
   SUSE Security Update: Security update for SUSE Manager Server 4.0
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:0671-1
Rating:             moderate
References:         #1083326 #1085414 #1121640 #1123274 #1137248 
                    #1140332 #1144176 #1152673 #1152795 #1153269 
                    #1154246 #1154590 #1154599 #1155281 #1155372 
                    #1156751 #1157317 #1157346 #1157447 #1157700 
                    #1157975 #1158178 #1158181 #1158283 #1158480 
                    #1158564 #1158672 #1158697 #1158754 #1158818 
                    #1158899 #1158943 #1159012 #1159023 #1159076 
                    #1159184 #1159492 #1159553 #1160184 #1160940 
                    #1161755 #1161862 #1162609 #1162683 #1164120 
                    #1164309 #1164452 #1164649 #1164875 #1165541 
                    #1165927 #1166061 #1166388 
Cross-References:   CVE-2018-1077 CVE-2020-1693
Affected Products:
                    SUSE Linux Enterprise Module for SUSE Manager Server 4.0
______________________________________________________________________________

   An update that solves two vulnerabilities and has 51 fixes
   is now available.

Description:


   This update fixes the following issues:

   branch-network-formula:

   - Update formula to include terminal naming and identification

   image-sync-formula:

   - Prevent installing xdelta3 package and disable delta functionality
     on SLE12 branch servers (bsc#1159553)

   mgr-osad:

   - Take care that osad is not disabled nor deactivated during update
     (bsc#1157700, bsc#1158697)

   patterns-suse-manager:

   - Add recommends for virtualization-host-formula to suma_server pattern
   - Add recommends for virtualization-host-formula to retail

   prometheus-formula:

   - Bugfix: disabled fields not enabled when checkbox is checked

   pxe-default-image-sle15:

   - Adapt to new kiwi version to fix pre registration in the bare-metal
     image (bsc#1153269)

   pxe-formula:

   - Add support for new features in terminal naming
   - Remove branch_id from pxe form, moved to branch-network form

   py26-compat-salt:

   - Replace pycrypto with M2Crypto as dependency for SLE15+

   python-susemanager-retail:

   - Add support for terminal naming block
   - Add delta support for SLE15 tar.xz bundles

   redstone-xmlrpc:

   - Disable external entity parsing (1790381, bsc#1164120, CVE-2020-1693)
   - Do not download external entities (1555429, bsc#1085414, CVE-2018-1077)

   salt-netapi-client:

   - Version 0.17.0 See:
     https://github.com/SUSE/salt-netapi-client/releases/tag/v0.17.0

   spacecmd:

   - Bugfix: attempt to purge SSM when it is empty (bsc#1155372)

   spacewalk-admin:

   - Spell correctly "successful" and "successfully"

   spacewalk-backend:

   - Fix mgrcfg-client python3 breakage (bsc#1164309)
   - Update doc link to point to new documentation server
   - Prevent timestamp format exception on mgr-inter-sync while processing
     comps (bsc#1157346)
   - When downloading repo metadata, don't add "/" to the repo url if it
     already ends with one (bsc#1158899)
   - Use HTTP proxy settings when fetching the mirrorlist on
     spacewalk-repo-sync (bsc#1159076)
   - Enhance suseProducts via ISS to fix SP migration on slave server
     (bsc#1159184)
   - Prevent a traceback when reposyncing openSUSE 15.1 (bsc#1158672)
   - Close config files after reading them (bsc#1158283)
   - Associate VMs and systems with the same machine ID at bootstrap
     (bsc#1144176)

   spacewalk-certs-tools:

   - Add 'start_event_grains' minion option to configfile when generated by
     bootstrap script
   - Forbid multiple activation keys for salt minions during bootstrap
     (bsc#1164452)
   - Add additional minion options to configfile when generated by bootstrap
     script (bsc#1159492)
   - Change the order to check the version correctly for RES (bsc#1152795)

   spacewalk-client-tools:

   - Spell correctly "successful" and "successfully"

   system-lock-formula:

   - Clarified terms along documentation and product (bsc#1166061)

   spacewalk-java:

   - Feat: enable Salt system lock when CaaSP node is onboarded and add
     depedency to 'system-lock-formula' (bsc#1165541)
   - Support non discoverable fqdns via custom grain (bsc#1155281)
   - Handle the non-existent requested grains gracefully
   - Get the machineid grain from the minion startup event
   - Use term 'patch' instead of 'errata' (bsc#1164649)
   - Enable provisioning API with salt and bootstrap entitled systems
   - Fix a problem with removing the monitoring entitlement from a system
   - Improve performance when adding systems to system groups (bsc#1158754)
   - Migrate pillar and formula data on minion id change (bsc#1161755)
   - Change doc links pointing to new documentation server
   - Call saltutil.sync_all before calling highstate (bsc#1152673)
   - Exclude base products from PAYG (Pay-As-You-Go) instances when doing
     subscription matching
   - Show additional headers and dependencies for deb packages
   - Show adequate message on saving formulas that change only pillar data
   - Fix mgr-sync add channel when fromdir is configured (bsc#1160184)
   - Handle not found re-activation key (bsc#1159012)
   - Write a list of formulas sorted by execution order (bsc#1083326)
   - Use channel name from product tree instead of constructing it
     (bsc#1157317)
   - Read the subscriptions from the output instead of input (bsc#1140332)
   - Rename rhncfg-actions to mgr-cfg-actions in UI advice (bsc#1137248)
   - Fix container image import (bsc#1154246)
   - Add missing permission checks on formula api (bsc#1123274)
   - Generate metadata with empty vendor (bsc#1158480)
   - Remove undefined variable from redhat_register snippet
   - Add a method in API to check if the provided session key is a valid one.
   - Associate VMs and systems with the same machine ID at bootstrap
     (bsc#1144176)
   - Fix minion id when applying engine-events state (bsc#1158181)
   - Remove unnecessary WARN log entries from Kubernetes integration
   - Fix for pillar not being refreshed when CaaSP pattern is detected upon
     software profile update (bsc#1166061)

   spacewalk-search:

   - Make rhn-search log to correct file (bsc#1156751)

   spacewalk-setup:

   - Spell correctly "successful" and "successfully"
   - create AJP connector for tomcat if it does not exist (bsc#1165927,
     bsc#1166388)

   spacewalk-utils:

   - Spell "successfully" correctly

   spacewalk-web:

   - Don't validate mandatory fields that are not visible (bsc#1158943)
   - Fix count of changes to build (bsc#1160940)
   - Report merge_subscriptions message in a readable way (bsc#1140332)
   - Fix ordering by date (bsc#1158818)

   subscription-matcher:

   - Add missing library for SLE15 SP2 (slf4j-log4j12)
   - Make the code usable with Math3 on SLES
   - Use log4j12 package on newer SLE versions
   - Aggregate stackable subscriptions with same parameters   - Implement new "swap move" used in optaplanner (bsc#1140332)
   - Enable aarch64 builds, except for SLE < 15

   susemanager:

   - Add missing python libraries to RES8/RHEL8/CentOS 8 boostrap repos
     (bsc#1164875)
   - Add bootstrap-repo data for OES 2018 SP2 (bsc#1161862)
   - Add bootstrap-repo data for SLE15 SP2 Family
   - Fix documentation URL in installer (bsc#1154590)
   - Update requirements to match documented values (bsc#1154599)

   susemanager-doc-indexes:

   - Adding Additional FQDNS for Proxies with Salt
   - Reference guide review and update moving content into tabular format
   - Autogenerate pdf index from antora html nav lists
   - Documentation needs to address using RHEL8 in the correct way
     (bsc#1159023)
   - Traditional clients bootstrap, the example applies to SLES ES 7 only
     (bsc#1158564)
   - Remove auditlog-keeper from list
   - Removed duplicate client requirements entries
   - Fix missing spaces throughout docs
   - Added the complete path for using manager-setup
   - Fix typo in vhm-kubernetes
   - Cleaned up client registration documents
   - Improved ubuntu instructions
   - Explain how to compose a DSN string for monitoring
   - Added publishing dates to individual book intros
   - Updated common spacewalk-common-channels usage
   - Adding Additional FQDNS for Proxies with Salt
   - Reference guide review and update moving content into tabular format
   - Autogenerate pdf index from antora html nav lists
   - Documentation needs to address using RHEL8 in the correct way
     (bsc#1159023)
   - Traditional clients bootstrap, the example applies to SLES ES 7 only
     (bsc#1158564)
   - Remove auditlog-keeper from list
   - Removed duplicate client requirements entries
   - Fix missing spaces throughout docs
   - Added the complete path for using manager-setup
   - Fix typo in vhm-kubernetes
   - Cleaned up client registration documents
   - Improved ubuntu instructions
   - Explain how to compose a DSN string for monitoring
   - Added publishing dates to individual book intros
   - Updated common spacewalk-common-channels usage

   susemanager-docs_en:

   - Adding Additional FQDNS for Proxies with Salt
   - Reference guide review and update moving content into tabular format
   - Autogenerate pdf index from antora html nav lists
   - Documentation needs to address using RHEL8 in the correct way
     (bsc#1159023)
   - Traditional clients bootstrap, the example applies to SLES ES 7 only
     (bsc#1158564)
   - Remove auditlog-keeper from list
   - Removed duplicate client requirements entries
   - Fix missing spaces throughout docs
   - Added the complete path for using manager-setup
   - Fix typo in vhm-kubernetes
   - Cleaned up client registration documents
   - Improved ubuntu instructions
   - Explain how to compose a DSN string for monitoring
   - Added publishing dates to individual book intros
   - Updated common spacewalk-common-channels usage
   - Adding Additional FQDNS for Proxies with Salt
   - Reference guide review and update moving content into tabular format
   - Autogenerate pdf index from antora html nav lists
   - Documentation needs to address using RHEL8 in the correct way
     (bsc#1159023)
   - Traditional clients bootstrap, the example applies to SLES ES 7 only
     (bsc#1158564)
   - Remove auditlog-keeper from list
   - Removed duplicate client requirements entries
   - Fix missing spaces throughout docs
   - Added the complete path for using manager-setup
   - Fix typo in vhm-kubernetes
   - Cleaned up client registration documents
   - Improved ubuntu instructions
   - Explain how to compose a DSN string for monitoring
   - Added publishing dates to individual book intros
   - Updated common spacewalk-common-channels usage

   susemanager-schema:

   - Add new 'payg' attribute to rhnServer table
   - Enable re-activation keys for salt managed systems (bsc#1159012)
   - Generate metadata with empty vendor (bsc#1158480)
   - Fix rhnActionVirtDelete when migrating from 3.2 to 4.0 (bsc#1158178)

   susemanager-sls:

   - Install dmidecode before HW profile update when missing
   - Add mgr_start_event_grains.sls to update minion config
   - Add 'product' custom state module to handle installation of SUSE
     products at client side (bsc#1157447)
   - Support reading of pillar data for minions from multiple files
     (bsc#1158754)
   - Do not workaround util.syncmodules for SSH minions (bsc#1162609)
   - Force to run util.synccustomall when triggering action chains on SSH
     minions (bsc#1162683).
   - Add custom 'is_payg_instance' grain when instance is PAYG and not BYOS.
   - Adapt sls file for pre-downloading in Ubuntu minions
   - Sort formulas by execution order (bsc#1083326)
   - Split remove_traditional_stack into two parts. One for all systems and
     another for clients not being a Uyuni Server or Proxy (bsc#1121640)
   - Change the order to check the version correctly for RES (bsc#1152795)
   - Do not break Servers registering to a Server
   - Remove the virt-poller cache when applying Virtualization entitlement
   - Force HTTP request timeout on public cloud grain (bsc#1157975)

   susemanager-sync-data:

   - Add OES 2018 SP2 (bsc#1161862)
   - Rename RHEL 8 Base product
   - Change channel family name according to SCC data

   How to apply this update: 1. Log in as root user to the SUSE Manager
   server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the
   patch using either zypper patch or YaST Online Update. 4. Upgrade the
   database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service:
   spacewalk-service start


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.0:

      zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2020-671=1



Package List:

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (ppc64le s390x x86_64):

      patterns-suma_retail-4.0-9.10.2
      patterns-suma_server-4.0-9.10.2
      susemanager-4.0.22-3.20.3
      susemanager-tools-4.0.22-3.20.3

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch):

