SUSE: 2019:1703-1 moderate: SUSE Manager Server 3.2

    Date25 Jun 2019
    CategorySuSE
    536
    Posted ByLinuxSecurity Advisories
    An update that solves one vulnerability and has 24 fixes is now available.
    
       SUSE Security Update: Security update for SUSE Manager Server 3.2
    ______________________________________________________________________________
    
    Announcement ID:    SUSE-SU-2019:1703-1
    Rating:             moderate
    References:         #1117017 #1125090 #1128061 #1128838 #1129079 
                        #1130492 #1130551 #1131423 #1131704 #1131780 
                        #1131867 #1131929 #1131954 #1132103 #1132197 
                        #1133424 #1133587 #1133629 #1134195 #1134876 
                        #1135166 #1136029 #1136102 #1136250 #1136423 
                        
    Cross-References:   CVE-2019-3684
    Affected Products:
                        SUSE Manager Server 3.2
                        SUSE Manager Proxy 3.2
    ______________________________________________________________________________
    
       An update that solves one vulnerability and has 24 fixes is
       now available.
    
    Description:
    
    
       This update fixes the following issues:
    
       cobbler:
    
       - Removes string replace for textmode fix (bsc#1134195)
    
       py26-compat-salt:
    
       - Avoid syntax error on yumpkg module running on Python 2.6 (bsc#1136250)
       - Use ThreadPool from multiprocessing.pool to avoid leakins when
         calculating FQDNs
       - Fix usermod options for SLE11 (bsc#1117017)
       - Do not report patches as installed on RHEL systems when not all the
         related packages are installed (bsc#1128061)
       - Do not include "ordereddict" and "singledispatch" on the thin for Python
         2.6 systems.
       - Fix paths for py26-compat dependencies on SLE15 and newer
       - Port optimization_order config parameter (bsc#1131423)
       - Use special tornado and msgpack-python compat packages on sles15sp1 and
         greater in py26-compat-salt.conf (bsc#1131423)
       - Add missing py26 thin dependencies
       - Calculate the "FQDNs" grains in parallel to avoid long blocking
         (bsc#1129079)
    
       salt-netapi-client:
    
       - Add workaround for Salt issue 52762
       - Version 0.16.0 see
         https://github.com/SUSE/salt-netapi-client/releases/tag/v0.16.0
    
       spacewalk-backend:
    
       - Fix spacewalk-repo-sync for Ubuntu repositories in mirror case
         (bsc#1136029)
       - Use new names in code for client tool packages which were renamed
         (bsc#1134876)
       - Fix HTTP headers handling to avoid duplicated entries (bsc#1125090)
       - Use suseLib.get_proxy to get the HTTP proxy configuration properly on
         DEB repos (bsc#1133424)
    
       spacewalk-certs-tools:
    
       - Fix missing quotation in bootstrap script (bsc#1136423)
       - Add new packages names to instructions for adding remote configuration
         support for traditional clients
       - Print error message instead of stacktrace for client_config_update.py
    
       spacewalk-config:
    
       - Fix config declaration for rhn.conf (bsc#1132197)
    
       spacewalk-java:
    
       - Remove the 'Returning' clause from the query as oracle doesn't support
         it (bsc#1135166)
       - Use new names in code for client tool packages which were renamed
         (bsc#1134876)
       - Handle the different retcodes that are being returned when salt module
         is not available (bsc#1131704)
       - Do not implicitly set parent channel when cloning (bsc#1130492)
       - Prevent Actions that were actually completed to be displayed as "in
         progress" forever (bsc#1131780)
       - Enable batching mode for salt synchronous calls
       - Show minion id in System Details GUI and API
       - Do not report Provisioning installed product to subscription matcher
         (bsc#1128838)
       - Fix product package conflicts with SLES for SAP systems (bsc#1130551)
       - Add support for Salt batch execution mode
       - Fix NPE on remote commands when no targets match (bsc1123375)
       - Fix apidoc return order on mergePackages
       - Take into account only synced products when scheduling SP migration from
         the API (bsc#1131929)
    
       spacewalk-web:
    
