SUSE-RU-2023:2595-1: moderate: Maintenance update for SUSE Manager 4.2: Server, Proxy and Retail Branch Server

SLE-UPDATES null at suse.de
Tue Feb 27 11:38:13 UTC 2024



# Maintenance update for SUSE Manager 4.2: Server, Proxy and Retail Branch
Server

Announcement ID: SUSE-RU-2023:2595-1  
Rating: moderate  
References:

  * bsc#1179747
  * bsc#1186011
  * bsc#1203599
  * bsc#1205600
  * bsc#1206423
  * bsc#1207550
  * bsc#1207814
  * bsc#1207941
  * bsc#1208984
  * bsc#1209220
  * bsc#1209231
  * bsc#1209277
  * bsc#1209386
  * bsc#1209434
  * bsc#1209508
  * bsc#1209877
  * bsc#1209915
  * bsc#1209926
  * bsc#1210011
  * bsc#1210086
  * bsc#1210101
  * bsc#1210107
  * bsc#1210154
  * bsc#1210162
  * bsc#1210232
  * bsc#1210311
  * bsc#1210406
  * bsc#1210437
  * bsc#1210458
  * bsc#1210659
  * bsc#1210835
  * bsc#1210957
  * bsc#1211330
  * bsc#1211956
  * bsc#1211958
  * bsc#1212096
  * bsc#1212363
  * jsc#MSQA-674

  
Cross-References:

  * CVE-2023-22644

  
CVSS scores:

  * CVE-2023-22644 ( NVD ):  3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

  
Affected Products:

  * SUSE Manager Proxy 4.2
  * SUSE Manager Proxy 4.2 Module 4.2
  * SUSE Manager Retail Branch Server 4.2
  * SUSE Manager Server 4.2
  * SUSE Manager Server 4.2 Module 4.2

  
  
An update that solves one vulnerability, contains one feature and has 36
recommended fixes can now be installed.

## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.2

### Description:

This update fixes the following issues:

spacecmd:

  * Version 4.2.23-1
  * Fix argument parsing of distribution_update (bsc#1210458)

spacewalk-backend:

  * Version 4.2.28-1
  * Filter CLM modular packages using release strings (bsc#1207814)
  * Add package details to reposync error logging

spacewalk-certs-tools:

  * Version 4.2.20-1
  * Update translations

spacewalk-proxy-installer:

  * version 4.3.11-1
  * Fix squid refresh_pattern for "venv-enabled-*.txt" files to avoid serving
    outdated version of the file (bsc#1211956)

spacewalk-ssl-cert-check:

  * Version 4.2.3-1
  * Update translations

spacewalk-web:

  * Version 4.2.35-1
  * Show loading indicator on formula details pages (bsc#1179747)
  * Increase datetimepicker font sizes (bsc#1210437)
  * Fix an issue where the datetimepicker shows wrong date (bsc#1209231)

susemanager-build-keys:

  * Version 15.3.9
  * add SUSE Liberty v2 key (bsc#1212096)
  * add Debian 12 (bookworm) GPG keys (bsc#1212363)
  * add new 4096 bit RSA SUSE Package Hub key
  * Version 15.3.8
  * Fix installation of SUSE Linux Enterprise 15 RSA reserve build key
  * Add new 4096 bit RSA openSUSE build key gpg-pubkey-29b700a4.asc

How to apply this update:

  1. Log in as root user to the SUSE Manager Proxy or Retail Branch Server.
  2. Stop the proxy service: `spacewalk-proxy stop`
  3. Apply the patch using either zypper patch or YaST Online Update.
  4. Start the Spacewalk service: `spacewalk-proxy start`

## Security update for SUSE Manager Server 4.2

### Description:

This update fixes the following issues:

branch-network-formula:

  * Update to version 0.1.1680167239.23f2fec
  * Remove unnecessary import of "salt.ext.six"

cpu-mitigations-formula:

  * Update to version 0.5.0:
  * Mark all SUSE Linux Enterprise 15 SP4 and newer and openSUSE 15.4 and newer
    as supported (bsc#1210835)

hub-xmlrpc-api:

  * Do not strictly require Go 1.18 on SUSE Linux Enterprise 15 SP3
    (bsc#1203599)

inter-server-sync:

  * Version 0.2.8
  * Correctly detect product name and product version number
  * Import image channel data only when related software channel is available
    (bsc#1211330)

perl-Satcon:

  * Version 4.2.3-1
  * Accept keys with dots

spacecmd:

  * Version 4.2.23-1
  * Fix argument parsing of distribution_update (bsc#1210458)

spacewalk-backend:

  * Version 4.2.28-1
  * Filter CLM modular packages using release strings (bsc#1207814)
  * Add package details to reposync error logging

spacewalk-certs-tools:

  * Version 4.2.20-1
  * Update translations

spacewalk-java:

  * Security fixes in version 4.2.50-1:
  * CVE-2023-22644: Remove web session swap secrets output in logs (bsc#1210086)
  * CVE-2023-22644: Do not output URL parameters for tiny urls (bsc#1210101)
  * CVE-2023-22644: Fix session information leak (bsc#1210107)
  * CVE-2023-22644: Do not output Cobbler xmlrpc token in debug logs
    (bsc#1210162)
  * CVE-2023-22644: Fix credentials and other secrets disclosure when debug log
    is enabled (bsc#1210154)
  * CVE-2023-22644: Prevent logging formula data (bsc#1209386, bsc#1209434)
  * Other non-security issues fixed in version 4.2.50-1:
  * Fix misleading error message regarding SCC credentials removal (bsc#1207941)
  * Fix issue with `aclChannelTypeCapable` that prevented errata view in deb
    arch
  * Refresh pillars after setting custom values via SSM (bsc#1210659)
  * Report SSM power management errors in 'rhn_web_ui' (bsc#1210406)
  * Filter CLM modular packages using release strings (bsc#1207814)
  * Allow processing big state results (bsc#1210957)
  * Use glassfish-activation-api instead of gnu-jaf
  * Fix Intenal Server Error when URI contains invalid sysid (bsc#1186011)
  * kernel options: only add quotes if there is a space in the value
    (bsc#1209926)
  * Fix link to Knowledge Base articles (bsc#1210311)
  * Remove channels from client after transfer to a different organization
    (bsc#1209220)
  * Fix displaying system channels when no base product is installed
    (bsc#1206423)
  * Fix broken ifcfg grub option on reinstallation (bsc#1210232)
  * Fix NPE in Cobbler system sync when server has no creator set
  * Add listSystemEvents missing API endpoint (bsc#1209877)

spacewalk-setup:

  * Version 4.2.12-1
  * Enable netapi clients in master configuration (required for Salt 3006)

spacewalk-utils:

  * Version 4.2.19-1
  * spacewalk-hostname-rename remains stuck at refreshing pillars (bsc#1207550)

spacewalk-web:

  * Version 4.2.35-1
  * Show loading indicator on formula details pages (bsc#1179747)
  * Increase datetimepicker font sizes (bsc#1210437)
  * Fix an issue where the datetimepicker shows wrong date (bsc#1209231)

supportutils-plugin-susemanager:

  * Version 4.2.7-1
  * Fix property name to tune for salt events queue processing

susemanager:

  * version 4.3.27-1
  * Use newest venv-salt-minion version available to generate the venv-
    enabled-*.txt file in bootstrap repos (bsc#1211958)
  * Version 4.2.41-1
  * Add bootstrap repository definitions for openSUSE Leap 15.5
  * Add bootstrap repository definitions for SUSE Linux Enterprise Server 15 SP5

susemanager-build-keys:

  * Version 15.3.9
  * add SUSE Liberty v2 key (bsc#1212096)
  * add Debian 12 (bookworm) GPG keys (bsc#1212363)
  * add new 4096 bit RSA SUSE Package Hub key
  * Version 15.3.8
  * Fix installation of SUSE Linux Enterprise 15 RSA reserve build key
  * Add new 4096 bit RSA openSUSE build key gpg-pubkey-29b700a4.asc

susemanager-sls:

  * Version 4.2.34-1
  * Trust new Liberty Linux v2 key (bsc#1212096)

susemanager-doc-indexes:

  * Salt version changed to 3006.0
  * Added note for clarification between self-installed and cloud instances of
    Ubuntu
  * Improved pay-as-you-go documentation in the Install and Upgrade Guide
    (bsc#1208984)
  * Added comment about activation keys for LTSS clients in Client Configuration
    Guide (bsc#1210011)
  * Updated API script examples to Python 3 in Administration Guide and Large
    Deployment Guide
  * Change cleanup Salt Client description
  * Added instruction for Cobbler to use the correct label in Client
    Configuration Guide distro label (bsc#1205600)
  * Added updated options for rhn.conf file in the Administration Guide
    (bsc#1209508)
  * Fixed calculation of DB max-connections and align it with the supportconfig
    checking tool in the Tuning Guide

susemanager-docs_en:

  * Salt version changed to 3006.0
  * Added note for clarification between self-installed and cloud instances of
    Ubuntu
  * Improved Pay-as-you-go documentation in the Install and Upgrade Guide
    (bsc#1208984)
  * Added comment about activation keys for LTSS clients in Client Configuration
    Guide (bsc#1210011)
  * Updated API script examples to Python 3 in Administration Guide and Large
    Deployment Guide
  * Change cleanup Salt Client description
  * Added instruction for Cobbler to use the correct label in Client
    Configuration Guide distro label (bsc#1205600)
  * Added updated options for rhn.conf file in the Administration Guide
    (bsc#1209508)
  * Fixed calculation of DB max-connections and align it with the supportconfig
    checking tool in the Tuning Guide

susemanager-schema:

  * Version 4.2.28-1
  * Filter CLM modular packages using release strings (bsc#1207814)
  * Repeat schema migrations for module metadata storage (bsc#1209915)

susemanager-sls:

  * Version 4.2.33-1
  * Include automatic migration from Salt 3000 to Salt bundle in highstate
  * Disable salt-minion and remove its config file on cleanup (bsc#1209277)
  * To update everything on a debian system, call dist-upgrade to be able to
    install and remove packages

virtual-host-gatherer:

  * Version 1.0.26-1
  * Fix cpu calculation in the libvirt module and enhance the data structure by
    os value

How to apply this update:

  1. Log in as root user to the SUSE Manager Server.
  2. Stop the Spacewalk service: `spacewalk-service stop`
  3. Apply the patch using either zypper patch or YaST Online Update.
  4. Start the Spacewalk service: `spacewalk-service start`

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Manager Proxy 4.2 Module 4.2  
    zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-2595=1

  * SUSE Manager Server 4.2 Module 4.2  
    zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-2595=1

## Package List:

  * SUSE Manager Proxy 4.2 Module 4.2 (noarch)
    * susemanager-build-keys-web-15.3.9-150300.3.14.1
    * python3-spacewalk-certs-tools-4.2.20-150300.3.30.4
    * spacewalk-base-minimal-config-4.2.35-150300.3.44.4
    * susemanager-build-keys-15.3.9-150300.3.14.1
    * spacewalk-base-minimal-4.2.35-150300.3.44.4
    * spacewalk-certs-tools-4.2.20-150300.3.30.4
    * spacewalk-backend-4.2.28-150300.4.41.4
    * spacecmd-4.2.23-150300.4.39.4
    * spacewalk-proxy-installer-4.2.12-150300.3.17.2
    * spacewalk-ssl-cert-check-4.2.3-150300.3.3.2
  * SUSE Manager Server 4.2 Module 4.2 (noarch)
    * spacewalk-backend-iss-4.2.28-150300.4.41.4
    * spacewalk-taskomatic-4.2.50-150300.3.66.5
    * spacewalk-base-minimal-config-4.2.35-150300.3.44.4
    * spacewalk-utils-extras-4.2.19-150300.3.24.2
    * susemanager-schema-4.2.28-150300.3.38.4
    * spacewalk-backend-applet-4.2.28-150300.4.41.4
    * susemanager-docs_en-pdf-4.2-150300.12.45.2
    * spacewalk-backend-xml-export-libs-4.2.28-150300.4.41.4
    * uyuni-config-modules-4.2.34-150300.3.51.1
    * virtual-host-gatherer-Nutanix-1.0.26-150300.3.15.2
    * spacewalk-backend-app-4.2.28-150300.4.41.4
    * spacewalk-backend-config-files-4.2.28-150300.4.41.4
    * spacewalk-backend-package-push-server-4.2.28-150300.4.41.4
    * python3-spacewalk-certs-tools-4.2.20-150300.3.30.4
    * susemanager-build-keys-15.3.9-150300.3.14.1
    * spacewalk-base-minimal-4.2.35-150300.3.44.4
    * branch-network-formula-0.1.1680167239.23f2fec-150300.3.6.2
    * susemanager-sls-4.2.34-150300.3.51.1
    * spacewalk-base-4.2.35-150300.3.44.4
    * virtual-host-gatherer-Kubernetes-1.0.26-150300.3.15.2
    * spacewalk-html-4.2.35-150300.3.44.4
    * spacewalk-backend-iss-export-4.2.28-150300.4.41.4
    * spacewalk-backend-sql-postgresql-4.2.28-150300.4.41.4
    * spacewalk-backend-xmlrpc-4.2.28-150300.4.41.4
    * spacewalk-java-4.2.50-150300.3.66.5
    * cpu-mitigations-formula-0.5.0-150300.3.6.2
    * spacecmd-4.2.23-150300.4.39.4
    * spacewalk-java-postgresql-4.2.50-150300.3.66.5
    * susemanager-build-keys-web-15.3.9-150300.3.14.1
    * spacewalk-backend-sql-4.2.28-150300.4.41.4
    * susemanager-docs_en-4.2-150300.12.45.2
    * virtual-host-gatherer-libcloud-1.0.26-150300.3.15.2
    * perl-Satcon-4.2.3-150300.3.3.3
    * susemanager-doc-indexes-4.2-150300.12.45.4
    * spacewalk-backend-tools-4.2.28-150300.4.41.4
    * spacewalk-backend-4.2.28-150300.4.41.4
    * spacewalk-certs-tools-4.2.20-150300.3.30.4
    * spacewalk-backend-config-files-tool-4.2.28-150300.4.41.4
    * spacewalk-java-config-4.2.50-150300.3.66.5
    * spacewalk-java-lib-4.2.50-150300.3.66.5
    * spacewalk-utils-4.2.19-150300.3.24.2
    * virtual-host-gatherer-1.0.26-150300.3.15.2
    * virtual-host-gatherer-VMware-1.0.26-150300.3.15.2
    * spacewalk-setup-4.2.12-150300.3.18.3
    * supportutils-plugin-susemanager-4.2.7-150300.3.15.4
    * spacewalk-backend-config-files-common-4.2.28-150300.4.41.4
    * spacewalk-backend-server-4.2.28-150300.4.41.4
  * SUSE Manager Server 4.2 Module 4.2 (ppc64le s390x x86_64)
    * inter-server-sync-0.2.8-150300.8.31.2
    * susemanager-4.2.42-150300.3.54.4
    * susemanager-tools-4.2.42-150300.3.54.4
    * hub-xmlrpc-api-0.7-150300.3.12.3
    * inter-server-sync-debuginfo-0.2.8-150300.8.31.2

