SUSE-SU-2021:3561-1: moderate: Security update for SUSE Manager Server 4.2
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Wed Oct 27 19:34:25 UTC 2021
SUSE Security Update: Security update for SUSE Manager Server 4.2
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:3561-1
Rating: moderate
References: #1171520 #1181223 #1187572 #1187998 #1188315
#1188977 #1189260 #1189422 #1189609 #1189799
#1189818 #1189933 #1190040 #1190123 #1190151
#1190164 #1190166 #1190265 #1190275 #1190276
#1190300 #1190396 #1190405 #1190455 #1190512
#1190602 #1190751 #1190820 #1191123 #1191139
#1191348 #1191551 #1191898 PM-2644 SUMA-61
Cross-References: CVE-2021-21996 CVE-2021-40348
CVSS scores:
CVE-2021-21996 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CVE-2021-40348 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Server 4.2
______________________________________________________________________________
An update that solves two vulnerabilities, contains two
features and has 31 fixes is now available.
Description:
This update fixes the following issues:
cobbler:
- Fixed modify_setting test to complete successfully
hub-xmlrpc-api:
- Use rpm systemd macro to restart service in replace of systemctl
patterns-suse-manager:
- Virtualization-host-formula was renamed to virtualization-formulas
py26-compat-salt:
- Exclude the full path of a download URL to prevent injection of
malicious code (bsc#1190265, CVE-2021-21996)
py26-compat-tornado:
- Added compatibility to Enterprise Linux 8
py27-compat-salt:
- Fix the regression of docker_container state module
- Support querying for JSON data in external sql pillar
- Exclude the full path of a download URL to prevent injection of
malicious code (bsc#1190265, CVE-2021-21996)
- Fix wrong relative paths resolution with Jinja renderer when importing
subdirectories
spacecmd:
- Version 4.2.13-1
* Update translation strings
* configchannel_updatefile handles directory properly (bsc#1190512)
* Add schedule_archivecompleted to mass archive actions (bsc#1181223)
* Remove whoami from the list of unauthenticated commands (bsc#1188977)
spacewalk-admin:
- Version 4.2.9-1
* Fix setup with rhn-config-satellite (bsc#1190300)
* Allow admins to modify only spacewalk config files with
rhn-config-satellite.pl (bsc#1190040) (CVE-2021-40348)
spacewalk-backend:
- Version 4.2.17-1
* Update translations strings
* handle download of metadata filesnames with checksums (bsc#1188315)
* Sanitize cached filename for custom SSL certs used by reposync
(bsc#1190751)
spacewalk-certs-tools:
- Version 4.2.13-1
* add GPG keys using apt-key on debian machines (bsc#1187998)
spacewalk-client-tools:
- Version 4.2.14-1
* Update translation strings
spacewalk-java:
- Version 4.2.30-1
* Fix datetime format parsing with moment (bsc#1191348)
- Version 4.2.29-1
* Update translation strings
* fix logging of the spark framework and map requests to media.1
directory in the download controller (bsc#1189933)
* Add 'Last build date' column to CLM project list (jsc#PM-2644)
(jsc#SUMA-61)
* Improve exception handling and logging for mgr-libmod calls
* Add checksums to repository metadata filenames (bsc#1188315)
* Fix ISE in product migration if base product is missing (bsc#1190151)
* use TLSv1.3 if it is a supported Protocol
* Adapt auto errata update to respect maintenance windows
* Adapt auto errata update to skip during CLM build (bsc#1189609)
* add CentOS 7/8 aarch64
* add Oracle Linux 7/8 aarch64
* add Rocky Linux 8 aarch64
* add AlmaLinux 8 aarch64
* add Amazon Linux 2 aarch64
* Add new endpoints to saltkeys API: acceptedList, pendingList,
rejectedList, deniedList, accept and reject
* fix ISE in SSM when scheduling patches on multiple systems
(bsc#1190396, bsc#1190275)
* Add 'Flush cache' option to Ansible playbook execution (bsc#1190405)
* Update kernel live patch version on minion startup (bsc#1190276)
* Allow getting all completed actions via XMLRPC without display limit
(bsc#1181223)
* Support syncing patches with advisory status 'pending' (bsc#1190455)
* Add XMLRPC API to force refreshing pillar data (bsc#1190123)
* Add missing string on XCCDF scan results (bsc#1190164)
* Ignore duplicates in 'pkg.installed' result when applying patches
