Linux Security
    Linux Security
    Linux Security

    SUSE: 2020:3466-1 moderate: SUSE Manager Server 4.0

    Date 20 Nov 2020
    294
    Posted By LinuxSecurity Advisories
    An update that solves two vulnerabilities and has 12 fixes is now available.
    
       SUSE Security Update: Security update for SUSE Manager Server 4.0
    ______________________________________________________________________________
    
    Announcement ID:    SUSE-SU-2020:3466-1
    Rating:             moderate
    References:         #1144447 #1172079 #1173199 #1175739 #1175876 
                        #1175987 #1176074 #1176172 #1177336 #1177435 
                        #1177790 #1178060 #1178145 #1178195 
    Cross-References:   CVE-2018-10936 CVE-2020-13692
    Affected Products:
                        SUSE Linux Enterprise Module for SUSE Manager Server 4.0
    ______________________________________________________________________________
    
       An update that solves two vulnerabilities and has 12 fixes
       is now available.
    
    Description:
    
    
       This update fixes the following issues:
    
       bind-formula:
    
       - Temporarily disable dnssec-validation as hotfix for bsc#1177790
       - Update to version 0.1.1603299886.60e4bcf
    
       grafana-formula:
    
       - Use variable for product name
       - Add support for system groups in Client Systems dashboard
    
       postgresql-jdbc:
    
       - Address CVE-2020-13692 (bsc#1172079)
       - Add patch:
       - Major changes since 9.4-1200:
         * License changed to BSD-2-Clause and BSD-3-Clause and Apache-2.0
         * Support PostgreSQL 9.5, 9.6, 10 11 and 12 added
         * Support for PostgreSQL versions below 8.2 was dropped
         * Support for JDK8, JDK9, JDK10, JDK11 and JDK12
         * Support for JDK 1.4 and 1.5 was dropped
         * Support for JDBC 4.2 added
         * Add maxResultBuffer property
         * Add caller push of binary data
         * Read only transactions
         * pkcs12 key functionality
         * New "escapeSyntaxCallMode" connection property
         * Connection property to limit server error detail in exception
           exceptions
         * CancelQuery() to PGConnection public interface
         * Support for large update counts (JDBC 4.2)
         * Add Binary Support for Oid.NUMERIC and Oid.NUMERIC_ARRAY
         * Expose parameter status messages (GUC_REPORT) to the user
         * Log ignoring rollback when no transaction in progress
         * Map inet type to InetAddress
         * Change ISGENERATED to ISGENERATEDCOLUMN as per spec
         * Support temporary replication slots in ReplicationCreateSlotBuilder
         * Return function (PostgreSQL 11) columns in
           PgDatabaseMetaData#getFunctionColumns
         * Return information on create replication slot, now the snapshot_name
           is exported to allow a consistent snapshot in some uses cases
         * `ssl=true` implies `sslmode=verify-full`, that is it requires valid
           server certificate
         * Support for `sslmode=allow/prefer/require`
         * Added server hostname verification for non-default SSL factories in
           `sslmode=verify-full` (CVE-2018-10936)
         * PreparedStatement.setNull(int parameterIndex, int t, String typeName)
           no longer ignores the typeName argument if it is not setNull
         * Reduce the severity of the error log messages when an exception is
           re-thrown. The error will be thrown to caller to be dealt with so no
           need to log at this verbosity by pgjdbc
         * Deprecate Fastpath API PR 903
         * Support parenthesis in {oj ...} JDBC escape syntax
         * socksProxyHost is ignored in case it contains empty string
         * Support SCRAM-SHA-256 for PostgreSQL 10 in the JDBC 4.2 version (Java
           8+) using the Ongres SCRAM library
         * Make SELECT INTO and CREATE TABLE AS return row counts to the client
           in their command tags
         * Support Subject Alternative Names for SSL connections
         * Support isAutoIncrement metadata for PostgreSQL 10 IDENTITY column
         * Support for primitive arrays PR 887 3e0491a
         * Implement support for get/setNetworkTimeout() in connections
         * Make GSS JAAS login optional, add an option "jaasLogin"
         * Improve behaviour of ResultSet.getObject(int, Class)
         * Parse CommandComplete message using a regular expression, allows
           complete catch of server returned commands for INSERT, UPDATE, DELETE,
           SELECT, FETCH, MOVE,COPY and future commands.
         * Use 'time with timezone' and 'timestamp with timezone' as is and
           ignore the user provided Calendars, 'time' and 'timestamp' work as
           earlier except "00:00:00" now maps to 1970-01-01 and "24:00:00" uses
           the system provided Calendar ignoring the user-provided one
         * Change behaviour of multihost connection. The new behaviour is to try
           all secondaries first before trying the master
         * Drop support for the (insecure) crypt authentication method
         * slave and preferSlave values for the targetServerType connection
           property have been deprecated in favour of secondary and
           preferSecondary respectively
         * Statements with non-zero fetchSize no longer require server-side named
           handle. This might cause issues when using old PostgreSQL versions
           (pre-8.4)+fetchSize+interleaved ResultSet processing combo
         * Better logic for returning keyword detection. Previously, pgjdbc could
           be defeated by column names that contain returning, so pgjdbc failed
           to "return generated keys" as it considered statement as already
           having returning keyword
         * Use server-prepared statements for batch inserts when
           prepareThreshold>0. This enables batch to use server-prepared from the
           first executeBatch() execution (previously it waited for
           prepareThreshold executeBatch() calls)
         * Replication protocol API was added: replication API documentation
         * java.util.logging is now used for logging: logging documentation
         * Add support for PreparedStatement.setCharacterStream(int, Reader)
         * Ensure executeBatch() can be used with pgbouncer. Previously pgjdbc
           could use server-prepared statements for batch execution even with
           prepareThreshold=0
         * Error position is displayed when SQL has unterminated literals,
           comments, etc
         * Strict handling of accepted values in getBoolean and
           setObject(BOOLEAN), now it follows PostgreSQL accepted values, only 1
           and 0 for numeric types are acepted (previusly !=0 was true)
         * Deprecated PGPoolingDataSource, instead of this class you should use a
           fully featured connection pool like HikariCP, vibur-dbcp,
           commons-dbcp, c3p0, etc
         * 'current transaction is aborted' exception includes the original
           exception via caused-by chain
         * Better support for RETURNGENERATEDKEYS, statements with RETURNING
           clause
         * Avoid user-visible prepared-statement errors if client uses
           DEALLOCATE/DISCARD statements (invalidate cache when those statements
           detected)
         * Avoid user-visible prepared-statement errors if client changes
           searchpath (invalidate cache when set searchpath detected)
         * Support comments when replacing {fn ...} JDBC syntax
         * Support for Types.REF_CURSOR
         * Performance optimization for timestamps (~TimeZone.getDefault
           optimization)
         * Ability to customize socket factory (e.g. for unix domain sockets)
         * Ignore empty sub-queries in composite queries
         * Add equality support to PSQLState
         * Improved composite/array type support and type naming changes.
       - Update to version 42.2.10
         *
       https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.10
    
