Linux Security
    Linux Security
    Linux Security

    SUSE: 2020:2650-1 important:: SUSE Manager Server 4.0

    Date
    129
    Posted By

    An update that solves three vulnerabilities and has 26 fixes is now available.

    
       SUSE Security Update: Security update for SUSE Manager Server 4.0
    ______________________________________________________________________________
    
    Announcement ID:    SUSE-SU-2020:2650-1
    Rating:             important
    References:         #1136857 #1165829 #1167907 #1169664 #1170244 
                        #1171281 #1172079 #1172279 #1172504 #1172831 
                        #1173073 #1173535 #1173554 #1173566 #1173584 
                        #1173982 #1173997 #1174201 #1174254 #1174470 
                        #1175224 #1175529 #1175555 #1175556 #1175558 
                        #1175724 #1175791 #1175884 #1175889 
    Cross-References:   CVE-2019-14900 CVE-2020-11022 CVE-2020-8028
                       
    Affected Products:
                        SUSE Linux Enterprise Module for SUSE Manager Server 4.0
                        SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0
    ______________________________________________________________________________
    
       An update that solves three vulnerabilities and has 26
       fixes is now available.
    
    Description:
    
    
       This update fixes the following issues:
    
       hibernate5:
    
       - Address CVE-2019-14900 (bsc#1172079)
    
       image-sync-formula:
    
       - Allow image-sync state on regular minion. Image sync state requires
         branch-network pillars to get the directory where to sync images. Use
         default `/srv/saltboot` if that pillar is missing so image-sync can be
         applied on non branch minions as well.
    
       openvpn-formula:
    
       - Add hint that ssl certs must be on system (bsc#1172279)
    
       prometheus-exporters-formula:
    
       - Bugfix: Handle exporters proxy for unsupported distros (bsc#1175555)
       - Add support for exporters proxy (exporter_exporter)
       - Update the apache exporter config file for Debian
    
       salt-netapi-client:
    
       - Refresh authentication module list to newer Salt versions
    
       saltboot-formula:
    
       - Better fix for rounding errors (bsc#1136857)
    
       spacecmd:
    
       - Python3 fixes for errata in spacecmd (bsc#1169664)
       - Python3 fix for sorted usage (bsc#1167907)
       - Fix softwarechannel_listlatestpackages throwing error on empty channels
         (bsc#1175889)
       - Fix escaping of package names (bsc#1171281)
    
       spacewalk-admin:
    
       - Use the Salt API in authenticated and encrypted form (bsc#1175884,
         CVE-2020-8028)
    
       spacewalk-certs-tools:
    
       - Add option --nostricthostkeychecking to spacewalk-ssh-push-init
       - Strip SSL Certificate Common Name after 63 Characters (bsc#1173535)
    
       spacewalk-java:
    
       - Use the Salt API in authenticated and encrypted form (bsc#1175884,
         CVE-2020-8028)
       - Fix EntityExistsException on migration from traditional to salt minion
         via proxy (bsc#1175556)
       - Use media.1/products from media when not specified different
         (bsc#1175558)
       - Fix: use quiet API method when using spacewalk-common-channels
         (bsc#1175529)
       - Fix alignment on icon on entitlement page
       - Reset the server path on minion registration (bsc#1174254)
       - Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)
       - Fix error when rolling back a system to a snapshot (bsc#1173997)
       - Avoid deadlock when syncing channels and registering minions at the same
         time (bsc#1173566)
       - Provide comps.xml and modules.yaml when using onlinerepo for kickstart
       - Set CPU and memory info for virtual instances (bsc#1170244)
       - Change system list header text to something better (bsc#1173982)
    
       spacewalk-setup:
    
       - Use the Salt API in authenticated and encrypted form (bsc#1175884,
         CVE-2020-8028)
    
       spacewalk-utils:
    
       - Avoid exceptions on the logs when looking for channels that do not exist
         (bsc#1175529)
    
       spacewalk-web:
    
       - Fix login page after jQuery upgrade (bsc#1175224)
       - Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)
       - Warn when a system is in multiple groups that configure the same formula
         in the system formula's UI (bsc#1173554)
    
       susemanager:
    
       - Define bootstrap repo data for SUSE Manager Proxies (bsc#1174470)
    
       susemanager-frontend-libs:
    
       - Upgrade jquery to 3.5.1 - CVE-2020-11022 (bsc#1172831)
    
       susemanager-schema:
    
       - Prevent a deadlock error involving delete_server and update_needed_cache
         (bsc#1173073)
    
       susemanager-sls:
    
       - Fix the dnf plugin to add the token to the HTTP header (bsc#1175724)
       - Fix reporting of missing products in product.all_installed (bsc#1165829)
       - Require PyYAML version >= 5.1
       - Get redhat-release only when it is not a symlink
       - Fix: supply a dnf base when dealing w/repos (bsc#1172504)
       - Fix: autorefresh in repos is zypper-only
    
       susemanager-sync-data:
    
       - Remove version from centos and oracle linux identifier (bsc#1173584)
    
       virtualization-host-formula:
    
