SUSE: 2020:0856-1 moderate: SUSE Manager Server 3.2

    Date 02 Apr 2020
    214
    Posted By LinuxSecurity Advisories
    An update that solves two vulnerabilities and has 15 fixes is now available.
    
       SUSE Security Update: Security update for SUSE Manager Server 3.2
    ______________________________________________________________________________
    
    Announcement ID:    SUSE-SU-2020:0856-1
    Rating:             moderate
    References:         #1085414 #1140332 #1155372 #1157317 #1158899 
                        #1159184 #1160246 #1161862 #1162609 #1162683 
                        #1163001 #1163538 #1164120 #1164563 #1164771 
                        #1165425 #1165921 
    Cross-References:   CVE-2018-1077 CVE-2020-1693
    Affected Products:
                        SUSE Manager Server 3.2
    ______________________________________________________________________________
    
       An update that solves two vulnerabilities and has 15 fixes
       is now available.
    
    Description:
    
    
       This update fixes the following issues:
    
       py26-compat-salt:
    
       - Replace pycrypto with M2Crypto as dependency for SLE15+ (bsc#1165425)
    
       redstone-xmlrpc:
    
       - Disable external entity parsing (1790381, bsc#1164120, CVE-2020-1693)
       - Do not download external entities (1555429, bsc#1085414, CVE-2018-1077)
    
       spacecmd:
    
       - Bugfix: attempt to purge SSM when it is empty (bsc#1155372)
    
       spacewalk-admin:
    
       - Spell correctly "successful" and "successfully"
    
       spacewalk-backend:
    
       - When downloading repo metadata, don't add "/" to the repo url if it
         already ends with one (bsc#1158899)
       - Enhance suseProducts via ISS to fix SP migration on slave server
         (bsc#1159184)
    
       spacewalk-certs-tools:
    
       - Add minion option in config file to disable salt mine when generated by
         bootstrap script (bsc#1163001)
    
       spacewalk-client-tools:
    
       - Do not crash 'mgr-update-status' because 'long' type is not defined in
         Python 3
       - Add workaround for uptime overflow to spacewalk-update-status as well
         (bsc#1165921)
       - Spell correctly "successful" and "successfully"
    
       spacewalk-java:
    
       - Fix error when adding systems to ssm with 'add to ssm' button
         (bsc#1160246)
       - Validate the suseproductchannel table and update missing date when
         running mgr-sync refresh (bsc#1163538)
       - Read the subscriptions from the output instead of input (bsc#1140332)
       - Show additional headers and dependencies for deb packages
       - Use channel name from product tree instead of constructing it
         (bsc#1157317)
    
       spacewalk-setup:
    
       - Spell correctly "successful" and "successfully"
    
       spacewalk-utils:
    
       - Check for delimiter as well when detecting current phase (bsc#1164771)
    
       spacewalk-web:
    
       - Report merge_subscriptions message in a readable way (bsc#1140332)
    
       subscription-matcher:
    
       - Add missing library for SLE15 SP2 (slf4j-log4j12)
       - Make the code usable with Math3 on SLES
       - Use log4j12 package on newer SLE versions
       - Aggregate stackable subscriptions with same parameters
       - Implement new "swap move" used in optaplanner (bsc#1140332)
       - Enable aarch64 builds, except for SLE < 15
    
       susemanager:
    
       - Fix salt bootstrapping on SLE15 (require python3-pycrypto or
         python3-M2Crypto to support all variants) (bsc#1164563)
       - Add bootstrap-repo data for OES 2018 SP2 (bsc#1161862)
       - Add bootstrap-repo data for SLE15 SP2 Family
    
       susemanager-sls:
    
       - Adapt 'mgractionchains' module to work with Salt 3000
       - Do not workaround util.syncmodules for SSH minions (bsc#1162609)
       - Force to run util.synccustomall when triggering action chains on SSH
         minions (bsc#1162683).
    
       susemanager-sync-data:
    
       - Add OES 2018 SP2 (bsc#1161862)
       - Rename RHEL 8 Base product
       - Change channel family name according to SCC data
    
       How to apply this update: 1. Log in as root user to the SUSE Manager
       server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the
       patch using either zypper patch or YaST Online Update. 4. Upgrade the
       database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service:
       spacewalk-service start
    