      branch-network-formula-0.1.1580471316.1839544-3.10.2
      image-sync-formula-0.1.1579102150.4716559-3.11.2
      mgr-osa-dispatcher-4.0.11-3.9.2
      prometheus-formula-0.1-4.7.2
      pxe-default-image-sle15-4.0.1-20200305173027
      pxe-formula-0.1.1580384994.6076a7e-3.11.2
      py26-compat-salt-2016.11.10-10.11.2
      python3-mgr-osa-common-4.0.11-3.9.2
      python3-mgr-osa-dispatcher-4.0.11-3.9.2
      python3-spacewalk-backend-libs-4.0.30-3.23.3
      python3-spacewalk-certs-tools-4.0.15-3.15.2
      python3-spacewalk-client-tools-4.0.12-3.13.2
      python3-susemanager-retail-1.0.1580471316.1839544-3.13.2
      redstone-xmlrpc-1.1_20071120-0.11.3.2
      salt-netapi-client-0.17.0-4.3.2
      spacecmd-4.0.18-3.13.2
      spacewalk-admin-4.0.9-3.6.2
      spacewalk-backend-4.0.30-3.23.3
      spacewalk-backend-app-4.0.30-3.23.3
      spacewalk-backend-applet-4.0.30-3.23.3
      spacewalk-backend-config-files-4.0.30-3.23.3
      spacewalk-backend-config-files-common-4.0.30-3.23.3
      spacewalk-backend-config-files-tool-4.0.30-3.23.3
      spacewalk-backend-iss-4.0.30-3.23.3
      spacewalk-backend-iss-export-4.0.30-3.23.3
      spacewalk-backend-package-push-server-4.0.30-3.23.3
      spacewalk-backend-server-4.0.30-3.23.3
      spacewalk-backend-sql-4.0.30-3.23.3
      spacewalk-backend-sql-postgresql-4.0.30-3.23.3
      spacewalk-backend-tools-4.0.30-3.23.3
      spacewalk-backend-xml-export-libs-4.0.30-3.23.3
      spacewalk-backend-xmlrpc-4.0.30-3.23.3
      spacewalk-base-4.0.19-3.18.3
      spacewalk-base-minimal-4.0.19-3.18.3
      spacewalk-base-minimal-config-4.0.19-3.18.3
      spacewalk-certs-tools-4.0.15-3.15.2
      spacewalk-client-tools-4.0.12-3.13.2
      spacewalk-html-4.0.19-3.18.3
      spacewalk-java-4.0.31-3.23.1
      spacewalk-java-config-4.0.31-3.23.1
      spacewalk-java-lib-4.0.31-3.23.1
      spacewalk-java-postgresql-4.0.31-3.23.1
      spacewalk-search-4.0.9-3.11.2
      spacewalk-setup-4.0.13-3.11.1
      spacewalk-taskomatic-4.0.31-3.23.1
      spacewalk-utils-4.0.16-3.15.2
      subscription-matcher-0.25-3.3.2
      susemanager-doc-indexes-4.0-10.18.2
      susemanager-docs_en-4.0-10.18.2
      susemanager-docs_en-pdf-4.0-10.18.2
      susemanager-retail-tools-1.0.1580471316.1839544-3.13.2
      susemanager-schema-4.0.18-3.17.2
      susemanager-sls-4.0.24-3.17.2
      susemanager-sync-data-4.0.16-3.15.2
      susemanager-web-libs-4.0.19-3.18.3
      system-lock-formula-0.2-4.5.1
      virtualization-host-formula-0.2-4.3.2


References:

   https://www.suse.com/security/cve/CVE-2018-1077.html
   https://www.suse.com/security/cve/CVE-2020-1693.html
   https://bugzilla.suse.com/1083326
   https://bugzilla.suse.com/1085414
   https://bugzilla.suse.com/1121640
   https://bugzilla.suse.com/1123274
   https://bugzilla.suse.com/1137248
   https://bugzilla.suse.com/1140332
   https://bugzilla.suse.com/1144176
   https://bugzilla.suse.com/1152673
   https://bugzilla.suse.com/1152795
   https://bugzilla.suse.com/1153269
   https://bugzilla.suse.com/1154246
   https://bugzilla.suse.com/1154590
   https://bugzilla.suse.com/1154599
   https://bugzilla.suse.com/1155281
   https://bugzilla.suse.com/1155372
   https://bugzilla.suse.com/1156751
   https://bugzilla.suse.com/1157317
   https://bugzilla.suse.com/1157346
   https://bugzilla.suse.com/1157447
   https://bugzilla.suse.com/1157700
   https://bugzilla.suse.com/1157975
   https://bugzilla.suse.com/1158178
   https://bugzilla.suse.com/1158181
   https://bugzilla.suse.com/1158283
   https://bugzilla.suse.com/1158480
   https://bugzilla.suse.com/1158564
   https://bugzilla.suse.com/1158672
   https://bugzilla.suse.com/1158697
   https://bugzilla.suse.com/1158754
   https://bugzilla.suse.com/1158818
   https://bugzilla.suse.com/1158899
   https://bugzilla.suse.com/1158943
   https://bugzilla.suse.com/1159012
   https://bugzilla.suse.com/1159023
   https://bugzilla.suse.com/1159076
   https://bugzilla.suse.com/1159184
   https://bugzilla.suse.com/1159492
   https://bugzilla.suse.com/1159553
   https://bugzilla.suse.com/1160184
   https://bugzilla.suse.com/1160940
   https://bugzilla.suse.com/1161755
   https://bugzilla.suse.com/1161862
   https://bugzilla.suse.com/1162609
   https://bugzilla.suse.com/1162683
   https://bugzilla.suse.com/1164120
   https://bugzilla.suse.com/1164309
   https://bugzilla.suse.com/1164452
   https://bugzilla.suse.com/1164649
   https://bugzilla.suse.com/1164875
   https://bugzilla.suse.com/1165541
   https://bugzilla.suse.com/1165927
   https://bugzilla.suse.com/1166061
   https://bugzilla.suse.com/1166388