## References:

  * https://www.suse.com/security/cve/CVE-2023-22644.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1179747
  * https://bugzilla.suse.com/show_bug.cgi?id=1186011
  * https://bugzilla.suse.com/show_bug.cgi?id=1203599
  * https://bugzilla.suse.com/show_bug.cgi?id=1205600
  * https://bugzilla.suse.com/show_bug.cgi?id=1206423
  * https://bugzilla.suse.com/show_bug.cgi?id=1207550
  * https://bugzilla.suse.com/show_bug.cgi?id=1207814
  * https://bugzilla.suse.com/show_bug.cgi?id=1207941
  * https://bugzilla.suse.com/show_bug.cgi?id=1208984
  * https://bugzilla.suse.com/show_bug.cgi?id=1209220
  * https://bugzilla.suse.com/show_bug.cgi?id=1209231
  * https://bugzilla.suse.com/show_bug.cgi?id=1209277
  * https://bugzilla.suse.com/show_bug.cgi?id=1209386
  * https://bugzilla.suse.com/show_bug.cgi?id=1209434
  * https://bugzilla.suse.com/show_bug.cgi?id=1209508
  * https://bugzilla.suse.com/show_bug.cgi?id=1209877
  * https://bugzilla.suse.com/show_bug.cgi?id=1209915
  * https://bugzilla.suse.com/show_bug.cgi?id=1209926
  * https://bugzilla.suse.com/show_bug.cgi?id=1210011
  * https://bugzilla.suse.com/show_bug.cgi?id=1210086
  * https://bugzilla.suse.com/show_bug.cgi?id=1210101
  * https://bugzilla.suse.com/show_bug.cgi?id=1210107
  * https://bugzilla.suse.com/show_bug.cgi?id=1210154
  * https://bugzilla.suse.com/show_bug.cgi?id=1210162
  * https://bugzilla.suse.com/show_bug.cgi?id=1210232
  * https://bugzilla.suse.com/show_bug.cgi?id=1210311
  * https://bugzilla.suse.com/show_bug.cgi?id=1210406
  * https://bugzilla.suse.com/show_bug.cgi?id=1210437
  * https://bugzilla.suse.com/show_bug.cgi?id=1210458
  * https://bugzilla.suse.com/show_bug.cgi?id=1210659
  * https://bugzilla.suse.com/show_bug.cgi?id=1210835
  * https://bugzilla.suse.com/show_bug.cgi?id=1210957
  * https://bugzilla.suse.com/show_bug.cgi?id=1211330
  * https://bugzilla.suse.com/show_bug.cgi?id=1211956
  * https://bugzilla.suse.com/show_bug.cgi?id=1211958
  * https://bugzilla.suse.com/show_bug.cgi?id=1212096
  * https://bugzilla.suse.com/show_bug.cgi?id=1212363
  * https://jira.suse.com/browse/MSQA-674

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20240227/81d3acc7/attachment.htm>


More information about the sle-updates mailing list