SUSE: 2019:1006-1 moderate: SUSE Manager Server 3.2

    Date24 Apr 2019
    CategorySuSE
    339
    Posted ByLinuxSecurity Advisories
    An update that solves one vulnerability and has 24 fixes is now available.
    
       SUSE Security Update: Security update for SUSE Manager Server 3.2
    ______________________________________________________________________________
    
    Announcement ID:    SUSE-SU-2019:1006-1
    Rating:             moderate
    References:         #1070731 #1109316 #1120242 #1121195 #1122230 
                        #1122381 #1122837 #1124290 #1125600 #1125744 
                        #1126075 #1126099 #1126518 #1127542 #1128228 
                        #1128724 #1128781 #1129765 #1129851 #1129956 
                        #1130658 #1131490 #1131677 #1131721 #1132579 
                        
    Cross-References:   CVE-2017-7957
    Affected Products:
                        SUSE Manager Server 3.2
                        SUSE Manager Proxy 3.2
    ______________________________________________________________________________
    
       An update that solves one vulnerability and has 24 fixes is
       now available.
    
    Description:
    
    
       This update includes the following new features:
    
         to the repository metadata (fate#325676)
    
       This update fixes the following issues:
    
       apache-commons-lang3:
    
       - Run fdupes on javadoc
       - Specify java target and source level 1.6 to make package compatible with
         JDK >= 1.8
    
       cobbler:
    
       - Fixes case where distribution detection returns None (bsc#1130658)
       - SUSE texmode fix (bsc#1109316)
    
       drools:
    
       - Update Drools to 7.17.0
       - Release Notes: https://issues.jboss.org/secure/ReleaseNote.jspa
       - Fixes for SLE 15 compatibility
    
       guava:
    
       - Updated from 13.0.1 to 27.0.1
       - Changes between 13.0.1 and 23.0:
         https://github.com/google/guava/wiki/Release14
         https://github.com/google/guava/wiki/Release15
         https://github.com/google/guava/wiki/Release16
         https://github.com/google/guava/wiki/Release17
         https://github.com/google/guava/wiki/Release18
         https://github.com/google/guava/wiki/Release19
         https://github.com/google/guava/wiki/Release23
       - Changes between 23.0 and 27.0.1: see
         https://github.com/google/guava/releases
    
       jade4j:
    
       - Conditional java/java-devel requires based on os version
       - Update dependency version for commons-lang3 to 3.4
       - Fix building javadoc
    
       kie-api:
    
       - Update KIE to 7.17.0
       - Release notes: https://issues.jboss.org/secure/ReleaseNote.jspa
    
       optaplanner:
    
       - Update Optaplanner to 7.17.0
    
       py26-compat-salt:
    
       - Fix minion arguments assign via sysctl (bsc#1124290)
    
       smdba:
    
       - Make 'smdba space-overview' postgresql version agnostic (bsc#1129956)
       - Fix version mismatch
    
       spacecmd:
    
       - Fix system_delete with SSM (bsc#1125744)
    
       spacewalk-admin:
    
       - Fix encoding bug in salt event processing (bsc#1129851)
    
       spacewalk-backend:
    
       - Fix linking of packages in reposync (bsc#1131677)
       - Fix: handle non-standard filenames for comps.xml (bsc#1120242)
       - Mgr-sign-metadata can optionally clear-sign metadata files
    
       spacewalk-branding:
    
       - Introduce a description label for the new 'minion-checkin' Taskomatic
         job (bsc#1122837)
    
       spacewalk-certs-tools:
    
       - Add support for Ubuntu to bootstrap script
       - Clean up downloaded gpg keys after bootstrap (bsc#1126075)
    
       spacewalk-java:
    
       - Fix base channel selection for Ubuntu systems (bsc#1132579)
       - Fix retrieval of build time for .deb repositories (bsc#1131721)
       - Allow access to susemanager tools channels without res subscription
         (bsc#1127542)
       - Add support for SLES 15 live patches in CVE audit
       - Add a Taskomatic job to perform minion check-in regularly, drop use of
         Salt's Mine (bsc#1122837)
       - Fix errata_details to return details correctly (bsc#1128228)
       - Support ubuntu products and debian architectures in mgr-sync
       - Adapt check for available repositories to debian style repositories
       - Add support for custom username when bootstrapping with Salt-SSH
       - Read and update running kernel release value at each startup of minion
         (bsc#1122381)
       - Add error message on sync refresh when there are no scc credentials
       - Fix apidoc issues
       - Fix deleting server when minion_formulas.json is empty (bsc#1122230)
       - Minion-action-cleanup Taskomatic task: do not clean actions younger than
         one hour
       - Schedule full package refresh only once per action chain if needed
         (bsc#1126518)
       - Check and schedule package refresh in response to events independently
         of what originates them (bsc#1126099)
       - Add configuration option to limit the number of changelog entries added
         to the repository metadata (fate#325676)
       - Generate InRelease file for Debian/Ubuntu repos when metadata signing is
         enabled
    
       spacewalk-web:
    
