SUSE: 2022:3194-1 moderate: SUSE Manager Server 4.3 | LinuxSecurity...

   SUSE Security Update: Security update for SUSE Manager Server 4.3
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:3194-1
Rating:             moderate
References:         #1172179 #1179962 #1186011 #1187028 #1191925 
                    #1194394 #1195455 #1198356 #1198358 #1198944 
                    #1199147 #1199157 #1199523 #1199629 #1199646 
                    #1199656 #1199659 #1199662 #1199663 #1199679 
                    #1199714 #1199727 #1199779 #1199817 #1199874 
                    #1199950 #1199984 #1199998 #1200276 #1200347 
                    #1200532 #1200591 #1200606 #1200707 #1201003 
                    #1201142 #1201189 #1201224 #1201411 #1201498 
                    #1201782 #1201842 
Cross-References:   CVE-2022-31248
CVSS scores:
                    CVE-2022-31248 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2022-31248 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:
                    SUSE Linux Enterprise Module for SUSE Manager Server 4.3
                    SUSE Manager Server 4.3
______________________________________________________________________________

   An update that solves one vulnerability and has 41 fixes is
   now available.

Description:


   This update fixes the following issues:

   apache-commons-csv:

   - Fix the URL for the package
   - Declare the LICENSE file as license and not doc

   apache-commons-math3:

   - Fix the URL for the package
   - Declare the LICENSE file as license and not doc

   drools:

   - Declare the LICENSE file as license and not doc

   image-sync-formula:

   - Update to version 0.1.1658330139.861779d
     * Fix deleting of unused boot images
     * Support deltas for system images (bsc#1201498)
     * Do not try to show changes in images (bsc#1199998)

   inter-server-sync:

   - Version 0.2.3
     * Compress exported sql data #16631

   jakarta-commons-validator:

   - Declare the LICENSE file as license and not doc

   jose4j:

   - Declare the LICENSE file as license and not doc

   kie-api:

   - Declare the LICENSE file as license and not doc

   mvel2:

   - Declare the LICENSE file as license and not doc

   optaplanner:

   - Declare the LICENSE file as license and not doc

   python-susemanager-retail:

   - Update to version 0.1.1658330139.861779d
     * Support deltas for system images (bsc#1201498)
     * Fix error message on incorrect --log-level arg (bsc#1199727)

   python-urlgrabber:

   - Fix wrong logic on find_proxy method causing proxy not being used

   reprepro:

   - Bump up the maxsize on a fixed-size C buffer to avoid breaking on some
     autogenerated rust packages
   - Flush stdout and stderr before execv of an end hook
   - Add support for Zstd compressed debs
   - Added alternative package name for db4-devel.

   salt-netapi-client:

   - Declare the LICENSE file as license and not doc

   smdba:

   - Declare the LICENSE file as license and not doc

   spacecmd:

   - Version 4.3.14-1
     * Fix missing argument on system_listmigrationtargets (bsc#1201003)
     * Show correct help on calling kickstart_importjson with no arguments
     * Fix tracebacks on spacecmd kickstart_export (bsc#1200591)
     * Change proxy container config default filename to end with tar.gz

   spacewalk:

   - Version 4.3.5-1
     * Simplified PostgreSQL14 requirement.
     * Update server-migrator to dist-upgrade to openSUSE 15.4

   spacewalk-backend:

   - Version 4.3.15-1
     * cleanup leftovers from removing unused xmlrpc endpoint
     * Fix issues with "http proxy" not being used by reposync in some cases

   spacewalk-certs-tools:

   - Version 4.3.14-1
     * traditional stack bootstrap: install product packages (bsc#1201142)
     * display messages to restart services after certificate change
     * improve CA Chain checking by comparing authorityKeyIdentifier with
       subjectKeyIdentifier

   spacewalk-client-tools:

   - Version 4.3.11-1
     * Update translation strings

   spacewalk-config:

   - Version 4.3.9-1
     * fix posttrans error "RHN-ORG-TRUSTED-SSL-CERT" not found

   spacewalk-java:

   - Version 4.3.35-1
     * Modify parameter type when communicating with the search server
       (bsc#1187028)
     * Fix hibernate error on deleting an image with delta
     * Changed logout method to POST on HTTP API (bsc#1199663)
     * Turned API information endpoints public (bsc#1199817)
     * Fix typo and ordering of JSON over HTTP API example scripts
     * Improved log handling in HTTP API (bsc#1199662)
     * set Channel GPG Key info from SCC data
     * set GPG Key Url as channel pillar data (bsc#1199984)
     * new API endpoint for addErrataUpdate, that take multiple servers as
       argument
     * Move ImageSync pillars to database (bsc#1199157)
     * Fix conflict when system is assigned to multiple instances of the same
       formula (bsc#1194394)
     * Fix initial profile and build host on Image Build page (bsc#1199659)
     * Convert formula integer values when upgrading (bsc#1200347)
     * Cleanup salt known_hosts when generating proxy containers config
     * Modify proxy containers configuration files set output
     * Change proxy containers config to tarball with yaml files
     * Fixed date format on scheduler related messages (bsc#1195455)
     * Improved dropdown layout handling
     * Fix download CSV
     * Hide authentication data in PAYG UI (bsc#1199679)
     * Clean grub2 reinstall entry in autoyast snippet (bsc#1199950)
     * Show reboot alert message on all system detail pages (bsc#1199779)
     * Show patch as installed in CVE Audit even if successor patch affects
       additional packages (bsc#1199646)
     * Fix refresh action confirmation message when no system is selected
     * Fix Intenal Server Error when URI contains invalid sysid (bsc#1186011)
     * Fix notification message on system properties update to ensure style
       consistency (bsc#1172179)
     * Fix containerized proxy configuration machine name
     * Improve CLM channel cloning performance (bsc#1199523)
     * Keep the websocket connections alive with ping/pong frames
       (bsc#1199874)
     * add detection of Ubuntu 22.04
     * fix missing remote command history events for big output (bsc#1199656)
     * fix api log message references the wrong user (bsc#1179962)
     * Consistently use conf value for SPA engine timeout
     * fix download of packages with caret sign in the version due to missing
       url decode
     * Add specific requirement for Cobbler 3.2.1 to not conflict with Leap
       15.4
     * Fix send login(s) and send password actions to avoid user enumeration
       (bsc#1199629) (CVE-2022-31248)

   spacewalk-search:

   - Version 4.3.6-1
     * Add method to handle session id as String
     * Migrated from log4j1.x.x to log4j2.x.x
     * update ivy development files

   spacewalk-setup:

   - Version 4.3.10-1
     * spacewalk-setup-cobbler assumes /etc/apache2/conf.d now as a default
       instead of /etc/httpd/conf.d (bsc#1198356)
     * Allow alternative usage of perl-Net-LibIDN2.

   spacewalk-utils:

   - Version 4.3.13-1
     * change gpg key urls to file urls where possible
     * spacewalk-hostname-rename now correctly replaces the hostname for the
       mgr-sync configuration file (bsc#1198356)
     * spacewalk-hostname-rename now utilizes the "--apache2-conf-dir" flag
       for spacewalk-setup-cobbler
     * Add repositories for Ubuntu 22.04 LTS
     * Add AlmaLinux 9 and Oracle Linux 9 to spacewalk-common-channels
     * Add missing SLES 15 SP4 client tools repositories to
       spacewalk-common-channels.ini
     * add deprecation warning for spacewalk-clone-by-date
     * Add EPEL8 for Almalinux 8 and Rocky 8 in spacewalk-common-channels.ini
     * openSUSE Leap 15.4 repositories

   spacewalk-web:

   - Version 4.3.23-1
     * Update the version for the WebUI
     * Fix initial profile and build host on Image Build page (bsc#1199659)
     * Handle multi line error messages in proxy containers config creation
     * Hide authentication data in PAYG UI (bsc#1199679)
     * add textarea to formulas
     * Consistently use conf value for SPA engine timeout
     * Remove nodejs-packaging as a build requirement
     * Update translation strings

   subscription-matcher:

   - Declare the LICENSE file as license and not doc

   susemanager:

   - Version 4.3.18-1
     * Add missing python3-gnupg to Debian10 bootstrap repo (bsc#1201842)
     * Add clients tool product to generate bootstrap repo on OpenSUSE 15.x
       (bsc#1201189)
     * Add Oracle Linux 9 bootstrap repositories for Uyuni
     * Add AlmaLinux 9 bootstrap repositories for Uyuni
     * Add Red Hat Enterprise Linux 9 repositories for Uyuni
     * Make the Salt Bundle optional for bootstrap repositories for Debian 9
       and SUSE Manager Proxy 4.2
     * Enable bootstrapping for Ubuntu 22.04 LTS
     * fix pg-migrate-x-to-y.sh comment: migration without creating backup
       use -f option
     * bootstrap repo: set optional packages
     * Add python3-contextvars and python3-immutables to missing bootstrap
       repos (bsc#1200606)
     * Update server-migrator to dist-upgrade to openSUSE 15.4

   susemanager-build-keys:

   - Version 15.4.3
     * Add Uyuni Client Tools key
     * Install keys for Client Tools Channels in salt filesystem to be able
       to deploy them to clients
     * Add openEuler 22.03 key
     * Add AlmaLinux 9 key
     * Add Oracle Linux 9 keys
     * RPM-GPG-KEY-openEuler
     * RPM-GPG-KEY-AlmaLinux-9
     * RPM-GPG-KEY-oracle
     * RPM-GPG-KEY-oracle-backup

   susemanager-docs_en:

   - Described disabling local repositories in Client Configuration Guide
   - Remove misleading installation screen shots in the Installation and
     Upgrade Guide (bsc#1201411)
   - Fixed Ubuntu 18 Client registration in Client Configuration Guide
     (bsc#1201224)
   - Removed sle-module-pythonX in VM Installation chapter of Installation
     and Upgrade Guide because SUSE Manager 4.3 does not require it
   - In the Custom Channel section of the Administration Guide add a note
     about synchronizing repositories regularly
   - Removed SUSE Linux Enterprise 11 from the list of supported client
     systems
   - Update section about changing SSL certificates
   - Added ports 1232 and 1233 in the Ports section of the Installation and
     Upgrade Guide; required for Salt SSH Push (bsc#1200532)
   - Fixed 'fast' switch ('-f') of the database migration script in
     Installation and Upgrade Guide
   - Updated Virtualization chapter in Client Configuration Guide; more
     on limitation other than Xen and KVM
   - Added information about registering RHEL clients on Azure in the Import
     Entitlements and Certificates section of the Client Configuration Guide
     (bsc#1198944)
   - Fixed VisibleIf documentation in Formula section of the Salt Guide
   - Added note about importing CA certifcate in Installation and Upgrade
     Guide (bsc#1198358)
   - Documented defining monitored targets using file-based service discovery
     provided in the Prometheus formula in the Salt Guide
   - In Supported Clients and Features chapter in Client Configuration Guide,
     remove SUSE Linux Enterprise 11 (bsc#1199147)
   - Improve traditional client deprecation statement in Client Configuration
     Guide (bsc#1199714)

   susemanager-schema:

   - Version 4.3.13-1
     * update GPG key urls in channels set by spacewalk-common-channels
     * add gpg key info to suseProductSCCRepository (bsc#1199984)
     * Move ImageSync pillars to database (bsc#1199157)

   susemanager-sls:

   - Version 4.3.24-1
     * Fix issue bootstrap issue with Debian 9 because missing
       python3-contextvars (bsc#1201782)
     * Fix deploy of SLE Micro CA Certificate (bsc#1200276)
     * disable local repos before bootstrap and at highstate (bsc#1191925)
     * deploy GPG keys to the clients and define trust in channels
       (bsc#1199984)
     * Enable basic support for Ubuntu 22.04
     * Add port parameter to mgrutil.remove_ssh_known_host
     * Prevent possible tracebacks on calling module.run from mgrcompat by
       setting proper globals with using LazyLoader
     * Fix bootstrapping for Ubuntu 18.04 with classic Salt package
       (bsc#1200707)
     * create CA certificate symlink on Proxies which might get lost due to
       de-installation of the ca package

   uyuni-common-libs:

   - Version 4.3.5-1
     * Fix reposync issue about 'rpm.hdr' object has no attribute 'get'

   virtual-host-gatherer:

   - Declare the LICENSE file as license and not doc

   woodstox:

   - Declare the LICENSE file as license and not doc

   xmlpull-api:

   - Declare the LICENSE file as license and not doc

   How to apply this update:

   1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk
   service: `spacewalk-service stop` 3. Apply the patch using either zypper
   patch or YaST Online Update. 4. Start the Spacewalk service:
   `spacewalk-service start`


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.3:

      zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3194=1



Package List:

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (ppc64le s390x x86_64):

      inter-server-sync-0.2.3-150400.3.3.1
      inter-server-sync-debuginfo-0.2.3-150400.3.3.1
      python3-uyuni-common-libs-4.3.5-150400.3.3.2
      reprepro-5.3.0-150400.3.3.1
      reprepro-debuginfo-5.3.0-150400.3.3.1
      reprepro-debugsource-5.3.0-150400.3.3.1
      smdba-1.7.10-0.150400.4.3.1
      susemanager-4.3.18-150400.3.3.2
      susemanager-tools-4.3.18-150400.3.3.2

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch):

      apache-commons-csv-1.2-150400.3.3.1
      apache-commons-math3-3.2-150400.3.3.1
      drools-7.17.0-150400.3.3.1
      image-sync-formula-0.1.1658330139.861779d-150400.3.3.1
      jakarta-commons-validator-1.1.4-21.150400.21.3.4
      jose4j-0.5.1-150400.3.3.1
      kie-api-7.17.0-150400.3.3.1
      mvel2-2.2.6.Final-150400.3.3.1
      optaplanner-7.17.0-150400.3.3.1
      python3-spacewalk-certs-tools-4.3.14-150400.3.3.2
      python3-spacewalk-client-tools-4.3.11-150400.3.3.4
      python3-susemanager-retail-1.0.1658330139.861779d-150400.3.3.1
      python3-urlgrabber-4.1.0-150400.3.3.1
      salt-netapi-client-0.20.0-150400.3.3.5
      spacecmd-4.3.14-150400.3.3.2
      spacewalk-backend-4.3.15-150400.3.3.5
      spacewalk-backend-app-4.3.15-150400.3.3.5
      spacewalk-backend-applet-4.3.15-150400.3.3.5
      spacewalk-backend-config-files-4.3.15-150400.3.3.5
      spacewalk-backend-config-files-common-4.3.15-150400.3.3.5
      spacewalk-backend-config-files-tool-4.3.15-150400.3.3.5
      spacewalk-backend-iss-4.3.15-150400.3.3.5
      spacewalk-backend-iss-export-4.3.15-150400.3.3.5
      spacewalk-backend-package-push-server-4.3.15-150400.3.3.5
      spacewalk-backend-server-4.3.15-150400.3.3.5
      spacewalk-backend-sql-4.3.15-150400.3.3.5
      spacewalk-backend-sql-postgresql-4.3.15-150400.3.3.5
      spacewalk-backend-tools-4.3.15-150400.3.3.5
      spacewalk-backend-xml-export-libs-4.3.15-150400.3.3.5
      spacewalk-backend-xmlrpc-4.3.15-150400.3.3.5
      spacewalk-base-4.3.23-150400.3.3.4
      spacewalk-base-minimal-4.3.23-150400.3.3.4
      spacewalk-base-minimal-config-4.3.23-150400.3.3.4
      spacewalk-certs-tools-4.3.14-150400.3.3.2
      spacewalk-client-tools-4.3.11-150400.3.3.4
      spacewalk-common-4.3.5-150400.3.3.2
      spacewalk-config-4.3.9-150400.3.3.3
      spacewalk-html-4.3.23-150400.3.3.4
      spacewalk-java-4.3.35-150400.3.3.5
      spacewalk-java-config-4.3.35-150400.3.3.5
      spacewalk-java-lib-4.3.35-150400.3.3.5
      spacewalk-java-postgresql-4.3.35-150400.3.3.5
      spacewalk-postgresql-4.3.5-150400.3.3.2
      spacewalk-search-4.3.6-150400.3.3.3
      spacewalk-setup-4.3.10-150400.3.3.3
      spacewalk-taskomatic-4.3.35-150400.3.3.5
      spacewalk-utils-4.3.13-150400.3.3.3
      spacewalk-utils-extras-4.3.13-150400.3.3.3
      subscription-matcher-0.29-150400.3.3.1
      susemanager-build-keys-15.4.3-150400.3.3.1
      susemanager-build-keys-web-15.4.3-150400.3.3.1
      susemanager-docs_en-4.3-150400.9.3.1
      susemanager-docs_en-pdf-4.3-150400.9.3.1
      susemanager-retail-tools-1.0.1658330139.861779d-150400.3.3.1
      susemanager-schema-4.3.13-150400.3.3.3
      susemanager-schema-utility-4.3.13-150400.3.3.3
      susemanager-sls-4.3.24-150400.3.3.1
      uyuni-config-modules-4.3.24-150400.3.3.1
      virtual-host-gatherer-1.0.23-150400.3.3.1
      virtual-host-gatherer-Kubernetes-1.0.23-150400.3.3.1
      virtual-host-gatherer-Nutanix-1.0.23-150400.3.3.1
      virtual-host-gatherer-VMware-1.0.23-150400.3.3.1
      virtual-host-gatherer-libcloud-1.0.23-150400.3.3.1
      woodstox-4.4.2-150400.3.3.1
      xmlpull-api-1.1.3.1-150400.3.3.1


References:

   https://www.suse.com/security/cve/CVE-2022-31248.html
   https://bugzilla.suse.com/1172179
   https://bugzilla.suse.com/1179962
   https://bugzilla.suse.com/1186011
   https://bugzilla.suse.com/1187028
   https://bugzilla.suse.com/1191925
   https://bugzilla.suse.com/1194394
   https://bugzilla.suse.com/1195455
   https://bugzilla.suse.com/1198356
   https://bugzilla.suse.com/1198358
   https://bugzilla.suse.com/1198944
   https://bugzilla.suse.com/1199147
   https://bugzilla.suse.com/1199157
   https://bugzilla.suse.com/1199523
   https://bugzilla.suse.com/1199629
   https://bugzilla.suse.com/1199646
   https://bugzilla.suse.com/1199656
   https://bugzilla.suse.com/1199659
   https://bugzilla.suse.com/1199662
   https://bugzilla.suse.com/1199663
   https://bugzilla.suse.com/1199679
   https://bugzilla.suse.com/1199714
   https://bugzilla.suse.com/1199727
   https://bugzilla.suse.com/1199779
   https://bugzilla.suse.com/1199817
   https://bugzilla.suse.com/1199874
   https://bugzilla.suse.com/1199950
   https://bugzilla.suse.com/1199984
   https://bugzilla.suse.com/1199998
   https://bugzilla.suse.com/1200276
   https://bugzilla.suse.com/1200347
   https://bugzilla.suse.com/1200532
   https://bugzilla.suse.com/1200591
   https://bugzilla.suse.com/1200606
   https://bugzilla.suse.com/1200707
   https://bugzilla.suse.com/1201003
   https://bugzilla.suse.com/1201142
   https://bugzilla.suse.com/1201189
   https://bugzilla.suse.com/1201224
   https://bugzilla.suse.com/1201411
   https://bugzilla.suse.com/1201498
   https://bugzilla.suse.com/1201782
   https://bugzilla.suse.com/1201842

SUSE: 2022:3194-1 moderate: SUSE Manager Server 4.3

September 8, 2022
An update that solves one vulnerability and has 41 fixes is now available

