SUSE-SU-2022:3194-1: moderate: Security update for SUSE Manager Server 4.3

sle-updates at lists.suse.com sle-updates at lists.suse.com
Thu Sep 8 13:31:47 UTC 2022


   SUSE Security Update: Security update for SUSE Manager Server 4.3
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:3194-1
Rating:             moderate
References:         #1172179 #1179962 #1186011 #1187028 #1191925 
                    #1194394 #1195455 #1198356 #1198358 #1198944 
                    #1199147 #1199157 #1199523 #1199629 #1199646 
                    #1199656 #1199659 #1199662 #1199663 #1199679 
                    #1199714 #1199727 #1199779 #1199817 #1199874 
                    #1199950 #1199984 #1199998 #1200276 #1200347 
                    #1200532 #1200591 #1200606 #1200707 #1201003 
                    #1201142 #1201189 #1201224 #1201411 #1201498 
                    #1201782 #1201842 
Cross-References:   CVE-2022-31248
CVSS scores:
                    CVE-2022-31248 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2022-31248 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:
                    SUSE Linux Enterprise Module for SUSE Manager Server 4.3
                    SUSE Manager Server 4.3
______________________________________________________________________________

   An update that solves one vulnerability and has 41 fixes is
   now available.

Description:


   This update fixes the following issues:

   apache-commons-csv:

   - Fix the URL for the package
   - Declare the LICENSE file as license and not doc

   apache-commons-math3:

   - Fix the URL for the package
   - Declare the LICENSE file as license and not doc

   drools:

   - Declare the LICENSE file as license and not doc

   image-sync-formula:

   - Update to version 0.1.1658330139.861779d
     * Fix deleting of unused boot images
     * Support deltas for system images (bsc#1201498)
     * Do not try to show changes in images (bsc#1199998)

   inter-server-sync:

   - Version 0.2.3
     * Compress exported sql data #16631

   jakarta-commons-validator:

   - Declare the LICENSE file as license and not doc

   jose4j:

   - Declare the LICENSE file as license and not doc

   kie-api:

   - Declare the LICENSE file as license and not doc

   mvel2:

   - Declare the LICENSE file as license and not doc

   optaplanner:

   - Declare the LICENSE file as license and not doc

   python-susemanager-retail:

   - Update to version 0.1.1658330139.861779d
     * Support deltas for system images (bsc#1201498)
     * Fix error message on incorrect --log-level arg (bsc#1199727)

   python-urlgrabber:

   - Fix wrong logic on find_proxy method causing proxy not being used

   reprepro:

   - Bump up the maxsize on a fixed-size C buffer to avoid breaking on some
     autogenerated rust packages
   - Flush stdout and stderr before execv of an end hook
   - Add support for Zstd compressed debs
   - Added alternative package name for db4-devel.

   salt-netapi-client:

   - Declare the LICENSE file as license and not doc

   smdba:

   - Declare the LICENSE file as license and not doc

   spacecmd:

   - Version 4.3.14-1
     * Fix missing argument on system_listmigrationtargets (bsc#1201003)
     * Show correct help on calling kickstart_importjson with no arguments
     * Fix tracebacks on spacecmd kickstart_export (bsc#1200591)
     * Change proxy container config default filename to end with tar.gz

   spacewalk:

   - Version 4.3.5-1
     * Simplified PostgreSQL14 requirement.
     * Update server-migrator to dist-upgrade to openSUSE 15.4

   spacewalk-backend:

   - Version 4.3.15-1
     * cleanup leftovers from removing unused xmlrpc endpoint
     * Fix issues with "http proxy" not being used by reposync in some cases

   spacewalk-certs-tools:

   - Version 4.3.14-1
     * traditional stack bootstrap: install product packages (bsc#1201142)
     * display messages to restart services after certificate change
     * improve CA Chain checking by comparing authorityKeyIdentifier with
       subjectKeyIdentifier

   spacewalk-client-tools:

   - Version 4.3.11-1
     * Update translation strings

   spacewalk-config:

   - Version 4.3.9-1
     * fix posttrans error "RHN-ORG-TRUSTED-SSL-CERT" not found

   spacewalk-java:

   - Version 4.3.35-1
     * Modify parameter type when communicating with the search server
       (bsc#1187028)
     * Fix hibernate error on deleting an image with delta
     * Changed logout method to POST on HTTP API (bsc#1199663)
     * Turned API information endpoints public (bsc#1199817)
     * Fix typo and ordering of JSON over HTTP API example scripts
     * Improved log handling in HTTP API (bsc#1199662)
     * set Channel GPG Key info from SCC data
     * set GPG Key Url as channel pillar data (bsc#1199984)
     * new API endpoint for addErrataUpdate, that take multiple servers as
       argument
     * Move ImageSync pillars to database (bsc#1199157)
     * Fix conflict when system is assigned to multiple instances of the same
       formula (bsc#1194394)
     * Fix initial profile and build host on Image Build page (bsc#1199659)
     * Convert formula integer values when upgrading (bsc#1200347)
     * Cleanup salt known_hosts when generating proxy containers config
     * Modify proxy containers configuration files set output
     * Change proxy containers config to tarball with yaml files
     * Fixed date format on scheduler related messages (bsc#1195455)
     * Improved dropdown layout handling
     * Fix download CSV
     * Hide authentication data in PAYG UI (bsc#1199679)
     * Clean grub2 reinstall entry in autoyast snippet (bsc#1199950)
     * Show reboot alert message on all system detail pages (bsc#1199779)
     * Show patch as installed in CVE Audit even if successor patch affects
       additional packages (bsc#1199646)
     * Fix refresh action confirmation message when no system is selected
     * Fix Intenal Server Error when URI contains invalid sysid (bsc#1186011)
     * Fix notification message on system properties update to ensure style
       consistency (bsc#1172179)
     * Fix containerized proxy configuration machine name
     * Improve CLM channel cloning performance (bsc#1199523)
     * Keep the websocket connections alive with ping/pong frames
       (bsc#1199874)
     * add detection of Ubuntu 22.04
     * fix missing remote command history events for big output (bsc#1199656)
     * fix api log message references the wrong user (bsc#1179962)
     * Consistently use conf value for SPA engine timeout
     * fix download of packages with caret sign in the version due to missing
       url decode
     * Add specific requirement for Cobbler 3.2.1 to not conflict with Leap
       15.4
     * Fix send login(s) and send password actions to avoid user enumeration
       (bsc#1199629) (CVE-2022-31248)

   spacewalk-search:

   - Version 4.3.6-1
     * Add method to handle session id as String
     * Migrated from log4j1.x.x to log4j2.x.x
     * update ivy development files

   spacewalk-setup:

   - Version 4.3.10-1
     * spacewalk-setup-cobbler assumes /etc/apache2/conf.d now as a default
       instead of /etc/httpd/conf.d (bsc#1198356)
     * Allow alternative usage of perl-Net-LibIDN2.

   spacewalk-utils:

   - Version 4.3.13-1
     * change gpg key urls to file urls where possible
     * spacewalk-hostname-rename now correctly replaces the hostname for the
       mgr-sync configuration file (bsc#1198356)
     * spacewalk-hostname-rename now utilizes the "--apache2-conf-dir" flag
       for spacewalk-setup-cobbler
     * Add repositories for Ubuntu 22.04 LTS
     * Add AlmaLinux 9 and Oracle Linux 9 to spacewalk-common-channels
     * Add missing SLES 15 SP4 client tools repositories to
       spacewalk-common-channels.ini
     * add deprecation warning for spacewalk-clone-by-date
     * Add EPEL8 for Almalinux 8 and Rocky 8 in spacewalk-common-channels.ini
     * openSUSE Leap 15.4 repositories

   spacewalk-web:

   - Version 4.3.23-1
     * Update the version for the WebUI
     * Fix initial profile and build host on Image Build page (bsc#1199659)
     * Handle multi line error messages in proxy containers config creation
     * Hide authentication data in PAYG UI (bsc#1199679)
     * add textarea to formulas
     * Consistently use conf value for SPA engine timeout
     * Remove nodejs-packaging as a build requirement
     * Update translation strings

   subscription-matcher:

   - Declare the LICENSE file as license and not doc

   susemanager:

   - Version 4.3.18-1
     * Add missing python3-gnupg to Debian10 bootstrap repo (bsc#1201842)
     * Add clients tool product to generate bootstrap repo on OpenSUSE 15.x
       (bsc#1201189)
     * Add Oracle Linux 9 bootstrap repositories for Uyuni
     * Add AlmaLinux 9 bootstrap repositories for Uyuni
     * Add Red Hat Enterprise Linux 9 repositories for Uyuni
     * Make the Salt Bundle optional for bootstrap repositories for Debian 9
       and SUSE Manager Proxy 4.2
     * Enable bootstrapping for Ubuntu 22.04 LTS
     * fix pg-migrate-x-to-y.sh comment: migration without creating backup
       use -f option
     * bootstrap repo: set optional packages
     * Add python3-contextvars and python3-immutables to missing bootstrap
       repos (bsc#1200606)
     * Update server-migrator to dist-upgrade to openSUSE 15.4

   susemanager-build-keys:

   - Version 15.4.3
     * Add Uyuni Client Tools key
     * Install keys for Client Tools Channels in salt filesystem to be able
       to deploy them to clients
     * Add openEuler 22.03 key
     * Add AlmaLinux 9 key
     * Add Oracle Linux 9 keys
     * RPM-GPG-KEY-openEuler
     * RPM-GPG-KEY-AlmaLinux-9
     * RPM-GPG-KEY-oracle
     * RPM-GPG-KEY-oracle-backup

   susemanager-docs_en:

   - Described disabling local repositories in Client Configuration Guide
   - Remove misleading installation screen shots in the Installation and
     Upgrade Guide (bsc#1201411)
   - Fixed Ubuntu 18 Client registration in Client Configuration Guide
     (bsc#1201224)
   - Removed sle-module-pythonX in VM Installation chapter of Installation
     and Upgrade Guide because SUSE Manager 4.3 does not require it
   - In the Custom Channel section of the Administration Guide add a note
     about synchronizing repositories regularly
   - Removed SUSE Linux Enterprise 11 from the list of supported client
     systems
   - Update section about changing SSL certificates
   - Added ports 1232 and 1233 in the Ports section of the Installation and
     Upgrade Guide; required for Salt SSH Push (bsc#1200532)
   - Fixed 'fast' switch ('-f') of the database migration script in
     Installation and Upgrade Guide
   - Updated Virtualization chapter in Client Configuration Guide; more
     on limitation other than Xen and KVM
   - Added information about registering RHEL clients on Azure in the Import
     Entitlements and Certificates section of the Client Configuration Guide
     (bsc#1198944)
   - Fixed VisibleIf documentation in Formula section of the Salt Guide
   - Added note about importing CA certifcate in Installation and Upgrade
     Guide (bsc#1198358)
   - Documented defining monitored targets using file-based service discovery
     provided in the Prometheus formula in the Salt Guide
   - In Supported Clients and Features chapter in Client Configuration Guide,
     remove SUSE Linux Enterprise 11 (bsc#1199147)
   - Improve traditional client deprecation statement in Client Configuration
     Guide (bsc#1199714)

   susemanager-schema:

   - Version 4.3.13-1
     * update GPG key urls in channels set by spacewalk-common-channels
     * add gpg key info to suseProductSCCRepository (bsc#1199984)
     * Move ImageSync pillars to database (bsc#1199157)

   susemanager-sls:

   - Version 4.3.24-1
     * Fix issue bootstrap issue with Debian 9 because missing
       python3-contextvars (bsc#1201782)
     * Fix deploy of SLE Micro CA Certificate (bsc#1200276)
     * disable local repos before bootstrap and at highstate (bsc#1191925)
     * deploy GPG keys to the clients and define trust in channels
       (bsc#1199984)
     * Enable basic support for Ubuntu 22.04
     * Add port parameter to mgrutil.remove_ssh_known_host
     * Prevent possible tracebacks on calling module.run from mgrcompat by
       setting proper globals with using LazyLoader
     * Fix bootstrapping for Ubuntu 18.04 with classic Salt package
       (bsc#1200707)
     * create CA certificate symlink on Proxies which might get lost due to
       de-installation of the ca package

   uyuni-common-libs:

   - Version 4.3.5-1
     * Fix reposync issue about 'rpm.hdr' object has no attribute 'get'

   virtual-host-gatherer:

   - Declare the LICENSE file as license and not doc

   woodstox:

   - Declare the LICENSE file as license and not doc

   xmlpull-api:

   - Declare the LICENSE file as license and not doc

   How to apply this update:

   1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk
   service: `spacewalk-service stop` 3. Apply the patch using either zypper
   patch or YaST Online Update. 4. Start the Spacewalk service:
   `spacewalk-service start`


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.3:

      zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3194=1



Package List:

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (ppc64le s390x x86_64):

      inter-server-sync-0.2.3-150400.3.3.1
      inter-server-sync-debuginfo-0.2.3-150400.3.3.1
      python3-uyuni-common-libs-4.3.5-150400.3.3.2
      reprepro-5.3.0-150400.3.3.1
      reprepro-debuginfo-5.3.0-150400.3.3.1
      reprepro-debugsource-5.3.0-150400.3.3.1
      smdba-1.7.10-0.150400.4.3.1
      susemanager-4.3.18-150400.3.3.2
      susemanager-tools-4.3.18-150400.3.3.2

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch):

      apache-commons-csv-1.2-150400.3.3.1
      apache-commons-math3-3.2-150400.3.3.1
      drools-7.17.0-150400.3.3.1
      image-sync-formula-0.1.1658330139.861779d-150400.3.3.1
      jakarta-commons-validator-1.1.4-21.150400.21.3.4
      jose4j-0.5.1-150400.3.3.1
      kie-api-7.17.0-150400.3.3.1
      mvel2-2.2.6.Final-150400.3.3.1
      optaplanner-7.17.0-150400.3.3.1
      python3-spacewalk-certs-tools-4.3.14-150400.3.3.2
      python3-spacewalk-client-tools-4.3.11-150400.3.3.4
      python3-susemanager-retail-1.0.1658330139.861779d-150400.3.3.1
      python3-urlgrabber-4.1.0-150400.3.3.1
      salt-netapi-client-0.20.0-150400.3.3.5
      spacecmd-4.3.14-150400.3.3.2
      spacewalk-backend-4.3.15-150400.3.3.5
      spacewalk-backend-app-4.3.15-150400.3.3.5
      spacewalk-backend-applet-4.3.15-150400.3.3.5
      spacewalk-backend-config-files-4.3.15-150400.3.3.5
      spacewalk-backend-config-files-common-4.3.15-150400.3.3.5
      spacewalk-backend-config-files-tool-4.3.15-150400.3.3.5
      spacewalk-backend-iss-4.3.15-150400.3.3.5
      spacewalk-backend-iss-export-4.3.15-150400.3.3.5
      spacewalk-backend-package-push-server-4.3.15-150400.3.3.5
      spacewalk-backend-server-4.3.15-150400.3.3.5
      spacewalk-backend-sql-4.3.15-150400.3.3.5
      spacewalk-backend-sql-postgresql-4.3.15-150400.3.3.5
      spacewalk-backend-tools-4.3.15-150400.3.3.5
      spacewalk-backend-xml-export-libs-4.3.15-150400.3.3.5
      spacewalk-backend-xmlrpc-4.3.15-150400.3.3.5
      spacewalk-base-4.3.23-150400.3.3.4
      spacewalk-base-minimal-4.3.23-150400.3.3.4
      spacewalk-base-minimal-config-4.3.23-150400.3.3.4
      spacewalk-certs-tools-4.3.14-150400.3.3.2
      spacewalk-client-tools-4.3.11-150400.3.3.4
      spacewalk-common-4.3.5-150400.3.3.2
      spacewalk-config-4.3.9-150400.3.3.3
      spacewalk-html-4.3.23-150400.3.3.4
      spacewalk-java-4.3.35-150400.3.3.5
      spacewalk-java-config-4.3.35-150400.3.3.5
      spacewalk-java-lib-4.3.35-150400.3.3.5
      spacewalk-java-postgresql-4.3.35-150400.3.3.5
      spacewalk-postgresql-4.3.5-150400.3.3.2
      spacewalk-search-4.3.6-150400.3.3.3
      spacewalk-setup-4.3.10-150400.3.3.3
      spacewalk-taskomatic-4.3.35-150400.3.3.5
      spacewalk-utils-4.3.13-150400.3.3.3
      spacewalk-utils-extras-4.3.13-150400.3.3.3
      subscription-matcher-0.29-150400.3.3.1
      susemanager-build-keys-15.4.3-150400.3.3.1
      susemanager-build-keys-web-15.4.3-150400.3.3.1
      susemanager-docs_en-4.3-150400.9.3.1
      susemanager-docs_en-pdf-4.3-150400.9.3.1
      susemanager-retail-tools-1.0.1658330139.861779d-150400.3.3.1
      susemanager-schema-4.3.13-150400.3.3.3
      susemanager-schema-utility-4.3.13-150400.3.3.3
      susemanager-sls-4.3.24-150400.3.3.1
      uyuni-config-modules-4.3.24-150400.3.3.1
      virtual-host-gatherer-1.0.23-150400.3.3.1
      virtual-host-gatherer-Kubernetes-1.0.23-150400.3.3.1
      virtual-host-gatherer-Nutanix-1.0.23-150400.3.3.1
      virtual-host-gatherer-VMware-1.0.23-150400.3.3.1
      virtual-host-gatherer-libcloud-1.0.23-150400.3.3.1
      woodstox-4.4.2-150400.3.3.1
      xmlpull-api-1.1.3.1-150400.3.3.1