(bsc#1187572)
* Improved timezone support
* implement package locking for salt minions
spacewalk-utils:
- Version 4.2.14-1
* When renaming: don't regenerate CA, allow using third-party
certificate and trigger pillar refresh (bsc#1190123)
spacewalk-web:
- Version 4.2.23-1
* Fix datetime format parsing with moment (bsc#1191348)
- Version 4.2.22-1
* Add 'Last build date' column to CLM project list (jsc#PM-2644)
(jsc#SUMA-61)
* Fix 'Type' input in CLM source edit form (bsc#1190820)
* Add 'Flush cache' checkbox to Ansible playbook execution page
(bsc#1190405)
* Fix the VM creation and editing submit button action (bsc#1190602)
* Improved timezone support
* Enhance the default base channel help message (bsc#1171520)
subscription-matcher:
- Version 0.27
* update subscription rules for new SKUs (bsc#1189818)
supportutils-plugin-susemanager:
- Version 4.2.3-1
* detect broken symlinks in tomcat, taskomatic and search daemon
susemanager:
- Version 4.2.25-1
* Add python-mako, python-gnupg and gnupg1 to the Debian 9 bootstrap
repository so bootstrapping without any enabled repositories is
possible (bsc#1191898)
* Fix syntax error on migration script (bsc#1191551)
* Add aarch64 bootstrap repositories for CentOS 7/8, Oracle Linux 7/8,
Rocky Linux8, AlmaLinux8, Amazon Linux 2 and openSUSE Leap 15.3
* Add the gnupg package for ubuntu which is then needed by apt-key
(bsc#1187998)
* Add SLE 15 SAP Product ID to SLE15 bootstrap repositories, as it is
required to get python3-M2Crypto (bsc#1189422)
susemanager-doc-indexes:
- Added aarch64 support for selection of clients in the Installation Guide
and Client Configuration Guide
- Documented Amazon Web Services permissions for Virtual Host Manager in
the Virtual Host Manager and Amazon Web Service chapters in the Client
Configuration Guide
- Fixed unpublished patches note in the server update chapter of the
Upgrade Guide
- Updated Proxy installation screenshots to reflect SUSE Manager 4.2
version in the Installation Guide
- Updated migration instructions to help avoid migration from Proxy 4.0 to
4.1 if 4.2 is already available to the Upgrade Guide
- Fixed mgr-cfg-* issues in appendix of the Reference Guide. Run the
commands on the client (bsc#1190166)
- Removed Portus and CaaSP references from the image management chapter
of the Administration Guide
- Documented package lock as a supported feature for some Salt clients in
the Client Configuration Guide.
susemanager-docs_en:
- Added aarch64 support for selection of clients in the Installation Guide
and Client Configuration Guide
- Documented Amazon Web Services permissions for Virtual Host Manager in
the Virtual Host Manager and Amazon Web Service chapters in the Client
Configuration Guide
- Fixed unpublished patches note in the server update chapter of the
Upgrade Guide
- Updated Proxy installation screenshots to reflect SUSE Manager 4.2
version in the Installation Guide
- Updated migration instructions to help avoid migration from Proxy 4.0 to
4.1 if 4.2 is already available to the Upgrade Guide
- Fixed mgr-cfg-* issues in appendix of the Reference Guide. Run the
commands on the client (bsc#1190166)
- Removed Portus and CaaSP references from the image management chapter
of the Administration Guide
- Documented package lock as a supported feature for some Salt clients in
the Client Configuration Guide.
susemanager-schema:
- Version 4.2.18-1
* create unique index on package details action id (bsc#1190396,
bsc#1190275)
* Add 'flush_cache' flag to Ansible playbook execution action
(bsc#1190405)
* Support syncing patches with advisory status 'pending' (bsc#1190455)
* allow Ansible Control Node entitlement for aarch64, ppc64le and s390x
(bsc#1189799)
* implement package locking for salt minions
susemanager-sls:
- Version 4.2.18-1
* Fix cpuinfo grain and virt_utils state python2 compatibility
(bsc#1191139, bsc#1191123)
* deploy certificate on SLE Micro 5.1
* Realign pkgset cookie path for Salt Bundle changes
* Fix pkgset beacon to work with salt-minion 2016.11.10 (bsc#1189260)
* Fix virt grain python2 compatibility
* Fix mgrcompat state module to work with Salt 3003 and 3004
* Add 'flush_cache' flag to 'ansible.playbooks' call (bsc#1190405)
* Update kernel live patch version on minion startup (bsc#1190276)
* don't use libvirt API to get its version for the virt features grain
* implement package locking for salt minions
susemanager-sync-data:
- Version 4.2.9-1
* add CentOS 7/8 aarch64
* add Oracle Linux 7/8 aarch64
* add Rocky Linux 8 aarch64
* add AlmaLinux 8 aarch64
* add Amazon Linux 2 aarch64
How to apply this update: 1. Log in as root user to the SUSE Manager
server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply
the patch using either zypper patch or YaST Online Update. 4. Start the
Spacewalk service: `spacewalk-service start`
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2021-3561=1
Package List:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (ppc64le s390x x86_64):
hub-xmlrpc-api-0.7-3.3.3
hub-xmlrpc-api-debuginfo-0.7-3.3.3
inter-server-sync-0.0.5-8.6.3
inter-server-sync-debuginfo-0.0.5-8.6.3
patterns-suma_retail-4.2-4.3.1
patterns-suma_server-4.2-4.3.1
py26-compat-tornado-4.2.1-3.3.1
py26-compat-tornado-debuginfo-4.2.1-3.3.1
py26-compat-tornado-debugsource-4.2.1-3.3.1
susemanager-4.2.25-3.13.1
susemanager-tools-4.2.25-3.13.1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch):
cobbler-3.1.2-5.11.1
py26-compat-salt-2016.11.10-11.28.9.1
py27-compat-salt-3000.3-7.7.11.1
python3-spacewalk-certs-tools-4.2.13-3.9.2
python3-spacewalk-client-tools-4.2.14-4.9.3
spacecmd-4.2.13-4.9.1
spacewalk-admin-4.2.9-3.6.2
spacewalk-backend-4.2.17-4.9.3
spacewalk-backend-app-4.2.17-4.9.3
spacewalk-backend-applet-4.2.17-4.9.3
spacewalk-backend-config-files-4.2.17-4.9.3
spacewalk-backend-config-files-common-4.2.17-4.9.3
spacewalk-backend-config-files-tool-4.2.17-4.9.3
spacewalk-backend-iss-4.2.17-4.9.3
spacewalk-backend-iss-export-4.2.17-4.9.3
spacewalk-backend-package-push-server-4.2.17-4.9.3
spacewalk-backend-server-4.2.17-4.9.3
spacewalk-backend-sql-4.2.17-4.9.3
spacewalk-backend-sql-postgresql-4.2.17-4.9.3
spacewalk-backend-tools-4.2.17-4.9.3
spacewalk-backend-xml-export-libs-4.2.17-4.9.3
spacewalk-backend-xmlrpc-4.2.17-4.9.3
spacewalk-base-4.2.23-3.9.3
spacewalk-base-minimal-4.2.23-3.9.3
spacewalk-base-minimal-config-4.2.23-3.9.3
spacewalk-certs-tools-4.2.13-3.9.2
spacewalk-client-tools-4.2.14-4.9.3
spacewalk-html-4.2.23-3.9.3
spacewalk-java-4.2.30-3.14.4
spacewalk-java-config-4.2.30-3.14.4
spacewalk-java-lib-4.2.30-3.14.4
spacewalk-java-postgresql-4.2.30-3.14.4
spacewalk-taskomatic-4.2.30-3.14.4
spacewalk-utils-4.2.14-3.9.3
spacewalk-utils-extras-4.2.14-3.9.3
subscription-matcher-0.27-6.3.1
supportutils-plugin-susemanager-4.2.3-3.3.2
susemanager-doc-indexes-4.2-12.11.3
susemanager-docs_en-4.2-12.11.1
susemanager-docs_en-pdf-4.2-12.11.1
susemanager-schema-4.2.18-3.9.3
susemanager-sls-4.2.18-3.11.1
susemanager-sync-data-4.2.9-3.9.1
susemanager-web-libs-4.2.23-3.9.3
uyuni-config-modules-4.2.18-3.11.1
virtualization-formulas-0.6.1-8.3.1
References:
https://www.suse.com/security/cve/CVE-2021-21996.html
https://www.suse.com/security/cve/CVE-2021-40348.html
https://bugzilla.suse.com/1171520
https://bugzilla.suse.com/1181223
https://bugzilla.suse.com/1187572
https://bugzilla.suse.com/1187998
https://bugzilla.suse.com/1188315
https://bugzilla.suse.com/1188977
https://bugzilla.suse.com/1189260
https://bugzilla.suse.com/1189422
https://bugzilla.suse.com/1189609
https://bugzilla.suse.com/1189799
https://bugzilla.suse.com/1189818
https://bugzilla.suse.com/1189933
https://bugzilla.suse.com/1190040
https://bugzilla.suse.com/1190123
https://bugzilla.suse.com/1190151
https://bugzilla.suse.com/1190164
https://bugzilla.suse.com/1190166
https://bugzilla.suse.com/1190265
https://bugzilla.suse.com/1190275
https://bugzilla.suse.com/1190276
https://bugzilla.suse.com/1190300
https://bugzilla.suse.com/1190396
https://bugzilla.suse.com/1190405
https://bugzilla.suse.com/1190455
https://bugzilla.suse.com/1190512
https://bugzilla.suse.com/1190602
https://bugzilla.suse.com/1190751
https://bugzilla.suse.com/1190820
https://bugzilla.suse.com/1191123
https://bugzilla.suse.com/1191139
https://bugzilla.suse.com/1191348
https://bugzilla.suse.com/1191551
https://bugzilla.suse.com/1191898
More information about the sle-updates
mailing list