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates

SUSE: 2020:0671-1 moderate: SUSE Manager Server 4.0

March 13, 2020

An update that solves two vulnerabilities and has 51 fixes is now available

Summary

This update fixes the following issues: branch-network-formula: - Update formula to include terminal naming and identification image-sync-formula: - Prevent installing xdelta3 package and disable delta functionality on SLE12 branch servers (bsc#1159553) mgr-osad: - Take care that osad is not disabled nor deactivated during update (bsc#1157700, bsc#1158697) patterns-suse-manager: - Add recommends for virtualization-host-formula to suma_server pattern - Add recommends for virtualization-host-formula to retail prometheus-formula: - Bugfix: disabled fields not enabled when checkbox is checked pxe-default-image-sle15: - Adapt to new kiwi version to fix pre registration in the bare-metal image (bsc#1153269) pxe-formula: - Add support for new features in terminal naming - Remove branch_id from pxe form, moved to branch-network form py26-compat-salt: - Replace pycrypto with M2Crypto as dependency for SLE15+ python-susemanager-retail: - Add support for terminal naming block - Add delta support for SLE15 tar.xz bundles redstone-xmlrpc: - Disable external entity parsing (1790381, bsc#1164120, CVE-2020-1693) - Do not download external entities (1555429, bsc#1085414, CVE-2018-1077) salt-netapi-client: - Version 0.17.0 See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.17.0 spacecmd: - Bugfix: attempt to purge SSM when it is empty (bsc#1155372) spacewalk-admin: - Spell correctly "successful" and "successfully" spacewalk-backend: - Fix mgrcfg-client python3 breakage (bsc#1164309) - Update doc link to point to new documentation server - Prevent timestamp format exception on mgr-inter-sync while processing comps (bsc#1157346) - When downloading repo metadata, don't add "/" to the repo url if it already ends with one (bsc#1158899) - Use HTTP proxy settings when fetching the mirrorlist on spacewalk-repo-sync (bsc#1159076) - Enhance suseProducts via ISS to fix SP migration on slave server (bsc#1159184) - Prevent a traceback when reposyncing openSUSE 15.1 (bsc#1158672) - Close config files after reading them (bsc#1158283) - Associate VMs and systems with the same machine ID at bootstrap (bsc#1144176) spacewalk-certs-tools: - Add 'start_event_grains' minion option to configfile when generated by bootstrap script - Forbid multiple activation keys for salt minions during bootstrap (bsc#1164452) - Add additional minion options to configfile when generated by bootstrap script (bsc#1159492) - Change the order to check the version correctly for RES (bsc#1152795) spacewalk-client-tools: - Spell correctly "successful" and "successfully" system-lock-formula: - Clarified terms along documentation and product (bsc#1166061) spacewalk-java: - Feat: enable Salt system lock when CaaSP node is onboarded and add depedency to 'system-lock-formula' (bsc#1165541) - Support non discoverable fqdns via custom grain (bsc#1155281) - Handle the non-existent requested grains gracefully - Get the machineid grain from the minion startup event - Use term 'patch' instead of 'errata' (bsc#1164649) - Enable provisioning API with salt and bootstrap entitled systems - Fix a problem with removing the monitoring entitlement from a system - Improve performance when adding systems to system groups (bsc#1158754) - Migrate pillar and formula data on minion id change (bsc#1161755) - Change doc links pointing to new documentation server - Call saltutil.sync_all before calling highstate (bsc#1152673) - Exclude base products from PAYG (Pay-As-You-Go) instances when doing subscription matching - Show additional headers and dependencies for deb packages - Show adequate message on saving formulas that change only pillar data - Fix mgr-sync add channel when fromdir is configured (bsc#1160184) - Handle not found re-activation key (bsc#1159012) - Write a list of formulas sorted by execution order (bsc#1083326) - Use channel name from product tree instead of constructing it (bsc#1157317) - Read the subscriptions from the output instead of input (bsc#1140332) - Rename rhncfg-actions to mgr-cfg-actions in UI advice (bsc#1137248) - Fix container image import (bsc#1154246) - Add missing permission checks on formula api (bsc#1123274) - Generate metadata with empty vendor (bsc#1158480) - Remove undefined variable from redhat_register snippet - Add a method in API to check if the provided session key is a valid one. - Associate VMs and systems with the same machine ID at bootstrap (bsc#1144176) - Fix minion id when applying engine-events state (bsc#1158181) - Remove unnecessary WARN log entries from Kubernetes integration - Fix for pillar not being refreshed when CaaSP pattern is detected upon software profile update (bsc#1166061) spacewalk-search: - Make rhn-search log to correct file (bsc#1156751) spacewalk-setup: - Spell correctly "successful" and "successfully" - create AJP connector for tomcat if it does not exist (bsc#1165927, bsc#1166388) spacewalk-utils: - Spell "successfully" correctly spacewalk-web: - Don't validate mandatory fields that are not visible (bsc#1158943) - Fix count of changes to build (bsc#1160940) - Report merge_subscriptions message in a readable way (bsc#1140332) - Fix ordering by date (bsc#1158818) subscription-matcher: - Add missing library for SLE15 SP2 (slf4j-log4j12) - Make the code usable with Math3 on SLES - Use log4j12 package on newer SLE versions - Aggregate stackable subscriptions with same parameters - Implement new "swap move" used in optaplanner (bsc#1140332) - Enable aarch64 builds, except for SLE < 15 susemanager: - Add missing python libraries to RES8/RHEL8/CentOS 8 boostrap repos (bsc#1164875) - Add bootstrap-repo data for OES 2018 SP2 (bsc#1161862) - Add bootstrap-repo data for SLE15 SP2 Family - Fix documentation URL in installer (bsc#1154590) - Update requirements to match documented values (bsc#1154599) susemanager-doc-indexes: - Adding Additional FQDNS for Proxies with Salt - Reference guide review and update moving content into tabular format - Autogenerate pdf index from antora html nav lists - Documentation needs to address using RHEL8 in the correct way (bsc#1159023) - Traditional clients bootstrap, the example applies to SLES ES 7 only (bsc#1158564) - Remove auditlog-keeper from list - Removed duplicate client requirements entries - Fix missing spaces throughout docs - Added the complete path for using manager-setup - Fix typo in vhm-kubernetes - Cleaned up client registration documents - Improved ubuntu instructions - Explain how to compose a DSN string for monitoring - Added publishing dates to individual book intros - Updated common spacewalk-common-channels usage - Adding Additional FQDNS for Proxies with Salt - Reference guide review and update moving content into tabular format - Autogenerate pdf index from antora html nav lists - Documentation needs to address using RHEL8 in the correct way (bsc#1159023) - Traditional clients bootstrap, the example applies to SLES ES 7 only (bsc#1158564) - Remove auditlog-keeper from list - Removed duplicate client requirements entries - Fix missing spaces throughout docs - Added the complete path for using manager-setup - Fix typo in vhm-kubernetes - Cleaned up client registration documents - Improved ubuntu instructions - Explain how to compose a DSN string for monitoring - Added publishing dates to individual book intros - Updated common spacewalk-common-channels usage susemanager-docs_en: - Adding Additional FQDNS for Proxies with Salt - Reference guide review and update moving content into tabular format - Autogenerate pdf index from antora html nav lists - Documentation needs to address using RHEL8 in the correct way (bsc#1159023) - Traditional clients bootstrap, the example applies to SLES ES 7 only (bsc#1158564) - Remove auditlog-keeper from list - Removed duplicate client requirements entries - Fix missing spaces throughout docs - Added the complete path for using manager-setup - Fix typo in vhm-kubernetes - Cleaned up client registration documents - Improved ubuntu instructions - Explain how to compose a DSN string for monitoring - Added publishing dates to individual book intros - Updated common spacewalk-common-channels usage - Adding Additional FQDNS for Proxies with Salt - Reference guide review and update moving content into tabular format - Autogenerate pdf index from antora html nav lists - Documentation needs to address using RHEL8 in the correct way (bsc#1159023) - Traditional clients bootstrap, the example applies to SLES ES 7 only (bsc#1158564) - Remove auditlog-keeper