       - Update to version 42.2.9
         * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.9
       - Update to version 42.2.8
         * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.8
       - Update to version 42.2.7
         * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.7
       - Update to version 42.2.6
         * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.6
       - Update to version 42.2.5
         * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.5
       - Update to version 42.2.4
         * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.4
       - Update to version 42.2.3
         * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.3
       - Update to version 42.2.2
         * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.2
       - Update to version 42.2.1
         * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.1
       - Update to version 42.2.0
         * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.0
       - Update to version 42.1.4
         * https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.4
       - Update to version 42.1.3
         * https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.3
       - Update to version 42.1.2
         * https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.2
       - Update to version 42.1.1
         * https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.1
       - Update to version 42.1.0
         * https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.1
       - Update to version 42.2.0
         * https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.0
       - Update to version 9.4.1211
         *
       https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1211
    
       - Update to version 9.4.1210
         *
       https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1210
    
       - Update to version 9.4.1209
         *
       https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1209
    
       - Update to version 9.4.1208
         *
       https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1208
    
       - Update to version 9.4.1207
         *
       https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1207
    
       - Update to version 9.4.1206
         *
       https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1206
    
       - Update to version 9.4.1205
         *
       https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1204
    
       - Update to version 9.4.1204
         *
       https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1204
    
       - Update to version 9.4.1203
         *
       https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1203
    
       - Update to version 9.4.1202
         *
       https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1202
    
       - Update to version 9.4.1201
         *
       https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1201
    
    
       prometheus-exporters-formula:
    
       - Fix empty directory values initialization
       - Disable reverse proxy on default
    
       prometheus-formula:
    
       - Update to version 0.2.3
       - Disable Alertmanager clustering (bsc#1178145)
       - Update to version 0.2.2
       - Use variable for product name
    
       salt-netapi-client:
    
       - Version 0.18.0 See:
         https://github.com/SUSE/salt-netapi-client/releases/tag/v0.18.0
    
       spacewalk-admin:
    
       - Use the license macro to mark the LICENSE in the package so that when
         installing without docs, it does install the LICENSE file
       - Prevent javax.net.ssl.SSLHandshakeException after upgrading from SUSE
         Manager 3.2 (bsc#1177435)
    
       spacewalk-backend:
    
       - ISS: Differentiate packages with same nevra but different checksum in
         the same channel (bsc#1178195)
       - Fix unique machine_id detection (bsc#1176074)
    
       spacewalk-java:
    
       - Revert: Sync state modules when starting action chain execution
         (bsc#1177336)
       - Sync state modules when starting action chain execution (bsc#1177336)
       - Fix repo url of AppStream in generated RHEL/Centos 8 kickstart file
         (bsc#1175739)
       - Log token verify errors and check for expired tokens
       - Execute Salt SSH actions in parallel (bsc#1173199)
       - Take pool and volume from Salt virt.vm_info for files and blocks disks
         (bsc#1175987)
       - Fix action chain resuming when patches updating salt-minion don't cause
         service to be restarted (bsc#1144447)
       - Renaming autoinstall distro didn't change the name of the Cobbler distro
         (bsc#1175876)
    
       spacewalk-web:
    
