SUSE: 2020:3235-1 moderate: SUSE Manager Server 4.1
Summary
This update fixes the following issues: bind-formula: - Temporarily disable dnssec-validation as hotfix for bsc#1177790 grafana-formula: - Use variable for product name - Add HA/SAP dashboards - Add support for system groups in Client Systems dashboard image-sync-formula: - Do not use .gz suffix for default initrd symlink - Keep the old symlink "initrd.gz" for compatibility prometheus-exporters-formula: - Fix empty directory values initialization - Add systemd collector as default for node_exporters since otherwise some SAP/HA grafana dashboards will be empty - Disable reverse proxy on default prometheus-formula: - Disable Alertmanager clustering (bsc#1178145) - Use variable for product name pxe-formula: - Change default to "initrd" without .gz suffix py26-compat-salt: - Properly validate eauth credentials and tokens on SSH calls made by Salt API (bsc#1178319, bsc#1178362, bsc#1178361, CVE-2020-25592, CVE-2020-17490, CVE-2020-16846) python-susemanager-retail: - Use name "initrd" without .gz suffix salt-netapi-client: - Version 0.18.0 See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.18.0 saltboot-formula: - Allow setting terminal kernel parameters in saltboot formula spacecmd: - Python3 fixes for errata in spacecmd (bsc#1169664) - Added support for i18n of user-facing strings - Python3 fix for sorted usage (bsc#1167907) spacewalk-admin: - Show info message when applying schema upgrade spacewalk-backend: - Prevent IntegrityError during mgr-inter-sync execution (bsc#1177235) spacewalk-branding: - Enable to switch to multiple webUI theme spacewalk-client-tools: - Remove RH references in Python/Ruby localization and use the product name instead spacewalk-java: - Use correct eauth module and credentials for Salt SSH calls (bsc#1178319) - Remove expiration date from ics files (bsc#1177892) - Execute Salt SSH actions in parallel (bsc#1173199) - Enable to switch to multiple webUI theme - Fix action chain resuming when patches updating salt-minion don't cause service to be restarted (bsc#1144447) - Renaming autoinstall distro didn't change the name of the Cobbler distro (bsc#1175876) - Fix the links for downloading the binaries in the package details UI (bsc#1176603) - Allow nightly ISS sync to also cover custom channels - Fix: reinspecting a container image (bsc#1177092) - Add power management xmlrpc api - Remove hostname from /var/lib/salt/.ssh/known_hosts when deleting system (bsc#1176159) - Log exception trace on fatal Taskomatic startup error - Fix max password length check at user creation (bsc#1176765) - Notify about missing libvirt or hypervisor on virtual host - Redesign maintenance schedule systems table to use paginated data from server - Fix SP migration after dry run for cloned channels (bsc#1176307) - Filter not available optional channels out spacewalk-search: - Change default maximum memory to 512 MB, preventing OutOfMemoryError spacewalk-web: - Enable to switch to multiple webUI theme - Only refresh the virtual storage list when pool events are received - Drop node-fetch to fix CVE-2020-15168 - Notify about missing libvirt or hypervisor on virtual host - Redesign maintenance schedule systems table to use paginated data from server susemanager: - Create bootstrap repo should not flush by default (bsc#1175843) - Improve detection of base channels for products (bsc#1177478) - Add LTSS PIDs for SLE12SP1, SLE12SP2, SLE12SP3 and SLE12SP4 to the bootstrap definitions