
   SUSE Security Update: Security update for SUSE Manager Server 4.1
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:3781-1
Rating:             moderate
References:         #1172079 #1172287 #1175607 #1175739 #1175987 
                    #1176172 #1176417 #1176898 #1177184 #1177336 
                    #1177435 #1177704 #1177706 #1177767 #1177975 
                    #1178195 #1178303 #1178503 #1178704 #1178839 
                    #1179257 #1179759 
Cross-References:   CVE-2020-13692
Affected Products:
                    SUSE Linux Enterprise Module for SUSE Manager Server 4.1
______________________________________________________________________________

   An update that solves one vulnerability and has 21 fixes is
   now available.

Description:

   This update fixes the following issues:

   image-sync-formula:

   - Send image_synced event to master

   postgresql-jdbc:

   - Address CVE-2020-13692 (bsc#1172079)

   pxe-yomi-image-sle15:

   - Update config.sh based on last JeOS template
   - Update JEOS_LOCALE to en_US.UTF-8
   - Support config{_url}{_name} for user provided configuration

   python-susemanager-retail:

   - Handle organizations in retail_create_delta

   saltboot-formula:

   - Support older SLE11 cryptsetup (bsc#1172287)
   - Use images with "synced" flag

   spacecmd:

   - Fix: make spacecmd build on Debian

   spacewalk-admin:

   - Use the license macro to mark the LICENSE in the package so that when
     installing without docs, it does install the LICENSE file
   - Prevent javax.net.ssl.SSLHandshakeException after upgrading from SUSE
     Manager 3.2 (bsc#1177435)

   spacewalk-backend:

   - Fix missing `LiteServer.add_suse_products` method (bsc#1178704)
   - Do not raise TypeError when processing SUSE products (bsc#1178704)
   - Fix spacewalk-repo-sync to successfully manage and sync ULN repositories
   - Fix errors in spacewalk-debug and align postgresql queries to new DB
     version
   - ISS: Differentiate packages with same nevra but different checksum in
     the same channel (bsc#1178195)
   - Re-enables possibility to use local repos with repo-sync (bsc#1175607)
   - Add `allow_vendor_change` option to rhn clients for dist upgrades

   spacewalk-certs-tools:

   - Improve check for correct CA trust store directory (bsc#1176417)

   spacewalk-client-tools:

   - Update translations

   spacewalk-java:

   - Update content sensitive help links
   - Update exception message in findSyncedMandatoryChannels
   - Report resolved module dependencies on CLM project details page
   - Allow creating custom ULN repositories with uln:// urls
   - Change message "Minion is down" to be more accurate
   - Localize documentation links
   - Temp: revert Sync state modules when starting action chain execution
     (bsc#1177336)
   - Fix check for available products on ISS Slaves (bsc#1177184)
   - XMLRPC: Report architecture label in the list of installed packages
     (bsc#1176898)
   - Get media.1/products for cloned channels (bsc#1178303)
   - Calculate size to truncate a history message based on the htmlified
     version (bsc#1178503)
   - Make image pillar visible only in buildhost organization
   - Maintain list of synced images in pillar
   - Enable validation of Content Lifecycle Management entities in the XMLRPC
     API (bsc#1177706)
   - Fix the order of the arguments in the XMLRPC API doc for
     contentmanagement.buildProject (bsc#1177704)
   - Fix repo url of AppStream in generated RHEL/Centos 8 kickstart file
     (bsc#1175739)
   - Log token verify errors and check for expired tokens
   - Show only kernel options in advanced autoinstallation page when working
     with a salt minion (bsc#1177767)
   - Show cluster upgrade plan in the upgrade UI
   - Take pool and volume from Salt virt.vm_info for files and blocks disks
     (bsc#1175987)
   - Add new allowVendorChange flag for dist upgrades
   - Sync state modules when starting action chain execution (bsc#1177336)
   - Enable redfish power management by default

   spacewalk-search:

   - Add multi lang support to the document search

   spacewalk-setup:

   - Add sock_pool_size setting by default for better performance

   spacewalk-web:

   - Update content sensitive help links
   - Fix mandatory channels JS API to finish loading in case of error
     (bsc#1178839)
   - Fix the search panel in CLM filters page
   - Localize documentation links
   - Fix link to documentation in Admin -> Manager Configuration ->
     Monitoring (bsc#1176172)
   - Show cluster upgrade plan in the upgrade UI
   - Don't allow selecting spice for Xen PV and PVH guests

   supportutils-plugin-susemanager:

   - Remove checks for obsolete packages
   - Gather new configfiles
   - Add more important informations

   susemanager:

   - Adapt Debian10 bootstrap repository definition for salt on Python 3
   - Add --force to mgr-create-bootstrap-repo to enforce generation even when
     some products are not synchronized

   susemanager-doc-indexes:

   - Added warning about local repositories in the Clients Configuration Guide
   - Removed duplicate contact method entry in Client Configuration Guide
   - Enabled upgrade section for SLE clients on Uyuni in Clients
     Configuration Guide
   - Added a section for working with bootstrap repositories and End of Life
     products in Client Configuration Guide
   - Added Salt Minion file contact method to Client Configuration Guide
   - Added Redfish to power management protocols section
   - Clarify that port 22 is required for the SUSE Manager server in the
     installation guide (bsc#1177975)
   - Added procedure for adding virtualization guests to the Client
     Configuration Guide
   - New guide added: Quickstart SAP Guide
   - Add multilang support

   susemanager-docs_en:

   - Added warning about local repositories in the Clients Configuration Guide
   - Removed duplicate contact method entry in Client Configuration Guide
   - Enabled upgrade section for SLE clients on Uyuni in Clients
     Configuration Guide
   - Added a section for working with bootstrap repositories and End of Life
     products in Client Configuration Guide
   - Added Salt Minion file contact method to Client Configuration Guide
   - Added Redfish to power management protocols section
   - Clarify that port 22 is required for the SUSE Manager server in the
     installation guide (bsc#1177975)
   - Added procedure for adding virtualization guests to the Client
     Configuration Guide
   - New guide added: Quickstart SAP Guide
   - Add multilang support

   mgr-libmod:

   - Fix `module not found` exception handling. (bsc#1179257)

   susemanager-frontend-libs:

   - Update Bootstrap to 3.1.0

   susemanager-schema:

   - Move dist upgrade SQL file to the correct directory so it gets picked up
     in schema upgrades (bsc#1179759)
   - Add `preferred_docs_locale` to UserInfo table
   - Add new column to rhnactiondup table for allowVendorChange flag

   susemanager-sls:

   - Fix: sync before start action chains (bsc#1177336)
   - Temp: revert Sync state modules when starting action chain execution
     (bsc#1177336)
   - Handle group- and org-specific image pillars   - Use require in reboot trigger (bsc#1177767)
   - Add pillar option to get allowVendorChange option during dist upgrade
   - Sync state modules when starting action chain execution (bsc#1177336)

   susemanager-sync-data:

   - Add new channel families for CAASP on ARM64 and HPC15 SP2 LTSS
   - Remove duplicate repo definition

   uyuni-cluster-provider-caasp:

   - Show the cluster upgrade plan in the UI

   yomi-formula:

   - Update to version 0.0.1+git.1604593202.a2c22bf:
     * storage: hide mountpoint if no filesystem
     * software: migrate repos as certs
     * software: add verify parameter
     * _grains: efi grains are in Salt now
     * software: transfer current repository
     * software: add repository options
     * lvm: fix indentation
     * partitioned: fix parted call and tests
   - Update to version 0.0.1+git.1601999695.6141130:
     * README: add user provided config
   - Update to version 0.0.1+git.1598948600.9a9eab0:
     * Replace fdisk with parted in partitioned

   How to apply this update: 1. Log in as root user to the SUSE Manager
   server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the
   patch using either zypper patch or YaST Online Update. 4. Upgrade the
   database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service:
   spacewalk-service start