       - Change WebUI string version to 3.2.8
    
       susemanager:
    
       - Make swap files readable only by root (bsc#1131954, CVE-2019-3684)
       - Do not show false errors when configuring swapfile during setup
       - Create bootstrap repo for new Red Hat channels (bsc#1133587)
    
       susemanager-docs_en:
    
       - Minion ID is visible in System Info box.
       - Managing Systems Completely via SSH now fully supported (bsc#1131867).
    
       susemanager-schema:
    
       - Copy 3.1 schema migrations to 3.2 to be able to migrate from an older
         schema version to 3.2
       - Add support for Salt batch execution mode
    
       susemanager-sls:
    
       - Add support for Salt batch execution mode
    
       susemanager-sync-data:
    
       - Add SLES11 SP4 LTSS channels for SLES for SAP (bsc#1133629)
       - Add SLES11 SP4 LTSS channels for ppc64 (bsc#1132103)
    
       zypp-plugin-spacewalk:
    
       - Fix python syntax error in distupgrade (bsc#1136102)
    
    
    Patch Instructions:
    
       To install this SUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - SUSE Manager Server 3.2:
    
          zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-1703=1
    
       - SUSE Manager Proxy 3.2:
    
          zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-1703=1
    
    
    
    Package List:
    
       - SUSE Manager Server 3.2 (ppc64le s390x x86_64):
    
          susemanager-3.2.18-3.25.2
          susemanager-tools-3.2.18-3.25.2
    
       - SUSE Manager Server 3.2 (noarch):
    
          cobbler-2.6.6-6.19.1
          py26-compat-salt-2016.11.10-6.26.1
          python2-spacewalk-certs-tools-2.8.8.10-3.11.1
          salt-netapi-client-0.16.0-4.11.1
          spacewalk-backend-2.8.57.16-3.30.1
          spacewalk-backend-app-2.8.57.16-3.30.1
          spacewalk-backend-applet-2.8.57.16-3.30.1
          spacewalk-backend-config-files-2.8.57.16-3.30.1
          spacewalk-backend-config-files-common-2.8.57.16-3.30.1
          spacewalk-backend-config-files-tool-2.8.57.16-3.30.1
          spacewalk-backend-iss-2.8.57.16-3.30.1
          spacewalk-backend-iss-export-2.8.57.16-3.30.1
          spacewalk-backend-libs-2.8.57.16-3.30.1
          spacewalk-backend-package-push-server-2.8.57.16-3.30.1
          spacewalk-backend-server-2.8.57.16-3.30.1
          spacewalk-backend-sql-2.8.57.16-3.30.1
          spacewalk-backend-sql-oracle-2.8.57.16-3.30.1
          spacewalk-backend-sql-postgresql-2.8.57.16-3.30.1
          spacewalk-backend-tools-2.8.57.16-3.30.1
          spacewalk-backend-xml-export-libs-2.8.57.16-3.30.1
          spacewalk-backend-xmlrpc-2.8.57.16-3.30.1
          spacewalk-base-2.8.7.16-3.27.1
          spacewalk-base-minimal-2.8.7.16-3.27.1
          spacewalk-base-minimal-config-2.8.7.16-3.27.1
          spacewalk-certs-tools-2.8.8.10-3.11.1
          spacewalk-config-2.8.5.7-3.16.1
          spacewalk-html-2.8.7.16-3.27.1
          spacewalk-java-2.8.78.22-3.32.1
          spacewalk-java-config-2.8.78.22-3.32.1
          spacewalk-java-lib-2.8.78.22-3.32.1
          spacewalk-java-oracle-2.8.78.22-3.32.1
          spacewalk-java-postgresql-2.8.78.22-3.32.1
          spacewalk-taskomatic-2.8.78.22-3.32.1
          susemanager-advanced-topics_en-pdf-3.2-11.26.1
          susemanager-best-practices_en-pdf-3.2-11.26.1
          susemanager-docs_en-3.2-11.26.1
          susemanager-getting-started_en-pdf-3.2-11.26.1
          susemanager-jsp_en-3.2-11.26.1
          susemanager-reference_en-pdf-3.2-11.26.1
          susemanager-schema-3.2.19-3.25.1
          susemanager-sls-3.2.25-3.29.1
          susemanager-sync-data-3.2.15-3.23.1
          susemanager-web-libs-2.8.7.16-3.27.1
    
