SUSE: 2020:2650-1 important:: SUSE Manager Server 4.0
An update that solves three vulnerabilities and has 26 fixes is now available.
Summary
This update fixes the following issues: hibernate5: - Address CVE-2019-14900 (bsc#1172079) image-sync-formula: - Allow image-sync state on regular minion. Image sync state requires branch-network pillars to get the directory where to sync images. Use default `/srv/saltboot` if that pillar is missing so image-sync can be applied on non branch minions as well. openvpn-formula: - Add hint that ssl certs must be on system (bsc#1172279) prometheus-exporters-formula: - Bugfix: Handle exporters proxy for unsupported distros (bsc#1175555) - Add support for exporters proxy (exporter_exporter) - Update the apache exporter config file for Debian salt-netapi-client: - Refresh authentication module list to newer Salt versions saltboot-formula: - Better fix for rounding errors (bsc#1136857) spacecmd: - Python3 fixes for errata in spacecmd (bsc#1169664) - Python3 fix for sorted usage (bsc#1167907) - Fix softwarechannel_listlatestpackages throwing error on empty channels (bsc#1175889) - Fix escaping of package names (bsc#1171281) spacewalk-admin: - Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028) spacewalk-certs-tools: - Add option --nostricthostkeychecking to spacewalk-ssh-push-init - Strip SSL Certificate Common Name after 63 Characters (bsc#1173535) spacewalk-java: - Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028) - Fix EntityExistsException on migration from traditional to salt minion via proxy (bsc#1175556) - Use media.1/products from media when not specified different (bsc#1175558) - Fix: use quiet API method when using spacewalk-common-channels (bsc#1175529) - Fix alignment on icon on entitlement page - Reset the server path on minion registration (bsc#1174254) - Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831) - Fix error when rolling back a system to a snapshot (bsc#1173997) - Avoid deadlock when syncing channels and registering minions at the same time (bsc#1173566) - Provide comps.xml and modules.yaml when using onlinerepo for kickstart - Set CPU and memory info for virtual instances (bsc#1170244) - Change system list header text to something better (bsc#1173982) spacewalk-setup: - Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028) spacewalk-utils: - Avoid exceptions on the logs when looking for channels that do not exist (bsc#1175529) spacewalk-web: - Fix login page after jQuery upgrade (bsc#1175224) - Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831) - Warn when a system is in multiple groups that configure the same formula in the system formula's UI (bsc#1173554) susemanager: - Define bootstrap repo data for SUSE Manager Proxies (bsc#1174470) susemanager-frontend-libs: - Upgrade jquery to 3.5.1 - CVE-2020-11022 (bsc#1172831) susemanager-schema: - Prevent a deadlock error involving delete_server and update_needed_cache (bsc#1173073) susemanager-sls: - Fix the dnf plugin to add the token to the HTTP header (bsc#1175724) - Fix reporting of missing products in product.all_installed (bsc#1165829) - Require PyYAML version >= 5.1 - Get redhat-release only when it is not a symlink - Fix: supply a dnf base when dealing w/repos (bsc#1172504) - Fix: autorefresh in repos is zypper-only susemanager-sync-data: - Remove version from centos and oracle linux identifier (bsc#1173584) virtualization-host-formula: - Update to version 0.5 - Ensure kernel-default and libvirt-python3 are installed - Set bridge network as default - Fix conditionals (bsc#1175791) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2020-2650=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.0-2020-2650=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (ppc64le s390x x86_64): openvpn-formula-0.1.1-4.6.2 susemanager-4.0.28-3.36.3 susemanager-tools-4.0.28-3.36.3 - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch): hibernate5-5.3.7-4.3.2 image-sync-formula-0.1.1595937550.0285244-3.20.2 prometheus-exporters-formula-0.7.1-3.10.2 python3-spacewalk-certs-tools-4.0.17-3.21.3 salt-netapi-client-0.17.0-4.6.3 saltboot-formula-0.1.1595937550.0285244-3.19.2 spacecmd-4.0.20-3.19.2 spacewalk-admin-4.0.11-3.12.1 spacewalk-base-4.0.23-3.30.3 spacewalk-base-minimal-4.0.23-3.30.3 spacewalk-base-minimal-config-4.0.23-3.30.3 spacewalk-certs-tools-4.0.17-3.21.3 spacewalk-html-4.0.23-3.30.3 spacewalk-java-4.0.37-3.39.1 spacewalk-java-config-4.0.37-3.39.1 spacewalk-java-lib-4.0.37-3.39.1 spacewalk-java-postgresql-4.0.37-3.39.1 spacewalk-setup-4.0.14-3.14.1 spacewalk-taskomatic-4.0.37-3.39.1 spacewalk-utils-4.0.18-3.21.3 susemanager-frontend-libs-4.0.2-4.3.2 susemanager-schema-4.0.22-3.29.2 susemanager-sls-4.0.29-3.31.3 susemanager-sync-data-4.0.18-3.24.2 susemanager-web-libs-4.0.23-3.30.3 virtualization-host-formula-0.5-4.12.3 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (noarch): python3-spacewalk-certs-tools-4.0.17-3.21.3 spacecmd-4.0.20-3.19.2 spacewalk-base-minimal-4.0.23-3.30.3 spacewalk-base-minimal-config-4.0.23-3.30.3 spacewalk-certs-tools-4.0.17-3.21.3 spacewalk-proxy-broker-4.0.14-3.10.3 spacewalk-proxy-common-4.0.14-3.10.3 spacewalk-proxy-management-4.0.14-3.10.3 spacewalk-proxy-package-manager-4.0.14-3.10.3 spacewalk-proxy-redirect-4.0.14-3.10.3 spacewalk-proxy-salt-4.0.14-3.10.3
References
#1136857 #1165829 #1167907 #1169664 #1170244
#1171281 #1172079 #1172279 #1172504 #1172831
#1173073 #1173535 #1173554 #1173566 #1173584
#1173982 #1173997 #1174201 #1174254 #1174470
#1175224 #1175529 #1175555 #1175556 #1175558
#1175724 #1175791 #1175884 #1175889
Cross- CVE-2019-14900 CVE-2020-11022 CVE-2020-8028
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Server 4.0
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0
https://www.suse.com/security/cve/CVE-2019-14900.html
https://www.suse.com/security/cve/CVE-2020-11022.html
https://www.suse.com/security/cve/CVE-2020-8028.html
https://bugzilla.suse.com/1136857
https://bugzilla.suse.com/1165829
https://bugzilla.suse.com/1167907
https://bugzilla.suse.com/1169664
https://bugzilla.suse.com/1170244
https://bugzilla.suse.com/1171281
https://bugzilla.suse.com/1172079
https://bugzilla.suse.com/1172279
https://bugzilla.suse.com/1172504
https://bugzilla.suse.com/1172831
https://bugzilla.suse.com/1173073
https://bugzilla.suse.com/1173535
https://bugzilla.suse.com/1173554
https://bugzilla.suse.com/1173566
https://bugzilla.suse.com/1173584
https://bugzilla.suse.com/1173982
https://bugzilla.suse.com/1173997
https://bugzilla.suse.com/1174201
https://bugzilla.suse.com/1174254
https://bugzilla.suse.com/1174470
https://bugzilla.suse.com/1175224
https://bugzilla.suse.com/1175529
https://bugzilla.suse.com/1175555
https://bugzilla.suse.com/1175556
https://bugzilla.suse.com/1175558
https://bugzilla.suse.com/1175724
https://bugzilla.suse.com/1175791
https://bugzilla.suse.com/1175884
https://bugzilla.suse.com/1175889