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.1:

      zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2020-3781=1



Package List:

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (ppc64le s390x x86_64):

      susemanager-4.1.22-3.14.6
      susemanager-tools-4.1.22-3.14.6

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch):

      image-sync-formula-0.1.1605087464.65d1b51-3.9.5
      mgr-libmod-4.1.5-3.8.2
      postgresql-jdbc-42.2.10-3.3.5
      python3-spacewalk-certs-tools-4.1.14-3.9.5
      python3-spacewalk-client-tools-4.1.8-4.9.5
      python3-susemanager-retail-1.0.1605087464.65d1b51-3.6.5
      saltboot-formula-0.1.1605087464.65d1b51-3.9.5
      spacecmd-4.1.9-4.12.5
      spacewalk-admin-4.1.8-3.9.5
      spacewalk-backend-4.1.18-4.14.6
      spacewalk-backend-app-4.1.18-4.14.6
      spacewalk-backend-applet-4.1.18-4.14.6
      spacewalk-backend-config-files-4.1.18-4.14.6
      spacewalk-backend-config-files-common-4.1.18-4.14.6
      spacewalk-backend-config-files-tool-4.1.18-4.14.6
      spacewalk-backend-iss-4.1.18-4.14.6
      spacewalk-backend-iss-export-4.1.18-4.14.6
      spacewalk-backend-package-push-server-4.1.18-4.14.6
      spacewalk-backend-server-4.1.18-4.14.6
      spacewalk-backend-sql-4.1.18-4.14.6
      spacewalk-backend-sql-postgresql-4.1.18-4.14.6
      spacewalk-backend-tools-4.1.18-4.14.6
      spacewalk-backend-xml-export-libs-4.1.18-4.14.6
      spacewalk-backend-xmlrpc-4.1.18-4.14.6
      spacewalk-base-4.1.21-3.12.5
      spacewalk-base-minimal-4.1.21-3.12.5
      spacewalk-base-minimal-config-4.1.21-3.12.5
      spacewalk-certs-tools-4.1.14-3.9.5
      spacewalk-client-tools-4.1.8-4.9.5
      spacewalk-html-4.1.21-3.12.5
      spacewalk-java-4.1.24-3.19.6
      spacewalk-java-config-4.1.24-3.19.6
      spacewalk-java-lib-4.1.24-3.19.6
      spacewalk-java-postgresql-4.1.24-3.19.6
      spacewalk-search-4.1.4-3.6.6
      spacewalk-setup-4.1.7-3.6.5
      spacewalk-taskomatic-4.1.24-3.19.6
      supportutils-plugin-susemanager-4.1.4-3.3.5
      susemanager-doc-indexes-4.1-11.20.5
      susemanager-docs_en-4.1-11.20.5
      susemanager-docs_en-pdf-4.1-11.20.5
      susemanager-frontend-libs-4.1.1-3.6.5
      susemanager-retail-tools-1.0.1605087464.65d1b51-3.6.5
      susemanager-schema-4.1.17-3.16.2
      susemanager-sls-4.1.18-3.16.5
      susemanager-sync-data-4.1.8-3.6.5
      susemanager-web-libs-4.1.21-3.12.5
      uyuni-cluster-provider-caasp-4.1.3-3.3.5
      uyuni-config-modules-4.1.18-3.16.5
      yomi-formula-0.0.1+git.1604593202.a2c22bf-3.6.5


References:

   https://www.suse.com/security/cve/CVE-2020-13692.html
   https://bugzilla.suse.com/1172079
   https://bugzilla.suse.com/1172287
   https://bugzilla.suse.com/1175607
   https://bugzilla.suse.com/1175739
   https://bugzilla.suse.com/1175987
   https://bugzilla.suse.com/1176172
   https://bugzilla.suse.com/1176417
   https://bugzilla.suse.com/1176898
   https://bugzilla.suse.com/1177184
   https://bugzilla.suse.com/1177336
   https://bugzilla.suse.com/1177435
   https://bugzilla.suse.com/1177704
   https://bugzilla.suse.com/1177706
   https://bugzilla.suse.com/1177767
   https://bugzilla.suse.com/1177975
   https://bugzilla.suse.com/1178195
   https://bugzilla.suse.com/1178303
   https://bugzilla.suse.com/1178503
   https://bugzilla.suse.com/1178704
   https://bugzilla.suse.com/1178839
   https://bugzilla.suse.com/1179257
   https://bugzilla.suse.com/1179759

SUSE: 2020:3781-1 moderate: SUSE Manager Server 4.1

December 14, 2020

An update that solves one vulnerability and has 21 fixes is now available

Summary

This update fixes the following issues: image-sync-formula: - Send image_synced event to master postgresql-jdbc: - Address CVE-2020-13692 (bsc#1172079) pxe-yomi-image-sle15: - Update config.sh based on last JeOS template - Update JEOS_LOCALE to en_US.UTF-8 - Support config{_url}{_name} for user provided configuration python-susemanager-retail: - Handle organizations in retail_create_delta saltboot-formula: - Support older SLE11 cryptsetup (bsc#1172287) - Use images with "synced" flag spacecmd: - Fix: make spacecmd build on Debian spacewalk-admin: - Use the license macro to mark the LICENSE in the package so that when installing without docs, it does install the LICENSE file - Prevent javax.net.ssl.SSLHandshakeException after upgrading from SUSE Manager 3.2 (bsc#1177435) spacewalk-backend: - Fix missing `LiteServer.add_suse_products` method (bsc#1178704) - Do not raise TypeError when processing SUSE products (bsc#1178704) - Fix spacewalk-repo-sync to successfully manage and sync ULN repositories - Fix errors in spacewalk-debug and align postgresql queries to new DB version - ISS: Differentiate packages with same nevra but different checksum in the same channel (bsc#1178195) - Re-enables possibility to use local repos with repo-sync (bsc#1175607) - Add `allow_vendor_change` option to rhn clients for dist upgrades spacewalk-certs-tools: - Improve check for correct CA trust store directory (bsc#1176417) spacewalk-client-tools: - Update translations spacewalk-java: - Update content sensitive help links - Update exception message in findSyncedMandatoryChannels - Report resolved module dependencies on CLM project details page - Allow creating custom ULN repositories with uln:// urls - Change message "Minion is down" to be more accurate - Localize documentation links - Temp: revert Sync state modules when starting action chain execution (bsc#1177336) - Fix check for available products on ISS Slaves (bsc#1177184) - XMLRPC: Report architecture label in the list of installed packages (bsc#1176898) - Get media.1/products for cloned channels (bsc#1178303) - Calculate size to truncate a history message based on the htmlified version (bsc#1178503) - Make image pillar visible only in buildhost organization - Maintain list of synced images in pillar - Enable validation of Content Lifecycle Management entities in the XMLRPC API (bsc#1177706) - Fix the order of the arguments in the XMLRPC API doc for contentmanagement.buildProject (bsc#1177704) - Fix repo url of AppStream in generated RHEL/Centos 8 kickstart file (bsc#1175739) - Log token verify errors and check for expired tokens - Show only kernel options in advanced autoinstallation page when working with a salt minion (bsc#1177767) - Show cluster upgrade plan in the upgrade UI - Take pool and volume from Salt virt.vm_info for files and blocks disks (bsc#1175987) - Add new allowVendorChange flag for dist upgrades - Sync state modules when starting action chain execution (bsc#1177336) - Enable redfish power management by default spacewalk-search: - Add multi lang support to the document search spacewalk-setup: - Add sock_pool_size setting by default for better performance spacewalk-web: - Update content sensitive help links - Fix mandatory channels JS API to finish loading in case of error (bsc#1178839) - Fix the search panel in CLM filters page - Localize documentation links - Fix link to documentation in Admin -> Manager Configuration -> Monitoring (bsc#1176172) - Show cluster upgrade plan in the upgrade UI - Don't allow selecting spice for Xen PV and PVH guests supportutils-plugin-susemanager: - Remove checks for obsolete packages - Gather new configfiles - Add more important informations susemanager: - Adapt Debian10 bootstrap repository definition for salt on Python 3 - Add --force to mgr-create-bootstrap-repo to enforce generation even when some products are not synchronized susemanager-doc-indexes: - Added warning about local repositories in the Clients Configuration Guide - Removed duplicate contact method entry in Client Configuration Guide - Enabled upgrade section for SLE clients on Uyuni in Clients Configuration Guide - Added a section for working with bootstrap repositories and End of Life products in Client Configuration Guide - Added Salt Minion file contact method to Client Configuration Guide - Added Redfish to power management protocols section - Clarify that port 22 is required for the SUSE Manager server in the installation guide (bsc#1177975) - Added procedure for adding virtualization guests to the Client Configuration Guide - New guide added: Quickstart SAP Guide - Add multilang support susemanager-docs_en: - Added warning about local repositories in the Clients Configuration Guide - Removed duplicate contact method entry in Client Configuration Guide - Enabled upgrade section for SLE clients on Uyuni in Clients Configuration Guide - Added a section for working with bootstrap repositories and End of Life products in Client Configuration Guide - Added Salt Minion file contact method to Client Configuration Guide - Added Redfish to power management protocols section - Clarify that port 22 is required for the SUSE Manager server in the installation guide (bsc#1177975) - Added procedure for adding virtualization guests to the Client Configuration Guide - New guide added: Quickstart SAP Guide - Add multilang support mgr-libmod: - Fix `module not found` exception handling. (bsc#1179257) susemanager-frontend-libs: - Update Bootstrap to 3.1.0 susemanager-schema: - Move dist upgrade SQL file to the correct directory so it gets picked up in schema upgrades (bsc#1179759) - Add `preferred_docs_locale` to UserInfo table - Add new column to rhnactiondup table for allowVendorChange flag susemanager-sls: - Fix: sync before start action chains (bsc#1177336) - Temp: revert Sync state modules when starting action chain execution (bsc#1177336) - Handle group- and org-specific image pillars - Use require in reboot trigger (bsc#1177767) - Add pillar option to get allowVendorChange option during dist upgrade - Sync state modules when starting action chain execution (bsc#1177336) susemanager-sync-data: - Add new channel families for CAASP on ARM64 and HPC15 SP2 LTSS - Remove duplicate repo definition uyuni-cluster-provider-caasp: - Show the cluster upgrade plan in the UI yomi-formula: - Update to version 0.0.1+git.1604593202.a2c22bf: * storage: hide mountpoint if no filesystem * software: migrate repos as certs * software: add verify parameter * _grains: efi grains are in Salt now * software: transfer current repository * software: add repository options * lvm: fix indentation * partitioned: fix parted call and tests - Update to version 0.0.1+git.1601999695.6141130: * README: add user provided config - Update to version 0.0.1+git.1598948600.9a9eab0: * Replace fdisk with parted in partitioned How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2020-3781=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (ppc64le s390x x86_64): susemanager-4.1.22-3.14.6 susemanager-tools-4.1.22-3.14.6 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): image-sync-formula-0.1.1605087464.65d1b51-3.9.5 mgr-libmod-4.1.5-3.8.2 postgresql-jdbc-42.2.10-3.3.5 python3-spacewalk-certs-tools-4.1.14-3.9.5 python3-spacewalk-client-tools-4.1.8-4.9.5 python3-susemanager-retail-1.0.1605087464.65d1b51-3.6.5 saltboot-formula-0.1.1605087464.65d1b51-3.9.5 spacecmd-4.1.9-4.12.5 spacewalk-admin-4.1.8-3.9.5 spacewalk-backend-4.1.18-4.14.6 spacewalk-backend-app-4.1.18-4.14.6 spacewalk-backend-applet-4.1.18-4.14.6 spacewalk-backend-config-files-4.1.18-4.14.6 spacewalk-backend-config-files-common-4.1.18-4.14.6 spacewalk-backend-config-files-tool-4.1.18-4.14.6 spacewalk-backend-iss-4.1.18-4.14.6 spacewalk-backend-iss-export-4.1.18-4.14.6 spacewalk-backend-package-push-server-4.1.18-4.14.6 spacewalk-backend-server-4.1.18-4.14.6 spacewalk-backend-sql-4.1.18-4.14.6 spacewalk-backend-sql-postgresql-4.1.18-4.14.6 spacewalk-backend-tools-4.1.18-4.14.6 spacewalk-backend-xml-export-libs-4.1.18-4.14.6 spacewalk-backend-xmlrpc-4.1.18-4.14.6 spacewalk-base-4.1.21-3.12.5 spacewalk-base-minimal-4.1.21-3.12.5 spacewalk-base-minimal-config-4.1.21-3.12.5 spacewalk-certs-tools-4.1.14-3.9.5 spacewalk-client-tools-4.1.8-4.9.5 spacewalk-html-4.1.21-3.12.5 spacewalk-java-4.1.24-3.19.6 spacewalk-java-config-4.1.24-3.19.6 spacewalk-java-lib-4.1.24-3.19.6 spacewalk-java-postgresql-4.1.24-3.19.6 spacewalk-search-4.1.4-3.6.6 spacewalk-setup-4.1.7-3.6.5 spacewalk-taskomatic-4.1.24-3.19.6 supportutils-plugin-susemanager-4.1.4-3.3.5 susemanager-doc-indexes-4.1-11.20.5 susemanager-docs_en-4.1-11.20.5 susemanager-docs_en-pdf-4.1-11.20.5 susemanager-frontend-libs-4.1.1-3.6.5 susemanager-retail-tools-1.0.1605087464.65d1b51-3.6.5 susemanager-schema-4.1.17-3.16.2 susemanager-sls-4.1.18-3.16.5 susemanager-sync-data-4.1.8-3.6.5 susemanager-web-libs-4.1.21-3.12.5 uyuni-cluster-provider-caasp-4.1.3-3.3.5 uyuni-config-modules-4.1.18-3.16.5 yomi-formula-0.0.1+git.1604593202.a2c22bf-3.6.5

References

#1172079 #1172287 #1175607 #1175739 #1175987

#1176172 #1176417 #1176898 #1177184 #1177336

#1177435 #1177704 #1177706 #1177767 #1177975

#1178195 #1178303 #1178503 #1178704 #1178839

#1179257 #1179759

Cross- CVE-2020-13692

Affected Products:

SUSE Linux Enterprise Module for SUSE Manager Server 4.1

https://www.suse.com/security/cve/CVE-2020-13692.html

https://bugzilla.suse.com/1172079

https://bugzilla.suse.com/1172287

https://bugzilla.suse.com/1175607

https://bugzilla.suse.com/1175739

https://bugzilla.suse.com/1175987

https://bugzilla.suse.com/1176172

https://bugzilla.suse.com/1176417

https://bugzilla.suse.com/1176898

https://bugzilla.suse.com/1177184

https://bugzilla.suse.com/1177336

https://bugzilla.suse.com/1177435

https://bugzilla.suse.com/1177704

https://bugzilla.suse.com/1177706

https://bugzilla.suse.com/1177767

https://bugzilla.suse.com/1177975

https://bugzilla.suse.com/1178195

https://bugzilla.suse.com/1178303

https://bugzilla.suse.com/1178503

https://bugzilla.suse.com/1178704

https://bugzilla.suse.com/1178839

https://bugzilla.suse.com/1179257

https://bugzilla.suse.com/1179759

Severity

Announcement ID: SUSE-SU-2020:3781-1

Rating: moderate

Get the Latest News & Insights

SUSE: 2020:3781-1 moderate: SUSE Manager Server 4.1

Summary

References

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By