from list - Removed duplicate client requirements entries - Fix missing spaces throughout docs - Added the complete path for using manager-setup - Fix typo in vhm-kubernetes - Cleaned up client registration documents - Improved ubuntu instructions - Explain how to compose a DSN string for monitoring - Added publishing dates to individual book intros - Updated common spacewalk-common-channels usage susemanager-schema: - Add new 'payg' attribute to rhnServer table - Enable re-activation keys for salt managed systems (bsc#1159012) - Generate metadata with empty vendor (bsc#1158480) - Fix rhnActionVirtDelete when migrating from 3.2 to 4.0 (bsc#1158178) susemanager-sls: - Install dmidecode before HW profile update when missing - Add mgr_start_event_grains.sls to update minion config - Add 'product' custom state module to handle installation of SUSE products at client side (bsc#1157447) - Support reading of pillar data for minions from multiple files (bsc#1158754) - Do not workaround util.syncmodules for SSH minions (bsc#1162609) - Force to run util.synccustomall when triggering action chains on SSH minions (bsc#1162683). - Add custom 'is_payg_instance' grain when instance is PAYG and not BYOS. - Adapt sls file for pre-downloading in Ubuntu minions - Sort formulas by execution order (bsc#1083326) - Split remove_traditional_stack into two parts. One for all systems and another for clients not being a Uyuni Server or Proxy (bsc#1121640) - Change the order to check the version correctly for RES (bsc#1152795) - Do not break Servers registering to a Server - Remove the virt-poller cache when applying Virtualization entitlement - Force HTTP request timeout on public cloud grain (bsc#1157975) susemanager-sync-data: - Add OES 2018 SP2 (bsc#1161862) - Rename RHEL 8 Base product - Change channel family name according to SCC data How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2020-671=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (ppc64le s390x x86_64): patterns-suma_retail-4.0-9.10.2 patterns-suma_server-4.0-9.10.2 susemanager-4.0.22-3.20.3 susemanager-tools-4.0.22-3.20.3 - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch): branch-network-formula-0.1.1580471316.1839544-3.10.2 image-sync-formula-0.1.1579102150.4716559-3.11.2 mgr-osa-dispatcher-4.0.11-3.9.2 prometheus-formula-0.1-4.7.2 pxe-default-image-sle15-4.0.1-20200305173027 pxe-formula-0.1.1580384994.6076a7e-3.11.2 py26-compat-salt-2016.11.10-10.11.2 python3-mgr-osa-common-4.0.11-3.9.2 python3-mgr-osa-dispatcher-4.0.11-3.9.2 python3-spacewalk-backend-libs-4.0.30-3.23.3 python3-spacewalk-certs-tools-4.0.15-3.15.2 python3-spacewalk-client-tools-4.0.12-3.13.2 python3-susemanager-retail-1.0.1580471316.1839544-3.13.2 redstone-xmlrpc-1.1_20071120-0.11.3.2 salt-netapi-client-0.17.0-4.3.2 spacecmd-4.0.18-3.13.2 spacewalk-admin-4.0.9-3.6.2 spacewalk-backend-4.0.30-3.23.3 spacewalk-backend-app-4.0.30-3.23.3 spacewalk-backend-applet-4.0.30-3.23.3 spacewalk-backend-config-files-4.0.30-3.23.3 spacewalk-backend-config-files-common-4.0.30-3.23.3 spacewalk-backend-config-files-tool-4.0.30-3.23.3 spacewalk-backend-iss-4.0.30-3.23.3 spacewalk-backend-iss-export-4.0.30-3.23.3 spacewalk-backend-package-push-server-4.0.30-3.23.3 spacewalk-backend-server-4.0.30-3.23.3 spacewalk-backend-sql-4.0.30-3.23.3 spacewalk-backend-sql-postgresql-4.0.30-3.23.3 spacewalk-backend-tools-4.0.30-3.23.3 spacewalk-backend-xml-export-libs-4.0.30-3.23.3 spacewalk-backend-xmlrpc-4.0.30-3.23.3 spacewalk-base-4.0.19-3.18.3 spacewalk-base-minimal-4.0.19-3.18.3 spacewalk-base-minimal-config-4.0.19-3.18.3 spacewalk-certs-tools-4.0.15-3.15.2 spacewalk-client-tools-4.0.12-3.13.2 spacewalk-html-4.0.19-3.18.3 spacewalk-java-4.0.31-3.23.1 spacewalk-java-config-4.0.31-3.23.1 spacewalk-java-lib-4.0.31-3.23.1 spacewalk-java-postgresql-4.0.31-3.23.1 spacewalk-search-4.0.9-3.11.2 spacewalk-setup-4.0.13-3.11.1 spacewalk-taskomatic-4.0.31-3.23.1 spacewalk-utils-4.0.16-3.15.2 subscription-matcher-0.25-3.3.2 susemanager-doc-indexes-4.0-10.18.2 susemanager-docs_en-4.0-10.18.2 susemanager-docs_en-pdf-4.0-10.18.2 susemanager-retail-tools-1.0.1580471316.1839544-3.13.2 susemanager-schema-4.0.18-3.17.2 susemanager-sls-4.0.24-3.17.2 susemanager-sync-data-4.0.16-3.15.2 susemanager-web-libs-4.0.19-3.18.3 system-lock-formula-0.2-4.5.1 virtualization-host-formula-0.2-4.3.2

References

#1083326 #1085414 #1121640 #1123274 #1137248

#1140332 #1144176 #1152673 #1152795 #1153269

#1154246 #1154590 #1154599 #1155281 #1155372

#1156751 #1157317 #1157346 #1157447 #1157700

#1157975 #1158178 #1158181 #1158283 #1158480

#1158564 #1158672 #1158697 #1158754 #1158818

#1158899 #1158943 #1159012 #1159023 #1159076

#1159184 #1159492 #1159553 #1160184 #1160940

#1161755 #1161862 #1162609 #1162683 #1164120

#1164309 #1164452 #1164649 #1164875 #1165541

#1165927 #1166061 #1166388

Cross- CVE-2018-1077 CVE-2020-1693

Affected Products:

SUSE Linux Enterprise Module for SUSE Manager Server 4.0

https://www.suse.com/security/cve/CVE-2018-1077.html

https://www.suse.com/security/cve/CVE-2020-1693.html

https://bugzilla.suse.com/1083326

https://bugzilla.suse.com/1085414

https://bugzilla.suse.com/1121640

https://bugzilla.suse.com/1123274

https://bugzilla.suse.com/1137248

https://bugzilla.suse.com/1140332

https://bugzilla.suse.com/1144176

https://bugzilla.suse.com/1152673

https://bugzilla.suse.com/1152795

https://bugzilla.suse.com/1153269

https://bugzilla.suse.com/1154246

https://bugzilla.suse.com/1154590

https://bugzilla.suse.com/1154599

https://bugzilla.suse.com/1155281

https://bugzilla.suse.com/1155372

https://bugzilla.suse.com/1156751

https://bugzilla.suse.com/1157317

https://bugzilla.suse.com/1157346

https://bugzilla.suse.com/1157447

https://bugzilla.suse.com/1157700

https://bugzilla.suse.com/1157975

https://bugzilla.suse.com/1158178

https://bugzilla.suse.com/1158181

https://bugzilla.suse.com/1158283

https://bugzilla.suse.com/1158480

https://bugzilla.suse.com/1158564

https://bugzilla.suse.com/1158672

https://bugzilla.suse.com/1158697

https://bugzilla.suse.com/1158754

https://bugzilla.suse.com/1158818

https://bugzilla.suse.com/1158899

https://bugzilla.suse.com/1158943

https://bugzilla.suse.com/1159012

https://bugzilla.suse.com/1159023

https://bugzilla.suse.com/1159076

https://bugzilla.suse.com/1159184

https://bugzilla.suse.com/1159492

https://bugzilla.suse.com/1159553

https://bugzilla.suse.com/1160184

https://bugzilla.suse.com/1160940

https://bugzilla.suse.com/1161755

https://bugzilla.suse.com/1161862

https://bugzilla.suse.com/1162609

https://bugzilla.suse.com/1162683

https://bugzilla.suse.com/1164120

https://bugzilla.suse.com/1164309

https://bugzilla.suse.com/1164452

https://bugzilla.suse.com/1164649

https://bugzilla.suse.com/1164875

https://bugzilla.suse.com/1165541

https://bugzilla.suse.com/1165927

https://bugzilla.suse.com/1166061

https://bugzilla.suse.com/1166388

Severity

Announcement ID: SUSE-SU-2020:0671-1

Rating: moderate

SUSE: 2020:0671-1 moderate: SUSE Manager Server 4.0

Summary

References

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By