       - Show undetected subscription-matching message object as a string anyway
         (bsc#1125600)
       - Fix action scheduler time picker prefill when the server is on
         "UTC/GMT" timezone (bsc#1121195)
       - Allow username input on bootstrap page when using Salt-SSH
       - Add cache buster for static files (js/css) to fix caching issues after
         upgrading.
    
       subscription-matcher:
    
       - Update dependencies (Drools, Optaplanner, Guava, Xstream)
       - Make the java and java-devel requirements variable
       - Relax the requirement condition on apache-commons-lang3
    
       susemanager:
    
       - Support creating bootstrap repos for Ubuntu 18.04 and 16.04.
       - Allow alternative names for bootstrap packages, to allow using old
         client tools after package renames
       - Feat: create Ubuntu empty repository
       - Fix creation of bootstrap repositories for SLE12 (no SP) by requiring
         python-setuptools only for SLE12 >= SP1 (bsc#1129765)
       - Add bootstrap repo definition for SLE15 SP1
    
       susemanager-docs_en:
    
       - Update text and image files.
       - Fix bad link.
       - Update Manual Backup and smdba sections.
       - Troubleshooting Salt clients.
       - Fix package endpoint in salt pillar content.
       - Ubuntu Clients supported.
       - Change License to GFL 1.2, as it is the real license for the doc since
         3.2.0
    
       susemanager-schema:
    
       - Add a Taskomatic job to perform minion check-in regularly, drop use of
         Salt's Mine (bsc#1122837)
       - Fix performance regression in inter-server-sync (bsc#1128781)
       - Set minion-action-cleanup run frequency from hourly to daily at midnight
    
       susemanager-sls:
    
       - Update get_kernel_live_version module to support older Salt versions
         (bsc#1131490)
       - Update get_kernel_live_version module to support SLES 15 live patches
       - Do not configure Salt Mine in newly registered minions (bsc#1122837)
       - Fix Salt error related to remove_traditional_stack when bootstrapping an
         Ubuntu minion (bsc#1128724)
       - Automatically trust SUSE GPG key for client tools channels on Ubuntu
         systems
       - Util.systeminfo sls has been added to perform different actions at
         minion startup(bsc#1122381)
    
       susemanager-sync-data:
    
       - Allow access to susemanager tools channels without res subscription
         (bsc#1127542)
       - Add Ubuntu product definitions
       - Adapt to SCC changes
       - Add CaaSP 4 Toolchain
    
       xstream:
    
       - Update xstream to 1.4.10
       - Major changes:
       - CVE-2017-7957: XStream could cause a Denial of Service when
         unmarshalling void. (bsc#1070731)
       - New XStream artifact with -java7 appended as version suffix for a
         library explicitly without the Java 8 stuff (lambda expression support,
         converters for java.time.* package).
       - Improve performance by minimizing call stack of mapper chain.
       - XSTR-774: Add converters for types of java.time, java.time.chrono, and
         java.time.temporal packages (converters for LocalDate, LocalDateTime,
         LocalTime, OffsetDateTime, and ZonedDateTime by Matej Cimbora).
       - JavaBeanConverter does not respect ignored unknown elements.
       - Add XStream.setupDefaultSecurity to initialize security framework with
         defaults of XStream 1.5.x.
       - Emit error warning if security framework has not been initialized and
         the XStream instance is vulnerable to known exploits.
       - Feat: modify patch to be compatible with JDK 11 building
       - Fixes for SLE 15 compatibility
    
    
    Patch Instructions:
    
       To install this SUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - SUSE Manager Server 3.2:
    
          zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-1006=1
    
       - SUSE Manager Proxy 3.2:
    
          zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-1006=1
    
    
    
    Package List:
    
       - SUSE Manager Server 3.2 (ppc64le s390x x86_64):
    
          reprepro-5.3.0-2.3.3
          smdba-1.6.4-0.3.9.3
          spacewalk-branding-2.8.5.15-3.19.3
          susemanager-3.2.17-3.22.4
          susemanager-tools-3.2.17-3.22.4
    
       - SUSE Manager Server 3.2 (noarch):
    
          apache-commons-lang3-3.4-3.3.3
          cobbler-2.6.6-6.16.3
          drools-7.17.0-3.3.3
          guava-27.0.1-3.3.3
          jade4j-1.0.7-3.3.3
          kie-api-7.17.0-3.3.3
          kie-soup-7.17.0.Final-2.3.3
          optaplanner-7.17.0-3.3.3
          py26-compat-salt-2016.11.10-6.21.3
          python2-spacewalk-certs-tools-2.8.8.7-3.6.3
          spacecmd-2.8.25.10-3.20.3
          spacewalk-admin-2.8.4.4-3.6.3
          spacewalk-backend-2.8.57.14-3.25.3
          spacewalk-backend-app-2.8.57.14-3.25.3
          spacewalk-backend-applet-2.8.57.14-3.25.3
          spacewalk-backend-config-files-2.8.57.14-3.25.3
          spacewalk-backend-config-files-common-2.8.57.14-3.25.3
          spacewalk-backend-config-files-tool-2.8.57.14-3.25.3
          spacewalk-backend-iss-2.8.57.14-3.25.3
          spacewalk-backend-iss-export-2.8.57.14-3.25.3
          spacewalk-backend-libs-2.8.57.14-3.25.3
          spacewalk-backend-package-push-server-2.8.57.14-3.25.3
          spacewalk-backend-server-2.8.57.14-3.25.3
          spacewalk-backend-sql-2.8.57.14-3.25.3
          spacewalk-backend-sql-oracle-2.8.57.14-3.25.3
          spacewalk-backend-sql-postgresql-2.8.57.14-3.25.3
          spacewalk-backend-tools-2.8.57.14-3.25.3
          spacewalk-backend-xml-export-libs-2.8.57.14-3.25.3
          spacewalk-backend-xmlrpc-2.8.57.14-3.25.3
          spacewalk-base-2.8.7.15-3.24.3
          spacewalk-base-minimal-2.8.7.15-3.24.3
          spacewalk-base-minimal-config-2.8.7.15-3.24.3
          spacewalk-certs-tools-2.8.8.7-3.6.3
          spacewalk-html-2.8.7.15-3.24.3
          spacewalk-java-2.8.78.21-3.29.1
          spacewalk-java-config-2.8.78.21-3.29.1
          spacewalk-java-lib-2.8.78.21-3.29.1
          spacewalk-java-oracle-2.8.78.21-3.29.1
          spacewalk-java-postgresql-2.8.78.21-3.29.1
          spacewalk-taskomatic-2.8.78.21-3.29.1
          subscription-matcher-0.23-4.12.3
          susemanager-schema-3.2.18-3.22.3
          susemanager-sls-3.2.23-3.26.3
          susemanager-sync-data-3.2.14-3.20.3
          susemanager-web-libs-2.8.7.15-3.24.3
          xstream-1.4.10-4.3.3
    
       - SUSE Manager Proxy 3.2 (noarch):
    
          python2-spacewalk-certs-tools-2.8.8.7-3.6.3
          spacewalk-backend-2.8.57.14-3.25.3
          spacewalk-backend-libs-2.8.57.14-3.25.3
          spacewalk-base-minimal-2.8.7.15-3.24.3
          spacewalk-base-minimal-config-2.8.7.15-3.24.3
          spacewalk-certs-tools-2.8.8.7-3.6.3
          susemanager-web-libs-2.8.7.15-3.24.3
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2017-7957.html
       https://bugzilla.suse.com/1070731
       https://bugzilla.suse.com/1109316
       https://bugzilla.suse.com/1120242
       https://bugzilla.suse.com/1121195
       https://bugzilla.suse.com/1122230
       https://bugzilla.suse.com/1122381
       https://bugzilla.suse.com/1122837
       https://bugzilla.suse.com/1124290
       https://bugzilla.suse.com/1125600
       https://bugzilla.suse.com/1125744
       https://bugzilla.suse.com/1126075
       https://bugzilla.suse.com/1126099
       https://bugzilla.suse.com/1126518
       https://bugzilla.suse.com/1127542
       https://bugzilla.suse.com/1128228
       https://bugzilla.suse.com/1128724
       https://bugzilla.suse.com/1128781
       https://bugzilla.suse.com/1129765
       https://bugzilla.suse.com/1129851
       https://bugzilla.suse.com/1129956
       https://bugzilla.suse.com/1130658
       https://bugzilla.suse.com/1131490
       https://bugzilla.suse.com/1131677
       https://bugzilla.suse.com/1131721
       https://bugzilla.suse.com/1132579
    
    _______________________________________________
    sle-security-updates mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://lists.suse.com/mailman/listinfo/sle-security-updates
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    What is your favorite LinuxSecurity.com feature?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    17
    radio
    [{"id":"65","title":"Feature articles","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"66","title":"News","votes":"1","type":"x","order":"2","pct":100,"resources":[]},{"id":"67","title":"HOWTOs","votes":"0","type":"x","order":"3","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.