SUSE: 2022:0593-1 moderate: SUSE Manager Server 4.2
Summary
This update fixes the following issues: c3p0: - Build with log4j mapper dhcpd-formula: - Update to version 0.1.1641480250.d5bd14c * make routers option optional hibernate5: - Fix potential SQL injection CVE-2020-25638 (bsc#1193832) mgr-libmod: - Version 4.2.7-1 * require python macros for building mgr-osad: - Version 4.2.7-1 * Do not build python 2 package for SLE15SP4 and higher * require python macros for building mgr-push: - Version 4.2.4-1 * Do not build python 2 package for SLE15SP4 and higher py27-compat-salt: - Fix inspector module export function (bsc#1097531) - Fix possible traceback on ip6_interface grain (bsc#1193565) - Don't check for cached pillar errors on state.apply (bsc#1190781) - Simplify "transactional_update" module to not use SSH wrapper and allow more flexible execution - Add "--no-return-event" option to salt-call to prevent sending return event back to master. - Make "state.highstate" to acts on concurrent flag. - Fix the regression with invalid syntax in test_parse_cpe_name_v23. - Fix tmpfiles.d configuration for salt to not use legacy paths (bsc#1173103) - Fix the regression of docker_container state module (bsc#1191285) rhnlib: - Version 4.2.5-1 * do not build python 2 package for SLE15 salt-netapi-client: - Hotfix (bsc#1192550): - Version 0.19.0 * See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.19.0 saltboot-formula: - Update to version 0.1.1637232240.87d79ed * Prevent python failure under some circumstances when filesystem was not set (bsc#1192440) * Add missing boot_images option in SLE11 saltboot version spacecmd: - Version 4.2.15-1 * require python macros for building spacewalk-backend: - Version 4.2.19-1 * Retrieve and store copyright information about patches * SLES PAYG client support on cloud * Add headers to update proxy auth token in listChannels (bsc#1193585) * require python macros for building * exchange zypp-plugin dependency to use the python3 version (bsc#1192514) spacewalk-branding: - Version 4.2.12-1 * Fix header search autofocus spacewalk-client-tools: - Version 4.2.16-1 * do not build python 2 package for SLE15 * require python macros for building spacewalk-config: - Version 4.2.5-1 * add migration for changed rhn.conf values spacewalk-java: - Version 4.2.32-1 * Pass only selected servers to taskomatic for cancelation (bsc#1194044) * Added rights field to generated updateinfo.xml to handle copyright * provide static configuration key name for SSHMinionActionExecutor parallel threads * Add support for custom SSH port for SSH minions * add ubuntu errata data and install handling * Fix stack overflow when building a CLM project from modular sources (bsc#1194990) * SLES PAYG client support on cloud * Change order of 'Relevant' and 'All' in patches menu * Handle multiple Kiwi bundles (bsc#1194905) * Install product by default after a channel is subscribed * Improve token validation logs * fix possible race condition in job handling (bsc#1192510) * Migrate the displaying of the date/time to rhn:formatDate * Add additional matchers to package (nevra) filter * Add greater equals matcher to package (nevra) filter * fix XML syntax in cobbler snippets (bsc#1193694) * Add new endpoints to packages API: schedulePackageLockChange, listPackagesLockStatus * Avoid using RPM tags when filtering modular packages in CLM (bsc#1192487) * Fix stripping module metadata when cloning channels in CLM (bsc#1193008) * UI and API call for changing proxy * require postgresql14 on SLE15 SP4 * Update proxy path on minion connection * fix actionchain stuck in pending/picked up (bsc#1189561) * fix parsing error by making SCAP Profile description attribute optional (bsc#1192321) * Show salt ssh error message in failed action details spacewalk-reports: - Version 4.2.7-1 * Fixes query for system-history report to prevent more than one row returned by a subquery with rhnxccdftestresult.identifier (bsc#1191192) spacewalk-search: - Version 4.2.6-1 * Rename jakarta to apache on SPEC spacewalk-setup: - Version 4.2.10-1 * During upgrade, set tomcat connector connectionTimeout to 900000 if the previous values is the old default (20000) spacewalk-utils: - Version 4.2.15-1 * require python macros for building spacewalk-web: - Version 4.2.25-1 * Add support for custom SSH port for SSH minions * SLES PAYG client support on cloud * Migrate the displaying of the date/time to rhn:formatDate, get rid of the legacy fmt:formatDate glue * Fix header search autofocus * Fix virtual systems list request error (bsc#1194397) * UI for changing proxy * Fix legacy timepicker passing wrong time to the backend if server and user time differ (bsc#1192699) * Fix legacy timepicker passing wrong time to the backend if selected date is in summer time (bsc#1192776) suseRegisterInfo: - Version 4.2.5-1 * require python macros for building * Do not build python 2 package for SLE15 and higher susemanager: - Version 4.2.27-1 * mgr-setup: do not concanate www and apache groups (bsc#1195171) * fix pg-migrate to check version of postgresql??-server (bsc#1192368) * remove obsoleted sysv init script (bsc#1191857) susemanager-doc-indexes: - Added instructions for Pay-as-you-go to the Installation Guide - In the Client Configuration Guide, documented finding channel names for registering older SUSE Linux Enterprise clients - Documented moving Salt clients between proxies in the Client Configuration Guide - Added grub.cfg for GRUB 2 in the Upgrade chapter of the Client - In the Troubleshooting section of the Client Configuration Guide, documented that SUSE Linux Enterprise Server 11 clients require previous SSL versions installed on the server - In the Retail Guide, adjust branch server version numbers (bsc#1193292) susemanager-docs_en: - Added instructions for Pay-as-you-go to the Installation Guide - In the Client Configuration Guide, documented finding channel names for registering older SUSE Linux Enterprise clients - Documented moving Salt clients between proxies in the Client Configuration Guide - Added grub.cfg for GRUB 2 in the Upgrade chapter of the Client - In the Troubleshooting section of the Client Configuration Guide, documented that SUSE Linux Enterprise Server 11 clients require previous SSL versions installed on the server - In the Retail Guide, adjust branch server version numbers (bsc#1193292) susemanager-schema: - Version 4.2.20-1 * Added rights column to rhnerrata to handle copyright information * Add support for custom SSH port for SSH minions * add ubuntu errata data and install handling * SLES PAYG client support on cloud * Replace not existing Asia/Beijing timezone with Asia/Shanghai (bsc#1194862) * Continue with index migration when the expected indexes do not exist (bsc#1192566) * Fix changing of existing proxy path * Add pillars to Apply States action * Fix rhnChannelNewestPackageView in case there are duplicates (bsc#1193612) susemanager-sls: - Version 4.2.20-1 * Handle multiple Kiwi bundles (bsc#1194905) * enforce correct minion configuration similar to bootstrapping (bsc#1192510) * Add state for changing proxy * Update proxy path on minion connection * Fix problem installing/removing packages using action chains in transactional systems uyuni-common-libs: - Version 4.2.6-1 * Read modularity data from DISTTAG tag as fallback (bsc#1192487) * require python macros for building uyuni-config-formula: - Version 0.2 * support to manager activation keys How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-593=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (ppc64le s390x x86_64): inter-server-sync-0.0.7-150300.8.9.1 inter-server-sync-debuginfo-0.0.7-150300.8.9.1 python3-uyuni-common-libs-4.2.6-150300.3.6.1 spacewalk-branding-4.2.12-150300.3.6.1 susemanager-4.2.27-150300.3.19.1 susemanager-tools-4.2.27-150300.3.19.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): c3p0-0.9.5.2-150300.4.3.1 dhcpd-formula-0.1.1641480250.d5bd14c-150300.3.3.1 hibernate5-5.3.7-150300.5.3.1 mgr-libmod-4.2.7-150300.3.6.1 mgr-osa-dispatcher-4.2.7-150300.2.6.1 mgr-push-4.2.4-150300.2.6.1 py27-compat-salt-3000.3-150300.7.7.17.1 python3-mgr-osa-common-4.2.7-150300.2.6.1 python3-mgr-osa-dispatcher-4.2.7-150300.2.6.1 python3-mgr-push-4.2.4-150300.2.6.1 python3-rhnlib-4.2.5-150300.4.6.1 python3-spacewalk-client-tools-4.2.16-150300.4.15.1 python3-suseRegisterInfo-4.2.5-150300.4.6.1 salt-netapi-client-0.19.0-150300.3.3.1 saltboot-formula-0.1.1637232240.87d79ed-150300.3.6.1 spacecmd-4.2.15-150300.4.15.1 spacewalk-backend-4.2.19-150300.4.15.1 spacewalk-backend-app-4.2.19-150300.4.15.1 spacewalk-backend-applet-4.2.19-150300.4.15.1 spacewalk-backend-config-files-4.2.19-150300.4.15.1 spacewalk-backend-config-files-common-4.2.19-150300.4.15.1 spacewalk-backend-config-files-tool-4.2.19-150300.4.15.1 spacewalk-backend-iss-4.2.19-150300.4.15.1 spacewalk-backend-iss-export-4.2.19-150300.4.15.1 spacewalk-backend-package-push-server-4.2.19-150300.4.15.1 spacewalk-backend-server-4.2.19-150300.4.15.1 spacewalk-backend-sql-4.2.19-150300.4.15.1 spacewalk-backend-sql-postgresql-4.2.19-150300.4.15.1 spacewalk-backend-tools-4.2.19-150300.4.15.1 spacewalk-backend-xml-export-libs-4.2.19-150300.4.15.1 spacewalk-backend-xmlrpc-4.2.19-150300.4.15.1 spacewalk-base-4.2.25-150300.3.15.2 spacewalk-base-minimal-4.2.25-150300.3.15.2 spacewalk-base-minimal-config-4.2.25-150300.3.15.2 spacewalk-client-tools-4.2.16-150300.4.15.1 spacewalk-config-4.2.5-150300.3.3.1 spacewalk-html-4.2.25-150300.3.15.2 spacewalk-java-4.2.32-150300.3.20.1 spacewalk-java-config-4.2.32-150300.3.20.1 spacewalk-java-lib-4.2.32-150300.3.20.1 spacewalk-java-postgresql-4.2.32-150300.3.20.1 spacewalk-reports-4.2.7-150300.3.9.1 spacewalk-search-4.2.6-150300.3.6.1 spacewalk-setup-4.2.10-150300.3.12.1 spacewalk-taskomatic-4.2.32-150300.3.20.1 spacewalk-utils-4.2.15-150300.3.12.1 spacewalk-utils-extras-4.2.15-150300.3.12.1 suseRegisterInfo-4.2.5-150300.4.6.1 susemanager-doc-indexes-4.2-150300.12.19.1 susemanager-docs_en-4.2-150300.12.19.1 susemanager-docs_en-pdf-4.2-150300.12.19.1 susemanager-schema-4.2.20-150300.3.15.1 susemanager-sls-4.2.20-150300.3.17.1 susemanager-web-libs-4.2.25-150300.3.15.2 uyuni-config-formula-0.2-150300.3.3.1 uyuni-config-modules-4.2.20-150300.3.17.1
References
#1097531 #1173103 #1189561 #1190781 #1191192
#1191285 #1191857 #1192321 #1192368 #1192440
#1192487 #1192510 #1192514 #1192550 #1192566
#1192699 #1192776 #1193008 #1193292 #1193565
#1193585 #1193612 #1193694 #1193832 #1194044
#1194397 #1194862 #1194905 #1194990 #1195171
Cross- CVE-2020-25638
CVSS scores:
CVE-2020-25638 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2020-25638 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Server 4.2
SUSE Manager Server 4.2
https://www.suse.com/security/cve/CVE-2020-25638.html
https://bugzilla.suse.com/1097531
https://bugzilla.suse.com/1173103
https://bugzilla.suse.com/1189561
https://bugzilla.suse.com/1190781
https://bugzilla.suse.com/1191192
https://bugzilla.suse.com/1191285
https://bugzilla.suse.com/1191857
https://bugzilla.suse.com/1192321
https://bugzilla.suse.com/1192368
https://bugzilla.suse.com/1192440
https://bugzilla.suse.com/1192487
https://bugzilla.suse.com/1192510
https://bugzilla.suse.com/1192514
https://bugzilla.suse.com/1192550
https://bugzilla.suse.com/1192566
https://bugzilla.suse.com/1192699
https://bugzilla.suse.com/1192776
https://bugzilla.suse.com/1193008
https://bugzilla.suse.com/1193292
https://bugzilla.suse.com/1193565
https://bugzilla.suse.com/1193585
https://bugzilla.suse.com/1193612
https://bugzilla.suse.com/1193694
https://bugzilla.suse.com/1193832
https://bugzilla.suse.com/1194044
https://bugzilla.suse.com/1194397
https://bugzilla.suse.com/1194862
https://bugzilla.suse.com/1194905
https://bugzilla.suse.com/1194990
https://bugzilla.suse.com/1195171