SUSE-SU-2022:2144-1: important: Security update for SUSE Manager Server 4.2
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Tue Jun 21 10:26:51 UTC 2022
SUSE Security Update: Security update for SUSE Manager Server 4.2
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2144-1
Rating: important
References: #1187333 #1191143 #1192550 #1193707 #1194594
#1195710 #1196702 #1197400 #1197438 #1197449
#1197488 #1197591 #1197689 #1198221 #1199089
#1199142 #1199149 #1199512 #1199629 #1200212
#1200606
Cross-References: CVE-2021-44906 CVE-2022-21952 CVE-2022-31248
CVSS scores:
CVE-2021-44906 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-44906 (SUSE): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE-2022-31248 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2
SUSE Linux Enterprise Module for SUSE Manager Server 4.2
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
______________________________________________________________________________
An update that solves three vulnerabilities and has 18
fixes is now available.
Description:
This update fixes the following issues:
inter-server-sync:
- version 0.2.2
* Parameter --channel-with-children didn't export data (bsc#1199089)
* Clean rhnchannelcloned table to rebuild hierarchy (bsc#1197400)
- Version 0.2.1
* Correct sequence in use for table rhnpackagekey(bsc#1197400)
* Make Docker image export compatible with Suse Manager 4.2
- Version 0.2.0
* Allow images export and import (os based and Docker)
prometheus-formula:
- Version 0.6.2
* Allow prometheus-formula only for SUSE systems (bsc#1199149)
salt-netapi-client:
- Improve the hotfix for bsc#1192550 (bsc#1197449):
smdba:
- Don't package egg-info file for Enterprise Linux.
spacecmd:
- Version 4.2.17-1
* parse boolean paramaters correctly (bsc#1197689)
spacewalk-backend:
- version 4.2.22-1
* Do not raise error on file:// based DEB repo when looking for
alternative Release files (bsc#1199142)
- Version 4.2.21-1
* Improve parsing deb packages dependencies (bsc#1194594)
spacewalk-certs-tools:
- Version 4.2.16-1
* Add Salt Bundle support to bootstrap script generator
spacewalk-java:
- version 4.2.38-1
* Remove unused gson-extras.jar during build
- version 4.2.37-1
* CVE-2022-31248: User enumeration via weak error message. (bsc#1199629)
- version 4.2.36-1
* CVE-2022-21952: Unauthenticated remote Denial of Service via resource
exhaustion. (bsc#1199512)
- Version 4.2.35-1
* faster display installable packages list (bsc#1187333)
* Pass ssh_salt_pre_flight_script and ssh_use_salt_thin parameters to
the generated roster files to enable optional Salt Bundle support with
Salt SSH
* Fix reboot time on salt-ssh client(bsc#1197591)
* detect free products in Alpha and Beta stage and prevent checks
on openSUSE products (bsc#1197488)
* Allow monitoring entitlement for debian 11 and 10
* Hide private methods in XMLRPC handlers
* Warning log when hardware refresh result is not serializable
* Optimize adding new products function (bsc#1193707)
spacewalk-utils:
- Version 4.2.16-1
* Add Debian 11 repositories
spacewalk-web:
- Version 4.2.27-1
* increase web page default timeout (bsc#1187333)
* Add ssh_salt_pre_flight_script and ssh_use_salt_thin parameters to
default rhn_web.conf
* Upgrade minimist to fix CVE-2021-44906
* susemanager-nodejs-sdk-devel is now provided by spacewalk-web
* Resolve race conditions in CLM (bsc#1195710)
susemanager:
- version 4.2.32-1
* Add python3-contextvars and python3-immutables to missing bootstrap
repos (bsc#1200606)
- version 4.2.31-1
* Add python3-gnupg to bootstrap repo definition for Ubuntu 20.04
(bsc#1200212)
- version 4.2.30-1
* Fix a syntax problem at the bootstrap repository definitions
- Version 4.2.29-1
* Add Salt Bundle support to mgr-create-bootstrap-repo
* Enable bootstrapping for Debian 11
* fix SLE15 bootstrap repo definition (bsc#1197438)
* Add SLES15SP4 and SUMA Proxy 4.3 to bootstrap repo definitions
(bsc#1196702)
* Add missing dependencies for Salt 3004 into bootstrap repository for
SLE15 family (bsc#1198221)
susemanager-doc-indexes:
- Updated Salt version for Server and Proxy to 3004
- Added details to Client Configuration Guide on using Salt Bundle as
optional
- Updated saltversion attribute from 3002 to 3004
- In the Administration Guide, documented that monitoring tools are
available in SUSE Linux Enterprise 12 and 15 and openSUSE Leap 15, but
Grafana is not available on Proxy (bsc#1191143)
- Documented Autoyast installation features in Autoyast section of the
Client Configuration Guide
- In Client Configuration Guide document Debian 11 as a supported OS as a
client
- In Client Configuration Guide, clarified client upgrade issues
- In Client Configuration Guide, added information about registration
of version 12 of SUSE Linux Enterprise clients
- In Client Configuration Guide, mark the applying patches features as
supported on Ubuntu
- SLE Micro in Client Configuration Guide: Update version number from 5.0
to 5.1, and warn about Salt installation.
