for unsupported distros (bsc#1175555)
   - Add support for exporters proxy (exporter_exporter)
   - Update the apache exporter config file for Debian

   salt-netapi-client:

   - Refresh authentication module list to newer Salt versions

   saltboot-formula:

   - Better fix for rounding errors (bsc#1136857)

   spacecmd:

   - Python3 fixes for errata in spacecmd (bsc#1169664)
   - Python3 fix for sorted usage (bsc#1167907)
   - Fix softwarechannel_listlatestpackages throwing error on empty channels
     (bsc#1175889)
   - Fix escaping of package names (bsc#1171281)

   spacewalk-admin:

   - Use the Salt API in authenticated and encrypted form (bsc#1175884,
     CVE-2020-8028)

   spacewalk-certs-tools:

   - Add option --nostricthostkeychecking to spacewalk-ssh-push-init
   - Strip SSL Certificate Common Name after 63 Characters (bsc#1173535)

   spacewalk-java:

   - Use the Salt API in authenticated and encrypted form (bsc#1175884,
     CVE-2020-8028)
   - Fix EntityExistsException on migration from traditional to salt minion
     via proxy (bsc#1175556)
   - Use media.1/products from media when not specified different
     (bsc#1175558)
   - Fix: use quiet API method when using spacewalk-common-channels
     (bsc#1175529)
   - Fix alignment on icon on entitlement page
   - Reset the server path on minion registration (bsc#1174254)
   - Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)
   - Fix error when rolling back a system to a snapshot (bsc#1173997)
   - Avoid deadlock when syncing channels and registering minions at the same
     time (bsc#1173566)
   - Provide comps.xml and modules.yaml when using onlinerepo for kickstart
   - Set CPU and memory info for virtual instances (bsc#1170244)
   - Change system list header text to something better (bsc#1173982)

   spacewalk-setup:

   - Use the Salt API in authenticated and encrypted form (bsc#1175884,
     CVE-2020-8028)

   spacewalk-utils:

   - Avoid exceptions on the logs when looking for channels that do not exist
     (bsc#1175529)

   spacewalk-web:

   - Fix login page after jQuery upgrade (bsc#1175224)
   - Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)
   - Warn when a system is in multiple groups that configure the same formula
     in the system formula's UI (bsc#1173554)

   susemanager:

   - Define bootstrap repo data for SUSE Manager Proxies (bsc#1174470)

   susemanager-frontend-libs:

   - Upgrade jquery to 3.5.1 - CVE-2020-11022 (bsc#1172831)

   susemanager-schema:

   - Prevent a deadlock error involving delete_server and update_needed_cache
     (bsc#1173073)

   susemanager-sls:

   - Fix the dnf plugin to add the token to the HTTP header (bsc#1175724)
   - Fix reporting of missing products in product.all_installed (bsc#1165829)
   - Require PyYAML version >= 5.1
   - Get redhat-release only when it is not a symlink
   - Fix: supply a dnf base when dealing w/repos (bsc#1172504)
   - Fix: autorefresh in repos is zypper-only

   susemanager-sync-data:

   - Remove version from centos and oracle linux identifier (bsc#1173584)

   virtualization-host-formula:

   - Update to version 0.5
     - Ensure kernel-default and libvirt-python3 are installed
     - Set bridge network as default
     - Fix conditionals (bsc#1175791)

   How to apply this update: 1. Log in as root user to the SUSE Manager
   server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the
   patch using either zypper patch or YaST Online Update. 4. Upgrade the
   database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service:
   spacewalk-service start


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.0:

      zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2020-2650=1

   - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0:

      zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.0-2020-2650=1



Package List:

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (ppc64le s390x x86_64):

      openvpn-formula-0.1.1-4.6.2
      susemanager-4.0.28-3.36.3
      susemanager-tools-4.0.28-3.36.3

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch):

      hibernate5-5.3.7-4.3.2
      image-sync-formula-0.1.1595937550.0285244-3.20.2
      prometheus-exporters-formula-0.7.1-3.10.2
      python3-spacewalk-certs-tools-4.0.17-3.21.3
      salt-netapi-client-0.17.0-4.6.3
      saltboot-formula-0.1.1595937550.0285244-3.19.2
      spacecmd-4.0.20-3.19.2
      spacewalk-admin-4.0.11-3.12.1
      spacewalk-base-4.0.23-3.30.3
      spacewalk-base-minimal-4.0.23-3.30.3
      spacewalk-base-minimal-config-4.0.23-3.30.3
      spacewalk-certs-tools-4.0.17-3.21.3
      spacewalk-html-4.0.23-3.30.3
      spacewalk-java-4.0.37-3.39.1
      spacewalk-java-config-4.0.37-3.39.1
      spacewalk-java-lib-4.0.37-3.39.1
      spacewalk-java-postgresql-4.0.37-3.39.1
      spacewalk-setup-4.0.14-3.14.1
      spacewalk-taskomatic-4.0.37-3.39.1
      spacewalk-utils-4.0.18-3.21.3
      susemanager-frontend-libs-4.0.2-4.3.2
      susemanager-schema-4.0.22-3.29.2
      susemanager-sls-4.0.29-3.31.3
      susemanager-sync-data-4.0.18-3.24.2
      susemanager-web-libs-4.0.23-3.30.3
      virtualization-host-formula-0.5-4.12.3

   - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (noarch):

      python3-spacewalk-certs-tools-4.0.17-3.21.3
      spacecmd-4.0.20-3.19.2
      spacewalk-base-minimal-4.0.23-3.30.3
      spacewalk-base-minimal-config-4.0.23-3.30.3
      spacewalk-certs-tools-4.0.17-3.21.3
      spacewalk-proxy-broker-4.0.14-3.10.3
      spacewalk-proxy-common-4.0.14-3.10.3
      spacewalk-proxy-management-4.0.14-3.10.3
      spacewalk-proxy-package-manager-4.0.14-3.10.3
      spacewalk-proxy-redirect-4.0.14-3.10.3
      spacewalk-proxy-salt-4.0.14-3.10.3


References:

   https://www.suse.com/security/cve/CVE-2019-14900.html
   https://www.suse.com/security/cve/CVE-2020-11022.html
   https://www.suse.com/security/cve/CVE-2020-8028.html
   https://bugzilla.suse.com/1136857
   https://bugzilla.suse.com/1165829
   https://bugzilla.suse.com/1167907
   https://bugzilla.suse.com/1169664
   https://bugzilla.suse.com/1170244
   https://bugzilla.suse.com/1171281
   https://bugzilla.suse.com/1172079
   https://bugzilla.suse.com/1172279
   https://bugzilla.suse.com/1172504
   https://bugzilla.suse.com/1172831
   https://bugzilla.suse.com/1173073
   https://bugzilla.suse.com/1173535
   https://bugzilla.suse.com/1173554
   https://bugzilla.suse.com/1173566
   https://bugzilla.suse.com/1173584
   https://bugzilla.suse.com/1173982
   https://bugzilla.suse.com/1173997
   https://bugzilla.suse.com/1174201
   https://bugzilla.suse.com/1174254
   https://bugzilla.suse.com/1174470
   https://bugzilla.suse.com/1175224
   https://bugzilla.suse.com/1175529
   https://bugzilla.suse.com/1175555
   https://bugzilla.suse.com/1175556
   https://bugzilla.suse.com/1175558
   https://bugzilla.suse.com/1175724
   https://bugzilla.suse.com/1175791
   https://bugzilla.suse.com/1175884
   https://bugzilla.suse.com/1175889



More information about the sle-updates mailing list