SUSE-RU-2023:2595-1: moderate: Maintenance update for SUSE Manager 4.2: Server, Proxy and Retail Branch Server
SUSE-MANAGER-UPDATES
null at suse.de
Tue Feb 27 11:38:13 UTC 2024
# Maintenance update for SUSE Manager 4.2: Server, Proxy and Retail Branch
Server
Announcement ID: SUSE-RU-2023:2595-1
Rating: moderate
References:
* bsc#1179747
* bsc#1186011
* bsc#1203599
* bsc#1205600
* bsc#1206423
* bsc#1207550
* bsc#1207814
* bsc#1207941
* bsc#1208984
* bsc#1209220
* bsc#1209231
* bsc#1209277
* bsc#1209386
* bsc#1209434
* bsc#1209508
* bsc#1209877
* bsc#1209915
* bsc#1209926
* bsc#1210011
* bsc#1210086
* bsc#1210101
* bsc#1210107
* bsc#1210154
* bsc#1210162
* bsc#1210232
* bsc#1210311
* bsc#1210406
* bsc#1210437
* bsc#1210458
* bsc#1210659
* bsc#1210835
* bsc#1210957
* bsc#1211330
* bsc#1211956
* bsc#1211958
* bsc#1212096
* bsc#1212363
* jsc#MSQA-674
Cross-References:
* CVE-2023-22644
CVSS scores:
* CVE-2023-22644 ( NVD ): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Affected Products:
* SUSE Manager Proxy 4.2
* SUSE Manager Proxy 4.2 Module 4.2
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Server 4.2
* SUSE Manager Server 4.2 Module 4.2
An update that solves one vulnerability, contains one feature and has 36
recommended fixes can now be installed.
## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.2
### Description:
This update fixes the following issues:
spacecmd:
* Version 4.2.23-1
* Fix argument parsing of distribution_update (bsc#1210458)
spacewalk-backend:
* Version 4.2.28-1
* Filter CLM modular packages using release strings (bsc#1207814)
* Add package details to reposync error logging
spacewalk-certs-tools:
* Version 4.2.20-1
* Update translations
spacewalk-proxy-installer:
* version 4.3.11-1
* Fix squid refresh_pattern for "venv-enabled-*.txt" files to avoid serving
outdated version of the file (bsc#1211956)
spacewalk-ssl-cert-check:
* Version 4.2.3-1
* Update translations
spacewalk-web:
* Version 4.2.35-1
* Show loading indicator on formula details pages (bsc#1179747)
* Increase datetimepicker font sizes (bsc#1210437)
* Fix an issue where the datetimepicker shows wrong date (bsc#1209231)
susemanager-build-keys:
* Version 15.3.9
* add SUSE Liberty v2 key (bsc#1212096)
* add Debian 12 (bookworm) GPG keys (bsc#1212363)
* add new 4096 bit RSA SUSE Package Hub key
* Version 15.3.8
* Fix installation of SUSE Linux Enterprise 15 RSA reserve build key
* Add new 4096 bit RSA openSUSE build key gpg-pubkey-29b700a4.asc
How to apply this update:
1. Log in as root user to the SUSE Manager Proxy or Retail Branch Server.
2. Stop the proxy service: `spacewalk-proxy stop`
3. Apply the patch using either zypper patch or YaST Online Update.
4. Start the Spacewalk service: `spacewalk-proxy start`
## Security update for SUSE Manager Server 4.2
### Description:
This update fixes the following issues:
branch-network-formula:
* Update to version 0.1.1680167239.23f2fec
* Remove unnecessary import of "salt.ext.six"
cpu-mitigations-formula:
* Update to version 0.5.0:
* Mark all SUSE Linux Enterprise 15 SP4 and newer and openSUSE 15.4 and newer
as supported (bsc#1210835)
hub-xmlrpc-api:
* Do not strictly require Go 1.18 on SUSE Linux Enterprise 15 SP3
(bsc#1203599)
inter-server-sync:
* Version 0.2.8
* Correctly detect product name and product version number
* Import image channel data only when related software channel is available
(bsc#1211330)
perl-Satcon:
* Version 4.2.3-1
* Accept keys with dots
spacecmd:
* Version 4.2.23-1
* Fix argument parsing of distribution_update (bsc#1210458)
spacewalk-backend:
* Version 4.2.28-1
* Filter CLM modular packages using release strings (bsc#1207814)
* Add package details to reposync error logging
spacewalk-certs-tools:
* Version 4.2.20-1
* Update translations
spacewalk-java:
* Security fixes in version 4.2.50-1:
* CVE-2023-22644: Remove web session swap secrets output in logs (bsc#1210086)
* CVE-2023-22644: Do not output URL parameters for tiny urls (bsc#1210101)
* CVE-2023-22644: Fix session information leak (bsc#1210107)
* CVE-2023-22644: Do not output Cobbler xmlrpc token in debug logs
(bsc#1210162)
* CVE-2023-22644: Fix credentials and other secrets disclosure when debug log
is enabled (bsc#1210154)
* CVE-2023-22644: Prevent logging formula data (bsc#1209386, bsc#1209434)
* Other non-security issues fixed in version 4.2.50-1:
* Fix misleading error message regarding SCC credentials removal (bsc#1207941)
* Fix issue with `aclChannelTypeCapable` that prevented errata view in deb
arch
* Refresh pillars after setting custom values via SSM (bsc#1210659)
* Report SSM power management errors in 'rhn_web_ui' (bsc#1210406)
* Filter CLM modular packages using release strings (bsc#1207814)
* Allow processing big state results (bsc#1210957)
* Use glassfish-activation-api instead of gnu-jaf
* Fix Intenal Server Error when URI contains invalid sysid (bsc#1186011)
* kernel options: only add quotes if there is a space in the value
(bsc#1209926)
* Fix link to Knowledge Base articles (bsc#1210311)
* Remove channels from client after transfer to a different organization
(bsc#1209220)
* Fix displaying system channels when no base product is installed
(bsc#1206423)
* Fix broken ifcfg grub option on reinstallation (bsc#1210232)
* Fix NPE in Cobbler system sync when server has no creator set
* Add listSystemEvents missing API endpoint (bsc#1209877)
spacewalk-setup:
* Version 4.2.12-1
* Enable netapi clients in master configuration (required for Salt 3006)
spacewalk-utils:
* Version 4.2.19-1
* spacewalk-hostname-rename remains stuck at refreshing pillars (bsc#1207550)
spacewalk-web:
* Version 4.2.35-1
* Show loading indicator on formula details pages (bsc#1179747)
* Increase datetimepicker font sizes (bsc#1210437)
* Fix an issue where the datetimepicker shows wrong date (bsc#1209231)
supportutils-plugin-susemanager:
* Version 4.2.7-1
* Fix property name to tune for salt events queue processing
susemanager:
* version 4.3.27-1
* Use newest venv-salt-minion version available to generate the venv-
enabled-*.txt file in bootstrap repos (bsc#1211958)
* Version 4.2.41-1
* Add bootstrap repository definitions for openSUSE Leap 15.5
* Add bootstrap repository definitions for SUSE Linux Enterprise Server 15 SP5
susemanager-build-keys:
* Version 15.3.9
* add SUSE Liberty v2 key (bsc#1212096)
* add Debian 12 (bookworm) GPG keys (bsc#1212363)
* add new 4096 bit RSA SUSE Package Hub key
* Version 15.3.8
* Fix installation of SUSE Linux Enterprise 15 RSA reserve build key
* Add new 4096 bit RSA openSUSE build key gpg-pubkey-29b700a4.asc
susemanager-sls:
* Version 4.2.34-1
* Trust new Liberty Linux v2 key (bsc#1212096)
susemanager-doc-indexes:
* Salt version changed to 3006.0
* Added note for clarification between self-installed and cloud instances of
Ubuntu
* Improved pay-as-you-go documentation in the Install and Upgrade Guide
(bsc#1208984)
* Added comment about activation keys for LTSS clients in Client Configuration
Guide (bsc#1210011)
* Updated API script examples to Python 3 in Administration Guide and Large
Deployment Guide
* Change cleanup Salt Client description
* Added instruction for Cobbler to use the correct label in Client
Configuration Guide distro label (bsc#1205600)
* Added updated options for rhn.conf file in the Administration Guide
(bsc#1209508)
* Fixed calculation of DB max-connections and align it with the supportconfig
checking tool in the Tuning Guide
susemanager-docs_en:
* Salt version changed to 3006.0
* Added note for clarification between self-installed and cloud instances of
Ubuntu
* Improved Pay-as-you-go documentation in the Install and Upgrade Guide
(bsc#1208984)
* Added comment about activation keys for LTSS clients in Client Configuration
Guide (bsc#1210011)
* Updated API script examples to Python 3 in Administration Guide and Large
Deployment Guide
* Change cleanup Salt Client description
* Added instruction for Cobbler to use the correct label in Client
Configuration Guide distro label (bsc#1205600)
* Added updated options for rhn.conf file in the Administration Guide
(bsc#1209508)
* Fixed calculation of DB max-connections and align it with the supportconfig
checking tool in the Tuning Guide
susemanager-schema:
* Version 4.2.28-1
* Filter CLM modular packages using release strings (bsc#1207814)
* Repeat schema migrations for module metadata storage (bsc#1209915)
susemanager-sls:
* Version 4.2.33-1
* Include automatic migration from Salt 3000 to Salt bundle in highstate
* Disable salt-minion and remove its config file on cleanup (bsc#1209277)
* To update everything on a debian system, call dist-upgrade to be able to
install and remove packages
virtual-host-gatherer:
* Version 1.0.26-1
* Fix cpu calculation in the libvirt module and enhance the data structure by
os value
How to apply this update:
1. Log in as root user to the SUSE Manager Server.
2. Stop the Spacewalk service: `spacewalk-service stop`
3. Apply the patch using either zypper patch or YaST Online Update.
4. Start the Spacewalk service: `spacewalk-service start`
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Manager Proxy 4.2 Module 4.2
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-2595=1
* SUSE Manager Server 4.2 Module 4.2
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-2595=1
## Package List:
* SUSE Manager Proxy 4.2 Module 4.2 (noarch)
* susemanager-build-keys-web-15.3.9-150300.3.14.1
* python3-spacewalk-certs-tools-4.2.20-150300.3.30.4
* spacewalk-base-minimal-config-4.2.35-150300.3.44.4
* susemanager-build-keys-15.3.9-150300.3.14.1
* spacewalk-base-minimal-4.2.35-150300.3.44.4
* spacewalk-certs-tools-4.2.20-150300.3.30.4
* spacewalk-backend-4.2.28-150300.4.41.4
* spacecmd-4.2.23-150300.4.39.4
* spacewalk-proxy-installer-4.2.12-150300.3.17.2
* spacewalk-ssl-cert-check-4.2.3-150300.3.3.2
* SUSE Manager Server 4.2 Module 4.2 (noarch)
* spacewalk-backend-iss-4.2.28-150300.4.41.4
* spacewalk-taskomatic-4.2.50-150300.3.66.5
* spacewalk-base-minimal-config-4.2.35-150300.3.44.4
* spacewalk-utils-extras-4.2.19-150300.3.24.2
* susemanager-schema-4.2.28-150300.3.38.4
* spacewalk-backend-applet-4.2.28-150300.4.41.4
* susemanager-docs_en-pdf-4.2-150300.12.45.2
* spacewalk-backend-xml-export-libs-4.2.28-150300.4.41.4
* uyuni-config-modules-4.2.34-150300.3.51.1
* virtual-host-gatherer-Nutanix-1.0.26-150300.3.15.2
* spacewalk-backend-app-4.2.28-150300.4.41.4
* spacewalk-backend-config-files-4.2.28-150300.4.41.4
* spacewalk-backend-package-push-server-4.2.28-150300.4.41.4
* python3-spacewalk-certs-tools-4.2.20-150300.3.30.4
* susemanager-build-keys-15.3.9-150300.3.14.1
* spacewalk-base-minimal-4.2.35-150300.3.44.4
* branch-network-formula-0.1.1680167239.23f2fec-150300.3.6.2
* susemanager-sls-4.2.34-150300.3.51.1
* spacewalk-base-4.2.35-150300.3.44.4
* virtual-host-gatherer-Kubernetes-1.0.26-150300.3.15.2
* spacewalk-html-4.2.35-150300.3.44.4
* spacewalk-backend-iss-export-4.2.28-150300.4.41.4
* spacewalk-backend-sql-postgresql-4.2.28-150300.4.41.4
* spacewalk-backend-xmlrpc-4.2.28-150300.4.41.4
* spacewalk-java-4.2.50-150300.3.66.5
* cpu-mitigations-formula-0.5.0-150300.3.6.2
* spacecmd-4.2.23-150300.4.39.4
* spacewalk-java-postgresql-4.2.50-150300.3.66.5
* susemanager-build-keys-web-15.3.9-150300.3.14.1
* spacewalk-backend-sql-4.2.28-150300.4.41.4
* susemanager-docs_en-4.2-150300.12.45.2
* virtual-host-gatherer-libcloud-1.0.26-150300.3.15.2
* perl-Satcon-4.2.3-150300.3.3.3
* susemanager-doc-indexes-4.2-150300.12.45.4
* spacewalk-backend-tools-4.2.28-150300.4.41.4
* spacewalk-backend-4.2.28-150300.4.41.4
* spacewalk-certs-tools-4.2.20-150300.3.30.4
* spacewalk-backend-config-files-tool-4.2.28-150300.4.41.4
* spacewalk-java-config-4.2.50-150300.3.66.5
* spacewalk-java-lib-4.2.50-150300.3.66.5
* spacewalk-utils-4.2.19-150300.3.24.2
* virtual-host-gatherer-1.0.26-150300.3.15.2
* virtual-host-gatherer-VMware-1.0.26-150300.3.15.2
* spacewalk-setup-4.2.12-150300.3.18.3
* supportutils-plugin-susemanager-4.2.7-150300.3.15.4
* spacewalk-backend-config-files-common-4.2.28-150300.4.41.4
* spacewalk-backend-server-4.2.28-150300.4.41.4
* SUSE Manager Server 4.2 Module 4.2 (ppc64le s390x x86_64)
* inter-server-sync-0.2.8-150300.8.31.2
* susemanager-4.2.42-150300.3.54.4
* susemanager-tools-4.2.42-150300.3.54.4
* hub-xmlrpc-api-0.7-150300.3.12.3
* inter-server-sync-debuginfo-0.2.8-150300.8.31.2
## References:
* https://www.suse.com/security/cve/CVE-2023-22644.html
* https://bugzilla.suse.com/show_bug.cgi?id=1179747
* https://bugzilla.suse.com/show_bug.cgi?id=1186011
* https://bugzilla.suse.com/show_bug.cgi?id=1203599
* https://bugzilla.suse.com/show_bug.cgi?id=1205600
* https://bugzilla.suse.com/show_bug.cgi?id=1206423
* https://bugzilla.suse.com/show_bug.cgi?id=1207550
* https://bugzilla.suse.com/show_bug.cgi?id=1207814
* https://bugzilla.suse.com/show_bug.cgi?id=1207941
* https://bugzilla.suse.com/show_bug.cgi?id=1208984
* https://bugzilla.suse.com/show_bug.cgi?id=1209220
* https://bugzilla.suse.com/show_bug.cgi?id=1209231
* https://bugzilla.suse.com/show_bug.cgi?id=1209277
* https://bugzilla.suse.com/show_bug.cgi?id=1209386
* https://bugzilla.suse.com/show_bug.cgi?id=1209434
* https://bugzilla.suse.com/show_bug.cgi?id=1209508
* https://bugzilla.suse.com/show_bug.cgi?id=1209877
* https://bugzilla.suse.com/show_bug.cgi?id=1209915
* https://bugzilla.suse.com/show_bug.cgi?id=1209926
* https://bugzilla.suse.com/show_bug.cgi?id=1210011
* https://bugzilla.suse.com/show_bug.cgi?id=1210086
* https://bugzilla.suse.com/show_bug.cgi?id=1210101
* https://bugzilla.suse.com/show_bug.cgi?id=1210107
* https://bugzilla.suse.com/show_bug.cgi?id=1210154
* https://bugzilla.suse.com/show_bug.cgi?id=1210162
* https://bugzilla.suse.com/show_bug.cgi?id=1210232
* https://bugzilla.suse.com/show_bug.cgi?id=1210311
* https://bugzilla.suse.com/show_bug.cgi?id=1210406
* https://bugzilla.suse.com/show_bug.cgi?id=1210437
* https://bugzilla.suse.com/show_bug.cgi?id=1210458
* https://bugzilla.suse.com/show_bug.cgi?id=1210659
* https://bugzilla.suse.com/show_bug.cgi?id=1210835
* https://bugzilla.suse.com/show_bug.cgi?id=1210957
* https://bugzilla.suse.com/show_bug.cgi?id=1211330
* https://bugzilla.suse.com/show_bug.cgi?id=1211956
* https://bugzilla.suse.com/show_bug.cgi?id=1211958
* https://bugzilla.suse.com/show_bug.cgi?id=1212096
* https://bugzilla.suse.com/show_bug.cgi?id=1212363
* https://jira.suse.com/browse/MSQA-674
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/suma-updates/attachments/20240227/2f37794c/attachment-0001.htm>
More information about the suma-updates
mailing list