References:

   https://www.suse.com/security/cve/CVE-2022-31248.html
   https://bugzilla.suse.com/1172179
   https://bugzilla.suse.com/1179962
   https://bugzilla.suse.com/1186011
   https://bugzilla.suse.com/1187028
   https://bugzilla.suse.com/1191925
   https://bugzilla.suse.com/1194394
   https://bugzilla.suse.com/1195455
   https://bugzilla.suse.com/1198356
   https://bugzilla.suse.com/1198358
   https://bugzilla.suse.com/1198944
   https://bugzilla.suse.com/1199147
   https://bugzilla.suse.com/1199157
   https://bugzilla.suse.com/1199523
   https://bugzilla.suse.com/1199629
   https://bugzilla.suse.com/1199646
   https://bugzilla.suse.com/1199656
   https://bugzilla.suse.com/1199659
   https://bugzilla.suse.com/1199662
   https://bugzilla.suse.com/1199663
   https://bugzilla.suse.com/1199679
   https://bugzilla.suse.com/1199714
   https://bugzilla.suse.com/1199727
   https://bugzilla.suse.com/1199779
   https://bugzilla.suse.com/1199817
   https://bugzilla.suse.com/1199874
   https://bugzilla.suse.com/1199950
   https://bugzilla.suse.com/1199984
   https://bugzilla.suse.com/1199998
   https://bugzilla.suse.com/1200276
   https://bugzilla.suse.com/1200347
   https://bugzilla.suse.com/1200532
   https://bugzilla.suse.com/1200591
   https://bugzilla.suse.com/1200606
   https://bugzilla.suse.com/1200707
   https://bugzilla.suse.com/1201003
   https://bugzilla.suse.com/1201142
   https://bugzilla.suse.com/1201189
   https://bugzilla.suse.com/1201224
   https://bugzilla.suse.com/1201411
   https://bugzilla.suse.com/1201498
   https://bugzilla.suse.com/1201782
   https://bugzilla.suse.com/1201842



More information about the sle-updates mailing list