       - Fix link to documentation in Admin -> Manager Configuration ->
         Monitoring (bsc#1176172)
       - Don't allow selecting spice for Xen PV and PVH guests
    
       susemanager:
    
       - Add --force to mgr-create-bootstrap-repo to enforce generation even when
         some products are not synchronized
    
       susemanager-schema:
    
       - Execute Salt SSH actions in parallel (bsc#1173199)
    
       susemanager-sls:
    
       - Revert: Sync state modules when starting action chain execution
         (bsc#1177336)
       - Sync state modules when starting action chain execution (bsc#1177336)
       - Fix grub2 autoinstall kernel path (bsc#1178060)
       - Move channel token information from sources.list to auth.conf on Debian
         10 and Ubuntu 18 and newer
       - Fix action chain resuming when patches updating salt-minion don't cause
         service to be restarted (bsc#1144447)
       - Make grub2 autoinstall kernel path relative to the boot partition root
         (bsc#1175876)
    
       How to apply this update: 1. Log in as root user to the SUSE Manager
       server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the
       patch using either zypper patch or YaST Online Update. 4. Upgrade the
       database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service:
       spacewalk-service start
    
    
    Patch Instructions:
    
       To install this SUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - SUSE Linux Enterprise Module for SUSE Manager Server 4.0:
    
          zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2020-3466=1
    
    
    
    Package List:
    
       - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (ppc64le s390x x86_64):
    
          susemanager-4.0.32-3.46.1
          susemanager-tools-4.0.32-3.46.1
    
       - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch):
    
          bind-formula-0.1.1603299886.60e4bcf-3.11.1
          grafana-formula-0.2.2-4.13.1
          postgresql-jdbc-42.2.10-3.3.1
          prometheus-exporters-formula-0.7.5-3.16.1
          prometheus-formula-0.2.3-4.16.1
          python3-spacewalk-backend-libs-4.0.35-3.38.1
          salt-netapi-client-0.18.0-4.12.1
          spacewalk-admin-4.0.12-3.15.1
          spacewalk-backend-4.0.35-3.38.1
          spacewalk-backend-app-4.0.35-3.38.1
          spacewalk-backend-applet-4.0.35-3.38.1
          spacewalk-backend-config-files-4.0.35-3.38.1
          spacewalk-backend-config-files-common-4.0.35-3.38.1
          spacewalk-backend-config-files-tool-4.0.35-3.38.1
          spacewalk-backend-iss-4.0.35-3.38.1
          spacewalk-backend-iss-export-4.0.35-3.38.1
          spacewalk-backend-package-push-server-4.0.35-3.38.1
          spacewalk-backend-server-4.0.35-3.38.1
          spacewalk-backend-sql-4.0.35-3.38.1
          spacewalk-backend-sql-postgresql-4.0.35-3.38.1
          spacewalk-backend-tools-4.0.35-3.38.1
          spacewalk-backend-xml-export-libs-4.0.35-3.38.1
          spacewalk-backend-xmlrpc-4.0.35-3.38.1
          spacewalk-base-4.0.25-3.36.1
          spacewalk-base-minimal-4.0.25-3.36.1
          spacewalk-base-minimal-config-4.0.25-3.36.1
          spacewalk-html-4.0.25-3.36.1
          spacewalk-java-4.0.40-3.48.2
          spacewalk-java-config-4.0.40-3.48.2
          spacewalk-java-lib-4.0.40-3.48.2
          spacewalk-java-postgresql-4.0.40-3.48.2
          spacewalk-taskomatic-4.0.40-3.48.2
          susemanager-schema-4.0.23-3.32.1
          susemanager-sls-4.0.31-3.37.1
          susemanager-web-libs-4.0.25-3.36.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2018-10936.html
       https://www.suse.com/security/cve/CVE-2020-13692.html
       https://bugzilla.suse.com/1144447
       https://bugzilla.suse.com/1172079
       https://bugzilla.suse.com/1173199
       https://bugzilla.suse.com/1175739
       https://bugzilla.suse.com/1175876
       https://bugzilla.suse.com/1175987
       https://bugzilla.suse.com/1176074
       https://bugzilla.suse.com/1176172
       https://bugzilla.suse.com/1177336
       https://bugzilla.suse.com/1177435
       https://bugzilla.suse.com/1177790
       https://bugzilla.suse.com/1178060
       https://bugzilla.suse.com/1178145
       https://bugzilla.suse.com/1178195
    

    LinuxSecurity Poll

    How long have you been using Linux?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/46-how-long-have-you-been-using-linux?task=poll.vote&format=json
    46
    radio
    [{"id":"160","title":"Just made the switch!","votes":"1","type":"x","order":"1","pct":14.29,"resources":[]},{"id":"161","title":"1-5 years","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"162","title":"6-10 years","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"163","title":">10 years - I'm a veteran!","votes":"6","type":"x","order":"4","pct":85.71,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.