as some packages from LTSS are required (bsc#1177524) - Fix logrotate config - Add missing packages to ubuntu20.04 bootstrap data (bsc#1176629) susemanager-build-keys: - Replace "SuSE" user-facing references with "SUSE" susemanager-doc-indexes: - Documented zypper autorefresh feature in Upgrade Guide - Update SP Migration chapter in Client Configuration Guide - In Client Configuration and Upgrade Guide, add link to valid autoyast upgrade settings - Move client upgrade related sections from Reference and Upgrade Guide to Client Configuration Guide - Updated Requirements chapter in Installation Guide. - Edits OpenSCAP section in Admin Guide (bsc#1176413) - Updated Terminology section in Salt Guide - Added on-demand images content to Install Guide - Adds webUI locale choice to Ref & Admin Guides - Adds new System Types section to Client Cfg - Updates supported client matrix in Install Guide - Add note about log file to Upgrade Guide - Removes outdated content from Activation Keys section (bsc#1177396) - Adds note about PAM Auth during migration (bsc#1177730) - Fixed broken table in admin guide susemanager-docs_en: - Documented zypper autorefresh feature in Upgrade Guide - Update SP Migration chapter in Client Configuration Guide - In Client Configuration and Upgrade Guide, add link to valid autoyast upgrade settings - Move client upgrade related sections from Reference and Upgrade Guide to Client Configuration Guide - Updated Requirements chapter in Installation Guide. - Edits OpenSCAP section in Admin Guide (bsc#1176413) - Updated Terminology section in Salt Guide - Added on-demand images content to Install Guide - Adds webUI locale choice to Ref & Admin Guides - Adds new System Types section to Client Cfg - Updates supported client matrix in Install Guide - Add note about log file to Upgrade Guide - Removes outdated content from Activation Keys section (bsc#1177396) - Adds note about PAM Auth during migration (bsc#1177730) - Fixed broken table in admin guide susemanager-schema: - Add web_theme user preferences column (bsc#1178204) - Execute Salt SSH actions in parallel (bsc#1173199) - Show info message when applying schema upgrade susemanager-sls: - Fix action chain resuming when patches updating salt-minion don't cause service to be restarted (bsc#1144447) - Make grub2 autoinstall kernel path relative to the boot partition root (bsc#1175876) - Move channel token information from sources.list to auth.conf on Debian 10 and Ubuntu 18 and newer - Add support for activation keys on server configuration Salt modules - Ensure the yum/dnf plugins are enabled - Remove hostname from /var/lib/salt/.ssh/known_hosts when deleting system (bsc#1176159) - Fix grub2 autoinstall kernel path (bsc#1178060) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2020-3235=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2020-3235=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (ppc64le s390x x86_64): spacewalk-branding-4.1.11-3.9.6 susemanager-4.1.21-3.11.6 susemanager-tools-4.1.21-3.11.6 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): bind-formula-0.1.1603299886.60e4bcf-3.3.2 grafana-formula-0.3.0-3.3.2 image-sync-formula-0.1.1602150122.f08af0a-3.6.2 prometheus-exporters-formula-0.8.0-3.16.2 prometheus-formula-0.3.0-3.3.1 pxe-formula-0.1.1602490840.4f32148-3.3.2 py26-compat-salt-2016.11.10-6.3.3 python3-spacewalk-client-tools-4.1.7-4.6.4 python3-susemanager-retail-1.0.1602150122.f08af0a-3.3.2 salt-netapi-client-0.18.0-15.7.5 