    
    Patch Instructions:
    
       To install this SUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - SUSE Manager Server 3.2:
    
          zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2020-856=1
    
    
    
    Package List:
    
       - SUSE Manager Server 3.2 (ppc64le s390x x86_64):
    
          susemanager-3.2.23-3.40.2
          susemanager-tools-3.2.23-3.40.2
    
       - SUSE Manager Server 3.2 (noarch):
    
          py26-compat-salt-2016.11.10-6.35.1
          python2-spacewalk-certs-tools-2.8.8.14-3.23.1
          python2-spacewalk-client-tools-2.8.22.7-3.12.1
          redstone-xmlrpc-1.1_20071120-0.11.3.1
          spacecmd-2.8.25.14-3.32.1
          spacewalk-admin-2.8.4.6-3.12.1
          spacewalk-backend-2.8.57.22-3.48.1
          spacewalk-backend-app-2.8.57.22-3.48.1
          spacewalk-backend-applet-2.8.57.22-3.48.1
          spacewalk-backend-config-files-2.8.57.22-3.48.1
          spacewalk-backend-config-files-common-2.8.57.22-3.48.1
          spacewalk-backend-config-files-tool-2.8.57.22-3.48.1
          spacewalk-backend-iss-2.8.57.22-3.48.1
          spacewalk-backend-iss-export-2.8.57.22-3.48.1
          spacewalk-backend-libs-2.8.57.22-3.48.1
          spacewalk-backend-package-push-server-2.8.57.22-3.48.1
          spacewalk-backend-server-2.8.57.22-3.48.1
          spacewalk-backend-sql-2.8.57.22-3.48.1
          spacewalk-backend-sql-oracle-2.8.57.22-3.48.1
          spacewalk-backend-sql-postgresql-2.8.57.22-3.48.1
          spacewalk-backend-tools-2.8.57.22-3.48.1
          spacewalk-backend-xml-export-libs-2.8.57.22-3.48.1
          spacewalk-backend-xmlrpc-2.8.57.22-3.48.1
          spacewalk-base-2.8.7.23-3.45.1
          spacewalk-base-minimal-2.8.7.23-3.45.1
          spacewalk-base-minimal-config-2.8.7.23-3.45.1
          spacewalk-certs-tools-2.8.8.14-3.23.1
          spacewalk-client-tools-2.8.22.7-3.12.1
          spacewalk-html-2.8.7.23-3.45.1
          spacewalk-java-2.8.78.28-3.47.1
          spacewalk-java-config-2.8.78.28-3.47.1
          spacewalk-java-lib-2.8.78.28-3.47.1
          spacewalk-java-oracle-2.8.78.28-3.47.1
          spacewalk-java-postgresql-2.8.78.28-3.47.1
          spacewalk-setup-2.8.7.10-3.25.1
          spacewalk-taskomatic-2.8.78.28-3.47.1
          spacewalk-utils-2.8.18.6-3.12.1
          subscription-matcher-0.25-4.15.1
          susemanager-sls-3.2.30-3.44.1
          susemanager-sync-data-3.2.19-3.35.1
          susemanager-web-libs-2.8.7.23-3.45.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2018-1077.html
       https://www.suse.com/security/cve/CVE-2020-1693.html
       https://bugzilla.suse.com/1085414
       https://bugzilla.suse.com/1140332
       https://bugzilla.suse.com/1155372
       https://bugzilla.suse.com/1157317
       https://bugzilla.suse.com/1158899
       https://bugzilla.suse.com/1159184
       https://bugzilla.suse.com/1160246
       https://bugzilla.suse.com/1161862
       https://bugzilla.suse.com/1162609
       https://bugzilla.suse.com/1162683
       https://bugzilla.suse.com/1163001
       https://bugzilla.suse.com/1163538
       https://bugzilla.suse.com/1164120
       https://bugzilla.suse.com/1164563
       https://bugzilla.suse.com/1164771
       https://bugzilla.suse.com/1165425
       https://bugzilla.suse.com/1165921
    
    _______________________________________________
    sle-security-updates mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://lists.suse.com/mailman/listinfo/sle-security-updates
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"94","type":"x","order":"1","pct":79.66,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"18","type":"x","order":"2","pct":15.25,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"6","type":"x","order":"3","pct":5.08,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.