       - Update to version 0.5
         - Ensure kernel-default and libvirt-python3 are installed
         - Set bridge network as default
         - Fix conditionals (bsc#1175791)
    
       How to apply this update: 1. Log in as root user to the SUSE Manager
       server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the
       patch using either zypper patch or YaST Online Update. 4. Upgrade the
       database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service:
       spacewalk-service start
    
    
    Patch Instructions:
    
       To install this SUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - SUSE Linux Enterprise Module for SUSE Manager Server 4.0:
    
          zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2020-2650=1
    
       - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0:
    
          zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.0-2020-2650=1
    
    
    
    Package List:
    
       - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (ppc64le s390x x86_64):
    
          openvpn-formula-0.1.1-4.6.2
          susemanager-4.0.28-3.36.3
          susemanager-tools-4.0.28-3.36.3
    
       - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch):
    
          hibernate5-5.3.7-4.3.2
          image-sync-formula-0.1.1595937550.0285244-3.20.2
          prometheus-exporters-formula-0.7.1-3.10.2
          python3-spacewalk-certs-tools-4.0.17-3.21.3
          salt-netapi-client-0.17.0-4.6.3
          saltboot-formula-0.1.1595937550.0285244-3.19.2
          spacecmd-4.0.20-3.19.2
          spacewalk-admin-4.0.11-3.12.1
          spacewalk-base-4.0.23-3.30.3
          spacewalk-base-minimal-4.0.23-3.30.3
          spacewalk-base-minimal-config-4.0.23-3.30.3
          spacewalk-certs-tools-4.0.17-3.21.3
          spacewalk-html-4.0.23-3.30.3
          spacewalk-java-4.0.37-3.39.1
          spacewalk-java-config-4.0.37-3.39.1
          spacewalk-java-lib-4.0.37-3.39.1
          spacewalk-java-postgresql-4.0.37-3.39.1
          spacewalk-setup-4.0.14-3.14.1
          spacewalk-taskomatic-4.0.37-3.39.1
          spacewalk-utils-4.0.18-3.21.3
          susemanager-frontend-libs-4.0.2-4.3.2
          susemanager-schema-4.0.22-3.29.2
          susemanager-sls-4.0.29-3.31.3
          susemanager-sync-data-4.0.18-3.24.2
          susemanager-web-libs-4.0.23-3.30.3
          virtualization-host-formula-0.5-4.12.3
    
       - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (noarch):
    
          python3-spacewalk-certs-tools-4.0.17-3.21.3
          spacecmd-4.0.20-3.19.2
          spacewalk-base-minimal-4.0.23-3.30.3
          spacewalk-base-minimal-config-4.0.23-3.30.3
          spacewalk-certs-tools-4.0.17-3.21.3
          spacewalk-proxy-broker-4.0.14-3.10.3
          spacewalk-proxy-common-4.0.14-3.10.3
          spacewalk-proxy-management-4.0.14-3.10.3
          spacewalk-proxy-package-manager-4.0.14-3.10.3
          spacewalk-proxy-redirect-4.0.14-3.10.3
          spacewalk-proxy-salt-4.0.14-3.10.3
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2019-14900.html
       https://www.suse.com/security/cve/CVE-2020-11022.html
       https://www.suse.com/security/cve/CVE-2020-8028.html
       https://bugzilla.suse.com/1136857
       https://bugzilla.suse.com/1165829
       https://bugzilla.suse.com/1167907
       https://bugzilla.suse.com/1169664
       https://bugzilla.suse.com/1170244
       https://bugzilla.suse.com/1171281
       https://bugzilla.suse.com/1172079
       https://bugzilla.suse.com/1172279
       https://bugzilla.suse.com/1172504
       https://bugzilla.suse.com/1172831
       https://bugzilla.suse.com/1173073
       https://bugzilla.suse.com/1173535
       https://bugzilla.suse.com/1173554
       https://bugzilla.suse.com/1173566
       https://bugzilla.suse.com/1173584
       https://bugzilla.suse.com/1173982
       https://bugzilla.suse.com/1173997
       https://bugzilla.suse.com/1174201
       https://bugzilla.suse.com/1174254
       https://bugzilla.suse.com/1174470
       https://bugzilla.suse.com/1175224
       https://bugzilla.suse.com/1175529
       https://bugzilla.suse.com/1175555
       https://bugzilla.suse.com/1175556
       https://bugzilla.suse.com/1175558
       https://bugzilla.suse.com/1175724
       https://bugzilla.suse.com/1175791
       https://bugzilla.suse.com/1175884
       https://bugzilla.suse.com/1175889
    
    _______________________________________________
    sle-security-updates mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://lists.suse.com/mailman/listinfo/sle-security-updates
    

    Advisories

    LinuxSecurity Poll

    Which aspect of server security are you most interested in learning more about?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/38-which-aspect-of-server-security-are-you-most-interested-in-learning-more-about?task=poll.vote&format=json
    38
    radio
    [{"id":"131","title":"Preventing information leakage","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"132","title":"Firewall considerations","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"133","title":"Permissions ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.