       - SUSE Manager Proxy 3.2 (noarch):
    
          python2-rhncfg-5.10.122.3-3.3.1
          python2-rhncfg-actions-5.10.122.3-3.3.1
          python2-rhncfg-client-5.10.122.3-3.3.1
          python2-rhncfg-management-5.10.122.3-3.3.1
          python2-spacewalk-certs-tools-2.8.8.10-3.11.1
          python2-zypp-plugin-spacewalk-1.0.5-3.7.1
          rhncfg-5.10.122.3-3.3.1
          rhncfg-actions-5.10.122.3-3.3.1
          rhncfg-client-5.10.122.3-3.3.1
          rhncfg-management-5.10.122.3-3.3.1
          spacewalk-backend-2.8.57.16-3.30.1
          spacewalk-backend-libs-2.8.57.16-3.30.1
          spacewalk-base-minimal-2.8.7.16-3.27.1
          spacewalk-base-minimal-config-2.8.7.16-3.27.1
          spacewalk-certs-tools-2.8.8.10-3.11.1
          spacewalk-proxy-broker-2.8.5.5-3.6.2
          spacewalk-proxy-common-2.8.5.5-3.6.2
          spacewalk-proxy-installer-2.8.6.6-3.12.1
          spacewalk-proxy-management-2.8.5.5-3.6.2
          spacewalk-proxy-package-manager-2.8.5.5-3.6.2
          spacewalk-proxy-redirect-2.8.5.5-3.6.2
          spacewalk-proxy-salt-2.8.5.5-3.6.2
          susemanager-web-libs-2.8.7.16-3.27.1
          zypp-plugin-spacewalk-1.0.5-3.7.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2019-3684.html
       https://bugzilla.suse.com/1117017
       https://bugzilla.suse.com/1125090
       https://bugzilla.suse.com/1128061
       https://bugzilla.suse.com/1128838
       https://bugzilla.suse.com/1129079
       https://bugzilla.suse.com/1130492
       https://bugzilla.suse.com/1130551
       https://bugzilla.suse.com/1131423
       https://bugzilla.suse.com/1131704
       https://bugzilla.suse.com/1131780
       https://bugzilla.suse.com/1131867
       https://bugzilla.suse.com/1131929
       https://bugzilla.suse.com/1131954
       https://bugzilla.suse.com/1132103
       https://bugzilla.suse.com/1132197
       https://bugzilla.suse.com/1133424
       https://bugzilla.suse.com/1133587
       https://bugzilla.suse.com/1133629
       https://bugzilla.suse.com/1134195
       https://bugzilla.suse.com/1134876
       https://bugzilla.suse.com/1135166
       https://bugzilla.suse.com/1136029
       https://bugzilla.suse.com/1136102
       https://bugzilla.suse.com/1136250
       https://bugzilla.suse.com/1136423
    
    _______________________________________________
    sle-security-updates mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://lists.suse.com/mailman/listinfo/sle-security-updates
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Do you read our distribution advisories on a regular basis?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    23
    radio
    [{"id":"84","title":"Yes, for a single distribution","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"85","title":"Yes, for multiple distributions","votes":"6","type":"x","order":"2","pct":60,"resources":[]},{"id":"86","title":"No","votes":"4","type":"x","order":"3","pct":40,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.