SUSE Security Update: Security update for several packages related to SUSE Manger 3.1
______________________________________________________________________________

Announcement ID:    SUSE-SU-2019:0863-1
Rating:             moderate
References:         #1109316 #1111191 #1111910 #1114029 #1114059 
                    #1114157 #1114169 #1117759 #1119081 #1119964 
                    #1121038 #1121195 #1121856 #1122836 #1123991 
                    #1124639 #1126862 #1128781 #1129765 #1130658 
                    
Cross-References:   CVE-2018-10851 CVE-2018-14626 CVE-2018-17197
                   
Affected Products:
                    SUSE Manager Server 3.1
                    SUSE Manager Proxy 3.1
______________________________________________________________________________

   An update that solves three vulnerabilities and has 17
   fixes is now available.

Description:

   This consolidated update includes multiple patchinfos for SUSE Manager
   Server and Proxy and follow security issues fixed:

   - CVE-2018-10851: Fixed denial of service via crafted zone record or
     crafted answer (bsc#1114157).
   - CVE-2018-14626: Fixed packet cache pollution via crafted query
     (bsc#1114169).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Manager Server 3.1:

      zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2019-863=1

   - SUSE Manager Proxy 3.1:

      zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2019-863=1



Package List:

   - SUSE Manager Server 3.1 (ppc64le s390x x86_64):

      spacewalk-branding-2.7.2.17-2.31.3
      susemanager-3.1.19-2.34.2
      susemanager-tools-3.1.19-2.34.2

   - SUSE Manager Server 3.1 (noarch):

      cobbler-2.6.6-5.25.1
      py26-compat-salt-2016.11.10-1.19.3
      spacecmd-2.7.8.15-2.32.1
      spacewalk-base-2.7.1.21-2.35.1
      spacewalk-base-minimal-2.7.1.21-2.35.1
      spacewalk-base-minimal-config-2.7.1.21-2.35.1
      spacewalk-html-2.7.1.21-2.35.1
      spacewalk-java-2.7.46.19-2.41.3
      spacewalk-java-config-2.7.46.19-2.41.3
      spacewalk-java-lib-2.7.46.19-2.41.3
      spacewalk-java-oracle-2.7.46.19-2.41.3
      spacewalk-java-postgresql-2.7.46.19-2.41.3
      spacewalk-taskomatic-2.7.46.19-2.41.3
      spacewalk-utils-2.7.10.11-2.23.3
      subscription-matcher-0.22-4.9.2
      susemanager-advanced-topics_en-pdf-3.1-10.29.4
      susemanager-best-practices_en-pdf-3.1-10.29.4
      susemanager-docs_en-3.1-10.29.4
      susemanager-frontend-libs-3.1.2-3.10.1
      susemanager-getting-started_en-pdf-3.1-10.29.4
      susemanager-jsp_en-3.1-10.29.4
      susemanager-reference_en-pdf-3.1-10.29.4
      susemanager-schema-3.1.21-2.36.1
      tika-core-1.20-1.6.2

   - SUSE Manager Proxy 3.1 (noarch):

      spacewalk-base-minimal-2.7.1.21-2.35.1
      spacewalk-base-minimal-config-2.7.1.21-2.35.1


References:

   https://www.suse.com/security/cve/CVE-2018-10851.html
   https://www.suse.com/security/cve/CVE-2018-14626.html
   https://www.suse.com/security/cve/CVE-2018-17197.html
   https://bugzilla.suse.com/1109316
   https://bugzilla.suse.com/1111191
   https://bugzilla.suse.com/1111910
   https://bugzilla.suse.com/1114029
   https://bugzilla.suse.com/1114059
   https://bugzilla.suse.com/1114157
   https://bugzilla.suse.com/1114169
   https://bugzilla.suse.com/1117759
   https://bugzilla.suse.com/1119081
   https://bugzilla.suse.com/1119964
   https://bugzilla.suse.com/1121038
   https://bugzilla.suse.com/1121195
   https://bugzilla.suse.com/1121856
   https://bugzilla.suse.com/1122836
   https://bugzilla.suse.com/1123991
   https://bugzilla.suse.com/1124639
   https://bugzilla.suse.com/1126862
   https://bugzilla.suse.com/1128781
   https://bugzilla.suse.com/1129765
   https://bugzilla.suse.com/1130658