susemanager-docs_en:
- Updated Salt version for Server and Proxy to 3004
- Added details to Client Configuration Guide on using Salt Bundle as
optional
- In the Administration Guide, documented that monitoring tools are
available in SUSE Linux Enterprise 12 and 15 and openSUSE Leap 15, but
Grafana is not available on Proxy (bsc#1191143)
- Documented Autoyast installation features in Autoyast section of the
Client Configuration Guide
- In Client Configuration Guide document Debian 11 as a supported OS as a
client
- In Client Configuration Guide, clarified client upgrade issues
- In Client Configuration Guide, added information about registration
of version 12 of SUSE Linux Enterprise clients
- In Client Configuration Guide, mark the applying patches features as
supported on Ubuntu
- SLE Micro in Client Configuration Guide: Update version number from 5.0
to 5.1, and warn about Salt installation.
susemanager-schema:
- Version 4.2.22-1
* Add schema directory for susemanager-schema-4.2.21
susemanager-sls:
- version 4.2.23-1
* Fix bootstrap repository URL resolution for Yum based clients with
preflight script for Salt SSH
- Version 4.2.22-1
* Add Salt Bundle support on bootstrapping
* Add Salt SSH with Salt Bundle support
* Add util.mgr_switch_to_venv_minion state to switch salt minions to use
the Salt Bundle
* Fix bootstrap repository path resolution for Oracle Linux
* Handle salt bundle in set_proxy.sls
susemanager-sync-data:
- Version 4.2.12-1
* change release status of EL 7 and 8 aarch64 to released
* change release status of Rocky Linux 8 x86_64 to released
* add Debian 11 amd64
supportutils-plugin-salt:
- Update to version 1.2.0
* Add support for Salt Bundle
virtual-host-gatherer:
- Version 1.0.23-1
* reformat the first 3 groups of the UUID for hardware versions >=13 in
VMWare environment.
* Fix shebangs to use python3
* Implement libvirt module
How to apply this update:
1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk
service: `spacewalk-service stop` 3. Apply the patch using either zypper
patch or YaST Online Update. 4. Start the Spacewalk service:
`spacewalk-service start`
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-2144=1
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-2144=1
Package List:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (ppc64le s390x x86_64):
inter-server-sync-0.2.2-150300.8.17.1
inter-server-sync-debuginfo-0.2.2-150300.8.17.1
smdba-1.7.10-0.150300.3.6.1
susemanager-4.2.32-150300.3.31.1
susemanager-tools-4.2.32-150300.3.31.1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch):
prometheus-formula-0.6.2-150300.3.14.1
python3-spacewalk-certs-tools-4.2.16-150300.3.18.3
salt-netapi-client-0.19.0-150300.3.6.1
spacecmd-4.2.17-150300.4.21.4
spacewalk-backend-4.2.22-150300.4.23.1
spacewalk-backend-app-4.2.22-150300.4.23.1
spacewalk-backend-applet-4.2.22-150300.4.23.1
spacewalk-backend-config-files-4.2.22-150300.4.23.1
spacewalk-backend-config-files-common-4.2.22-150300.4.23.1
spacewalk-backend-config-files-tool-4.2.22-150300.4.23.1
spacewalk-backend-iss-4.2.22-150300.4.23.1
spacewalk-backend-iss-export-4.2.22-150300.4.23.1
spacewalk-backend-package-push-server-4.2.22-150300.4.23.1
spacewalk-backend-server-4.2.22-150300.4.23.1
spacewalk-backend-sql-4.2.22-150300.4.23.1
spacewalk-backend-sql-postgresql-4.2.22-150300.4.23.1
spacewalk-backend-tools-4.2.22-150300.4.23.1
spacewalk-backend-xml-export-libs-4.2.22-150300.4.23.1
spacewalk-backend-xmlrpc-4.2.22-150300.4.23.1
spacewalk-base-4.2.27-150300.3.21.7
spacewalk-base-minimal-4.2.27-150300.3.21.7
spacewalk-base-minimal-config-4.2.27-150300.3.21.7
spacewalk-certs-tools-4.2.16-150300.3.18.3
spacewalk-html-4.2.27-150300.3.21.7
spacewalk-java-4.2.38-150300.3.35.1
spacewalk-java-config-4.2.38-150300.3.35.1
spacewalk-java-lib-4.2.38-150300.3.35.1
spacewalk-java-postgresql-4.2.38-150300.3.35.1
spacewalk-taskomatic-4.2.38-150300.3.35.1
spacewalk-utils-4.2.16-150300.3.15.5
spacewalk-utils-extras-4.2.16-150300.3.15.5
supportutils-plugin-salt-1.2.0-150300.3.3.1
susemanager-doc-indexes-4.2-150300.12.27.6
susemanager-docs_en-4.2-150300.12.27.1
susemanager-docs_en-pdf-4.2-150300.12.27.1
susemanager-schema-4.2.22-150300.3.21.6
susemanager-sls-4.2.23-150300.3.25.4
susemanager-sync-data-4.2.12-150300.3.18.3
uyuni-config-modules-4.2.23-150300.3.25.4
virtual-host-gatherer-1.0.23-150300.3.3.1
virtual-host-gatherer-Kubernetes-1.0.23-150300.3.3.1
virtual-host-gatherer-Nutanix-1.0.23-150300.3.3.1
virtual-host-gatherer-VMware-1.0.23-150300.3.3.1
virtual-host-gatherer-libcloud-1.0.23-150300.3.3.1
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch):
python3-spacewalk-certs-tools-4.2.16-150300.3.18.3
spacecmd-4.2.17-150300.4.21.4
spacewalk-backend-4.2.22-150300.4.23.1
spacewalk-base-minimal-4.2.27-150300.3.21.7
spacewalk-base-minimal-config-4.2.27-150300.3.21.7
spacewalk-certs-tools-4.2.16-150300.3.18.3
supportutils-plugin-salt-1.2.0-150300.3.3.1
References:
https://www.suse.com/security/cve/CVE-2021-44906.html
https://www.suse.com/security/cve/CVE-2022-21952.html
https://www.suse.com/security/cve/CVE-2022-31248.html
https://bugzilla.suse.com/1187333
https://bugzilla.suse.com/1191143
https://bugzilla.suse.com/1192550
https://bugzilla.suse.com/1193707
https://bugzilla.suse.com/1194594
https://bugzilla.suse.com/1195710
https://bugzilla.suse.com/1196702
https://bugzilla.suse.com/1197400
https://bugzilla.suse.com/1197438
https://bugzilla.suse.com/1197449
https://bugzilla.suse.com/1197488
https://bugzilla.suse.com/1197591
https://bugzilla.suse.com/1197689
https://bugzilla.suse.com/1198221
https://bugzilla.suse.com/1199089
https://bugzilla.suse.com/1199142
https://bugzilla.suse.com/1199149
https://bugzilla.suse.com/1199512
https://bugzilla.suse.com/1199629
https://bugzilla.suse.com/1200212
https://bugzilla.suse.com/1200606
More information about the sle-updates
mailing list