saltboot-formula-0.1.1602150122.f08af0a-3.6.2 spacecmd-4.1.8-4.9.2 spacewalk-admin-4.1.7-3.6.3 spacewalk-backend-4.1.16-4.11.5 spacewalk-backend-app-4.1.16-4.11.5 spacewalk-backend-applet-4.1.16-4.11.5 spacewalk-backend-config-files-4.1.16-4.11.5 spacewalk-backend-config-files-common-4.1.16-4.11.5 spacewalk-backend-config-files-tool-4.1.16-4.11.5 spacewalk-backend-iss-4.1.16-4.11.5 spacewalk-backend-iss-export-4.1.16-4.11.5 spacewalk-backend-package-push-server-4.1.16-4.11.5 spacewalk-backend-server-4.1.16-4.11.5 spacewalk-backend-sql-4.1.16-4.11.5 spacewalk-backend-sql-postgresql-4.1.16-4.11.5 spacewalk-backend-tools-4.1.16-4.11.5 spacewalk-backend-xml-export-libs-4.1.16-4.11.5 spacewalk-backend-xmlrpc-4.1.16-4.11.5 spacewalk-base-4.1.19-3.9.5 spacewalk-base-minimal-4.1.19-3.9.5 spacewalk-base-minimal-config-4.1.19-3.9.5 spacewalk-client-tools-4.1.7-4.6.4 spacewalk-html-4.1.19-3.9.5 spacewalk-java-4.1.22-3.16.4 spacewalk-java-config-4.1.22-3.16.4 spacewalk-java-lib-4.1.22-3.16.4 spacewalk-java-postgresql-4.1.22-3.16.4 spacewalk-search-4.1.3-3.3.7 spacewalk-taskomatic-4.1.22-3.16.4 susemanager-build-keys-15.2.2-3.6.3 susemanager-build-keys-web-15.2.2-3.6.3 susemanager-doc-indexes-4.1-11.17.1 susemanager-docs_en-4.1-11.17.1 susemanager-docs_en-pdf-4.1-11.17.1 susemanager-retail-tools-1.0.1602150122.f08af0a-3.3.2 susemanager-schema-4.1.15-3.11.2 susemanager-sls-4.1.17-3.13.6 susemanager-web-libs-4.1.19-3.9.5 uyuni-config-modules-4.1.17-3.13.6 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (noarch): mgr-daemon-4.1.3-2.6.3 python3-spacewalk-check-4.1.7-4.6.4 python3-spacewalk-client-setup-4.1.7-4.6.4 python3-spacewalk-client-tools-4.1.7-4.6.4 spacecmd-4.1.8-4.9.2 spacewalk-backend-4.1.16-4.11.5 spacewalk-base-minimal-4.1.19-3.9.5 spacewalk-base-minimal-config-4.1.19-3.9.5 spacewalk-check-4.1.7-4.6.4 spacewalk-client-setup-4.1.7-4.6.4 spacewalk-client-tools-4.1.7-4.6.4 susemanager-build-keys-15.2.2-3.6.3 susemanager-build-keys-web-15.2.2-3.6.3
References
#1144447 #1167907 #1169664 #1173199 #1175843
#1175876 #1176159 #1176307 #1176413 #1176603
#1176629 #1176765 #1177092 #1177235 #1177396
#1177478 #1177524 #1177730 #1177790 #1177892
#1178060 #1178145 #1178204 #1178319 #1178361
#1178362
Cross- CVE-2020-15168 CVE-2020-16846 CVE-2020-17490
CVE-2020-25592
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Server 4.1
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1
https://www.suse.com/security/cve/CVE-2020-15168.html
https://www.suse.com/security/cve/CVE-2020-16846.html
https://www.suse.com/security/cve/CVE-2020-17490.html
https://www.suse.com/security/cve/CVE-2020-25592.html
https://bugzilla.suse.com/1144447
https://bugzilla.suse.com/1167907
https://bugzilla.suse.com/1169664
https://bugzilla.suse.com/1173199
https://bugzilla.suse.com/1175843
https://bugzilla.suse.com/1175876
https://bugzilla.suse.com/1176159
https://bugzilla.suse.com/1176307
https://bugzilla.suse.com/1176413
https://bugzilla.suse.com/1176603
https://bugzilla.suse.com/1176629
https://bugzilla.suse.com/1176765
https://bugzilla.suse.com/1177092
https://bugzilla.suse.com/1177235
https://bugzilla.suse.com/1177396
https://bugzilla.suse.com/1177478
https://bugzilla.suse.com/1177524
https://bugzilla.suse.com/1177730
https://bugzilla.suse.com/1177790
https://bugzilla.suse.com/1177892
https://bugzilla.suse.com/1178060
https://bugzilla.suse.com/1178145
https://bugzilla.suse.com/1178204
https://bugzilla.suse.com/1178319
https://bugzilla.suse.com/1178361
https://bugzilla.suse.com/1178362