SUSE Security Update: Security update for SUSE Manager Proxy 4.0
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:2650-1
Rating:             moderate
References:         #1167907 #1169664 #1171281 #1172831 #1173535 
                    #1173554 #1174201 #1175224 #1175889 
Cross-References:   CVE-2020-11022
Affected Products:
                    SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0
______________________________________________________________________________

   An update that solves one vulnerability and has 8 fixes is
   now available.

Description:


   This update fixes the following issues:

   spacecmd:

   - Python3 fixes for errata in spacecmd (bsc#1169664)
   - Python3 fix for sorted usage (bsc#1167907)
   - Fix softwarechannel_listlatestpackages throwing error on empty channels
     (bsc#1175889)
   - Fix escaping of package names (bsc#1171281)

   spacewalk-certs-tools:

   - Add option --nostricthostkeychecking to spacewalk-ssh-push-init
   - Strip SSL Certificate Common Name after 63 Characters (bsc#1173535)

   spacewalk-proxy:

   - Python3 fix for loading pickle file during kickstart procedure
     (bsc#1174201)

   spacewalk-web:

   - Fix login page after jQuery upgrade (bsc#1175224)
   - Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)
   - Warn when a system is in multiple groups that configure the same formula
     in the system formula's UI (bsc#1173554)

   How to apply this update: 1. Log in as root user to the SUSE Manager
   proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch
   using either zypper patch or YaST Online Update. 4. Start the Spacewalk
   service: spacewalk-proxy start


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0:

      zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.0-2020-2650=1



Package List:

   - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (noarch):

      python3-spacewalk-certs-tools-4.0.17-3.21.3
      spacecmd-4.0.20-3.19.2
      spacewalk-base-minimal-4.0.23-3.30.3
      spacewalk-base-minimal-config-4.0.23-3.30.3
      spacewalk-certs-tools-4.0.17-3.21.3
      spacewalk-proxy-broker-4.0.14-3.10.3
      spacewalk-proxy-common-4.0.14-3.10.3
      spacewalk-proxy-management-4.0.14-3.10.3
      spacewalk-proxy-package-manager-4.0.14-3.10.3
      spacewalk-proxy-redirect-4.0.14-3.10.3
      spacewalk-proxy-salt-4.0.14-3.10.3


References:

   https://www.suse.com/security/cve/CVE-2020-11022.html
   https://bugzilla.suse.com/1167907
   https://bugzilla.suse.com/1169664
   https://bugzilla.suse.com/1171281
   https://bugzilla.suse.com/1172831
   https://bugzilla.suse.com/1173535
   https://bugzilla.suse.com/1173554
   https://bugzilla.suse.com/1174201
   https://bugzilla.suse.com/1175224
   https://bugzilla.suse.com/1175889

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates

SUSE: 2020:2650-1 moderate: SUSE Manager Proxy 4.0

September 16, 2020
An update that solves one vulnerability and has 8 fixes is now available

Summary

This update fixes the following issues: spacecmd: - Python3 fixes for errata in spacecmd (bsc#1169664) - Python3 fix for sorted usage (bsc#1167907) - Fix softwarechannel_listlatestpackages throwing error on empty channels (bsc#1175889) - Fix escaping of package names (bsc#1171281) spacewalk-certs-tools: - Add option --nostricthostkeychecking to spacewalk-ssh-push-init - Strip SSL Certificate Common Name after 63 Characters (bsc#1173535) spacewalk-proxy: - Python3 fix for loading pickle file during kickstart procedure (bsc#1174201) spacewalk-web: - Fix login page after jQuery upgrade (bsc#1175224) - Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831) - Warn when a system is in multiple groups that configure the same formula in the system formula's UI (bsc#1173554) How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.0-2020-2650=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (noarch): python3-spacewalk-certs-tools-4.0.17-3.21.3 spacecmd-4.0.20-3.19.2 spacewalk-base-minimal-4.0.23-3.30.3 spacewalk-base-minimal-config-4.0.23-3.30.3 spacewalk-certs-tools-4.0.17-3.21.3 spacewalk-proxy-broker-4.0.14-3.10.3 spacewalk-proxy-common-4.0.14-3.10.3 spacewalk-proxy-management-4.0.14-3.10.3 spacewalk-proxy-package-manager-4.0.14-3.10.3 spacewalk-proxy-redirect-4.0.14-3.10.3 spacewalk-proxy-salt-4.0.14-3.10.3

References

#1167907 #1169664 #1171281 #1172831 #1173535

#1173554 #1174201 #1175224 #1175889

Cross- CVE-2020-11022

Affected Products:

SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0

https://www.suse.com/security/cve/CVE-2020-11022.html

https://bugzilla.suse.com/1167907

https://bugzilla.suse.com/1169664

https://bugzilla.suse.com/1171281

https://bugzilla.suse.com/1172831

https://bugzilla.suse.com/1173535

https://bugzilla.suse.com/1173554

https://bugzilla.suse.com/1174201

https://bugzilla.suse.com/1175224

https://bugzilla.suse.com/1175889

Severity
Announcement ID: SUSE-SU-2020:2650-1
Rating: moderate

Related News

19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved