SUSE: 2022:0225-1 moderate: SUSE Manager Server 4.1
Summary
This update fixes the following issues: hibernate5: - Fix potential SQL injection CVE-2020-25638 (bsc#1193832) mgr-libmod: - Version 4.1.10-1 * require python macros for building mgr-osad: - Version 4.1.6-1 * require python macros for building prometheus-formula: - Version 0.3.5 * Add support for new Uyuni SD in Prometheus >= 2.31 py27-compat-salt: - Fix `tmpfiles.d` configuration for salt to not use legacy paths (bsc#1173103) - Remove wrong `_parse_cpe_name` from grains.core - Fix file.find tracebacks with non utf8 file names (bsc#1190114) - Fix ip6_interface grain to not leak secondary IPv4 aliases (bsc#1191412) - Added Python2 build possibility for RHEL8 - Do not consider skipped targets as failed for ansible.playbooks state (bsc#1190446) - Fix traceback.*_exc() calls - Fix the regression of docker_container state module (bsc#1191285) spacecmd: - Version 4.1.16-1 * require python macros for building spacewalk-admin: - Version 4.1.11-1 * add service to update configfile and introduce a backup scc user spacewalk-backend: - Version 4.1.30-1 * Add headers to update proxy auth token in listChannels (bsc#1193585) * require python macros for building * Fix the IS_SUSE variable in spacewalk-debug * exchange zypp-plugin dependency to use the python3 version (bsc#1192514) * Minor spec update. * Added RHN config parameter httpd_config_dir. spacewalk-certs-tools: - Version 4.1.20-1 * Make bootstrap script to use bash when called with a different interpreter (bsc#1191656) spacewalk-client-tools: - Version 4.1.11-1 * require python macros for building spacewalk-java: - Version 4.1.43-1 * Fix stack overflow when building a CLM project from modular sources (bsc#1194990) * Avoid using RPM tags when filtering modular packages in CLM (bsc#1192487) * fix XML syntax in cobbler snippets (bsc#1193694) * Fix stripping module metadata when cloning channels in CLM (bsc#1193008) * Fix system information forwarding to SCC (bsc#1188900) * forward registration data to SUSE Customer Center * Run Prometheus JMX exporter as Java agent (bsc#1184617) * Fix calling wrong XMLRPC bootstrap method (bsc#1192736) * Fix package update action with shared channels (bsc#1191313) * fix issue with empty action chains getting deleted too early (bsc#1191377) * switch to best repo auth item for contentsources (bsc#1191442) * Set product name and version in the User-Agent header when connecting to SCC * update last boot time of SSH Minions after bootstrapping (bsc#1191899) * Mark SSH minion actions when they're picked up (bsc#1188505) * Add compressed flag to image pillars when kiwi image is compressed (bsc#1191702) * mgr-sync refresh logs when a vendor channel is expired and shows how to remove it (bsc#1191222) - Readable error when "mgr-sync add channel" is called with a non-existing label (bsc#1173143) spacewalk-reports: - Version 4.1.5-1 * Fixes query for system-history report to prevent more than one row returned by a subquery with rhnxccdftestresult.identifier (bsc#1191192) spacewalk-setup: - Version 4.1.10-1 * Increase "max_event_size" value for the Salt master (bsc#1191340) * Leave Cobbler bootloader directory at the default (bsc#1187708) * Don't delete cobbler.conf contents. * Fixed FileNotFoundError on cobbler setup. * cobbler20-setup was removed * spacewalk-setup-cobbler was reimplemented in Python * Config files for Cobbler don't get edited in place anymore, thus the original ones are saved with a ".backup" suffix spacewalk-utils: - Version 4.1.19-1 * require python macros for building spacewalk-web: - Version 4.1.31-1 * Update Web UI version to 4.1.13 suseRegisterInfo: - Version 4.1.4-1 * require python macros for building susemanager: - Version 4.1.32-1 * add additional default config values for forwarding registrations to SCC susemanager-doc-indexes: - In the Troubleshooting section of the Client Configuration Guide, SUSE Linux Enterprise Server 11 clients also require previous SSL versions installed on the server susemanager-docs_en: - In the Troubleshooting section of the Client Configuration Guide, SUSE Linux Enterprise Server 11 clients also require previous SSL versions installed on the server susemanager-schema: - Version 4.1.24-1 * Fix rhnChannelNewestPackageView in case there are duplicates (bsc#1193612) * DB schema to support forwarding data to SCC susemanager-sls: - Version 4.1.32-1 * Run Prometheus JMX exporter as Java agent (bsc#1184617) * Fix problem installing/removing packages using action chains in transactional systems * Don't create skeleton /srv/salt/top.sls * Add missing compressed_hash value from Kiwi inspect (bsc#1191702) uyuni-common-libs: - Version 4.1.10-1 * Read modularity data from DISTTAG tag as fallback (bsc#1192487) * require python macros for building How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-225=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (ppc64le s390x x86_64): python3-uyuni-common-libs-4.1.10-3.15.1 susemanager-4.1.32-3.42.2 susemanager-tools-4.1.32-3.42.2 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): hibernate5-5.3.7-3.6.1 mgr-libmod-4.1.10-3.25.2 mgr-osa-dispatcher-4.1.6-2.12.2 prometheus-formula-0.3.5-3.15.1 py27-compat-salt-3000.3-6.18.1 python3-mgr-osa-common-4.1.6-2.12.2 python3-mgr-osa-dispatcher-4.1.6-2.12.2 python3-spacewalk-certs-tools-4.1.20-3.25.2 python3-spacewalk-client-tools-4.1.11-4.18.2 python3-suseRegisterInfo-4.1.4-4.6.2 spacecmd-4.1.16-4.33.2 spacewalk-admin-4.1.11-3.18.2 spacewalk-backend-4.1.30-4.47.2 spacewalk-backend-app-4.1.30-4.47.2 spacewalk-backend-applet-4.1.30-4.47.2 spacewalk-backend-config-files-4.1.30-4.47.2 spacewalk-backend-config-files-common-4.1.30-4.47.2 spacewalk-backend-config-files-tool-4.1.30-4.47.2 spacewalk-backend-iss-4.1.30-4.47.2 spacewalk-backend-iss-export-4.1.30-4.47.2 spacewalk-backend-package-push-server-4.1.30-4.47.2 spacewalk-backend-server-4.1.30-4.47.2 spacewalk-backend-sql-4.1.30-4.47.2 spacewalk-backend-sql-postgresql-4.1.30-4.47.2 spacewalk-backend-tools-4.1.30-4.47.2 spacewalk-backend-xml-export-libs-4.1.30-4.47.2 spacewalk-backend-xmlrpc-4.1.30-4.47.2 spacewalk-base-4.1.31-3.39.1 spacewalk-base-minimal-4.1.31-3.39.1 spacewalk-base-minimal-config-4.1.31-3.39.1 spacewalk-certs-tools-4.1.20-3.25.2 spacewalk-client-tools-4.1.11-4.18.2 spacewalk-html-4.1.31-3.39.1 spacewalk-java-4.1.43-3.63.1 spacewalk-java-config-4.1.43-3.63.1 spacewalk-java-lib-4.1.43-3.63.1 spacewalk-java-postgresql-4.1.43-3.63.1 spacewalk-reports-4.1.5-3.9.1 spacewalk-setup-4.1.10-3.15.2 spacewalk-taskomatic-4.1.43-3.63.1 spacewalk-utils-4.1.19-3.27.2 spacewalk-utils-extras-4.1.19-3.27.2 suseRegisterInfo-4.1.4-4.6.2 susemanager-doc-indexes-4.1-11.49.2 susemanager-docs_en-4.1-11.49.1 susemanager-docs_en-pdf-4.1-11.49.1 susemanager-schema-4.1.24-3.39.2 susemanager-sls-4.1.32-3.54.1 susemanager-web-libs-4.1.31-3.39.1 uyuni-config-modules-4.1.32-3.54.1
References
#1173103 #1173143 #1184617 #1187708 #1188505
#1188900 #1190114 #1190446 #1191192 #1191222
#1191285 #1191313 #1191340 #1191377 #1191412
#1191442 #1191656 #1191702 #1191899 #1192487
#1192514 #1192736 #1193008 #1193585 #1193612
#1193694 #1193832 #1194990
Cross- CVE-2020-25638
CVSS scores:
CVE-2020-25638 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2020-25638 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Server 4.1
https://www.suse.com/security/cve/CVE-2020-25638.html
https://bugzilla.suse.com/1173103
https://bugzilla.suse.com/1173143
https://bugzilla.suse.com/1184617
https://bugzilla.suse.com/1187708
https://bugzilla.suse.com/1188505
https://bugzilla.suse.com/1188900
https://bugzilla.suse.com/1190114
https://bugzilla.suse.com/1190446
https://bugzilla.suse.com/1191192
https://bugzilla.suse.com/1191222
https://bugzilla.suse.com/1191285
https://bugzilla.suse.com/1191313
https://bugzilla.suse.com/1191340
https://bugzilla.suse.com/1191377
https://bugzilla.suse.com/1191412
https://bugzilla.suse.com/1191442
https://bugzilla.suse.com/1191656
https://bugzilla.suse.com/1191702
https://bugzilla.suse.com/1191899
https://bugzilla.suse.com/1192487
https://bugzilla.suse.com/1192514
https://bugzilla.suse.com/1192736
https://bugzilla.suse.com/1193008
https://bugzilla.suse.com/1193585
https://bugzilla.suse.com/1193612
https://bugzilla.suse.com/1193694
https://bugzilla.suse.com/1193832
https://bugzilla.suse.com/1194990