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates

SUSE: 2019:0863-1 moderate: several packages related

April 3, 2019
An update that solves three vulnerabilities and has 17 fixes is now available

Summary

This consolidated update includes multiple patchinfos for SUSE Manager Server and Proxy and follow security issues fixed: - CVE-2018-10851: Fixed denial of service via crafted zone record or crafted answer (bsc#1114157). - CVE-2018-14626: Fixed packet cache pollution via crafted query (bsc#1114169). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2019-863=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2019-863=1 Package List: - SUSE Manager Server 3.1 (ppc64le s390x x86_64): spacewalk-branding-2.7.2.17-2.31.3 susemanager-3.1.19-2.34.2 susemanager-tools-3.1.19-2.34.2 - SUSE Manager Server 3.1 (noarch): cobbler-2.6.6-5.25.1 py26-compat-salt-2016.11.10-1.19.3 spacecmd-2.7.8.15-2.32.1 spacewalk-base-2.7.1.21-2.35.1 spacewalk-base-minimal-2.7.1.21-2.35.1 spacewalk-base-minimal-config-2.7.1.21-2.35.1 spacewalk-html-2.7.1.21-2.35.1 spacewalk-java-2.7.46.19-2.41.3 spacewalk-java-config-2.7.46.19-2.41.3 spacewalk-java-lib-2.7.46.19-2.41.3 spacewalk-java-oracle-2.7.46.19-2.41.3 spacewalk-java-postgresql-2.7.46.19-2.41.3 spacewalk-taskomatic-2.7.46.19-2.41.3 spacewalk-utils-2.7.10.11-2.23.3 subscription-matcher-0.22-4.9.2 susemanager-advanced-topics_en-pdf-3.1-10.29.4 susemanager-best-practices_en-pdf-3.1-10.29.4 susemanager-docs_en-3.1-10.29.4 susemanager-frontend-libs-3.1.2-3.10.1 susemanager-getting-started_en-pdf-3.1-10.29.4 susemanager-jsp_en-3.1-10.29.4 susemanager-reference_en-pdf-3.1-10.29.4 susemanager-schema-3.1.21-2.36.1 tika-core-1.20-1.6.2 - SUSE Manager Proxy 3.1 (noarch): spacewalk-base-minimal-2.7.1.21-2.35.1 spacewalk-base-minimal-config-2.7.1.21-2.35.1

References

#1109316 #1111191 #1111910 #1114029 #1114059

#1114157 #1114169 #1117759 #1119081 #1119964

#1121038 #1121195 #1121856 #1122836 #1123991

#1124639 #1126862 #1128781 #1129765 #1130658

Cross- CVE-2018-10851 CVE-2018-14626 CVE-2018-17197

Affected Products:

SUSE Manager Server 3.1

SUSE Manager Proxy 3.1

https://www.suse.com/security/cve/CVE-2018-10851.html

https://www.suse.com/security/cve/CVE-2018-14626.html

https://www.suse.com/security/cve/CVE-2018-17197.html

https://bugzilla.suse.com/1109316

https://bugzilla.suse.com/1111191

https://bugzilla.suse.com/1111910

https://bugzilla.suse.com/1114029

https://bugzilla.suse.com/1114059

https://bugzilla.suse.com/1114157

https://bugzilla.suse.com/1114169

https://bugzilla.suse.com/1117759

https://bugzilla.suse.com/1119081

https://bugzilla.suse.com/1119964

https://bugzilla.suse.com/1121038

https://bugzilla.suse.com/1121195

https://bugzilla.suse.com/1121856

https://bugzilla.suse.com/1122836

https://bugzilla.suse.com/1123991

https://bugzilla.suse.com/1124639

https://bugzilla.suse.com/1126862

https://bugzilla.suse.com/1128781

https://bugzilla.suse.com/1129765

https://bugzilla.suse.com/1130658

Severity
Announcement ID: SUSE-SU-2019:0863-1
Rating: moderate

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved