SUSE: 2020:2650-1 moderate: SUSE Manager Proxy 4.0
Summary
This update fixes the following issues: spacecmd: - Python3 fixes for errata in spacecmd (bsc#1169664) - Python3 fix for sorted usage (bsc#1167907) - Fix softwarechannel_listlatestpackages throwing error on empty channels (bsc#1175889) - Fix escaping of package names (bsc#1171281) spacewalk-certs-tools: - Add option --nostricthostkeychecking to spacewalk-ssh-push-init - Strip SSL Certificate Common Name after 63 Characters (bsc#1173535) spacewalk-proxy: - Python3 fix for loading pickle file during kickstart procedure (bsc#1174201) spacewalk-web: - Fix login page after jQuery upgrade (bsc#1175224) - Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831) - Warn when a system is in multiple groups that configure the same formula in the system formula's UI (bsc#1173554) How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.0-2020-2650=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (noarch): python3-spacewalk-certs-tools-4.0.17-3.21.3 spacecmd-4.0.20-3.19.2 spacewalk-base-minimal-4.0.23-3.30.3 spacewalk-base-minimal-config-4.0.23-3.30.3 spacewalk-certs-tools-4.0.17-3.21.3 spacewalk-proxy-broker-4.0.14-3.10.3 spacewalk-proxy-common-4.0.14-3.10.3 spacewalk-proxy-management-4.0.14-3.10.3 spacewalk-proxy-package-manager-4.0.14-3.10.3 spacewalk-proxy-redirect-4.0.14-3.10.3 spacewalk-proxy-salt-4.0.14-3.10.3
References
#1167907 #1169664 #1171281 #1172831 #1173535
#1173554 #1174201 #1175224 #1175889
Cross- CVE-2020-11022
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0
https://www.suse.com/security/cve/CVE-2020-11022.html
https://bugzilla.suse.com/1167907
https://bugzilla.suse.com/1169664
https://bugzilla.suse.com/1171281
https://bugzilla.suse.com/1172831
https://bugzilla.suse.com/1173535
https://bugzilla.suse.com/1173554
https://bugzilla.suse.com/1174201
https://bugzilla.suse.com/1175224
https://bugzilla.suse.com/1175889