Summary

This update fixes the following issues: apache-commons-csv: - Fix the URL for the package - Declare the LICENSE file as license and not doc apache-commons-math3: - Fix the URL for the package - Declare the LICENSE file as license and not doc drools: - Declare the LICENSE file as license and not doc image-sync-formula: - Update to version 0.1.1658330139.861779d * Fix deleting of unused boot images * Support deltas for system images (bsc#1201498) * Do not try to show changes in images (bsc#1199998) inter-server-sync: - Version 0.2.3 * Compress exported sql data #16631 jakarta-commons-validator: - Declare the LICENSE file as license and not doc jose4j: - Declare the LICENSE file as license and not doc kie-api: - Declare the LICENSE file as license and not doc mvel2: - Declare the LICENSE file as license and not doc optaplanner: - Declare the LICENSE file as license and not doc python-susemanager-retail: - Update to version 0.1.1658330139.861779d * Support deltas for system images (bsc#1201498) * Fix error message on incorrect --log-level arg (bsc#1199727) python-urlgrabber: - Fix wrong logic on find_proxy method causing proxy not being used reprepro: - Bump up the maxsize on a fixed-size C buffer to avoid breaking on some autogenerated rust packages - Flush stdout and stderr before execv of an end hook - Add support for Zstd compressed debs - Added alternative package name for db4-devel. salt-netapi-client: - Declare the LICENSE file as license and not doc smdba: - Declare the LICENSE file as license and not doc spacecmd: - Version 4.3.14-1 * Fix missing argument on system_listmigrationtargets (bsc#1201003) * Show correct help on calling kickstart_importjson with no arguments * Fix tracebacks on spacecmd kickstart_export (bsc#1200591) * Change proxy container config default filename to end with tar.gz spacewalk: - Version 4.3.5-1 * Simplified PostgreSQL14 requirement. * Update server-migrator to dist-upgrade to openSUSE 15.4 spacewalk-backend: - Version 4.3.15-1 * cleanup leftovers from removing unused xmlrpc endpoint * Fix issues with "http proxy" not being used by reposync in some cases spacewalk-certs-tools: - Version 4.3.14-1 * traditional stack bootstrap: install product packages (bsc#1201142) * display messages to restart services after certificate change * improve CA Chain checking by comparing authorityKeyIdentifier with subjectKeyIdentifier spacewalk-client-tools: - Version 4.3.11-1 * Update translation strings spacewalk-config: - Version 4.3.9-1 * fix posttrans error "RHN-ORG-TRUSTED-SSL-CERT" not found spacewalk-java: - Version 4.3.35-1 * Modify parameter type when communicating with the search server (bsc#1187028) * Fix hibernate error on deleting an image with delta * Changed logout method to POST on HTTP API (bsc#1199663) * Turned API information endpoints public (bsc#1199817) * Fix typo and ordering of JSON over HTTP API example scripts * Improved log handling in HTTP API (bsc#1199662) * set Channel GPG Key info from SCC data * set GPG Key Url as channel pillar data (bsc#1199984) * new API endpoint for addErrataUpdate, that take multiple servers as argument * Move ImageSync pillars to database (bsc#1199157) * Fix conflict when system is assigned to multiple instances of the same formula (bsc#1194394) * Fix initial profile and build host on Image Build page (bsc#1199659) * Convert formula integer values when upgrading (bsc#1200347) * Cleanup salt known_hosts when generating proxy containers config * Modify proxy containers configuration files set output * Change proxy containers config to tarball with yaml files * Fixed date format on scheduler related messages (bsc#1195455) * Improved dropdown layout handling * Fix download CSV * Hide authentication data in PAYG UI (bsc#1199679) * Clean grub2 reinstall entry in autoyast snippet (bsc#1199950) * Show reboot alert message on all system detail pages (bsc#1199779) * Show patch as installed in CVE Audit even if successor patch affects additional packages (bsc#1199646) * Fix refresh action confirmation message when no system is selected * Fix Intenal Server Error when URI contains invalid sysid (bsc#1186011) * Fix notification message on system properties update to ensure style consistency (bsc#1172179) * Fix containerized proxy configuration machine name * Improve CLM channel cloning performance (bsc#1199523) * Keep the websocket connections alive with ping/pong frames (bsc#1199874) * add detection of Ubuntu 22.04 * fix missing remote command history events for big output (bsc#1199656) * fix api log message references the wrong user (bsc#1179962) * Consistently use conf value for SPA engine timeout * fix download of packages with caret sign in the version due to missing url decode * Add specific requirement for Cobbler 3.2.1 to not conflict with Leap 15.4 * Fix send login(s) and send password actions to avoid user enumeration (bsc#1199629) (CVE-2022-31248) spacewalk-search: - Version 4.3.6-1 * Add method to handle session id as String * Migrated from log4j1.x.x to log4j2.x.x * update ivy development files spacewalk-setup: - Version 4.3.10-1 * spacewalk-setup-cobbler assumes /etc/apache2/conf.d now as a default instead of /etc/httpd/conf.d (bsc#1198356) * Allow alternative usage of perl-Net-LibIDN2. spacewalk-utils: - Version 4.3.13-1 * change gpg key urls to file urls where possible * spacewalk-hostname-rename now correctly replaces the hostname for the mgr-sync configuration file (bsc#1198356) * spacewalk-hostname-rename now utilizes the "--apache2-conf-dir" flag for spacewalk-setup-cobbler * Add repositories for Ubuntu 22.04 LTS * Add AlmaLinux 9 and Oracle Linux 9 to spacewalk-common-channels * Add missing SLES 15 SP4 client tools repositories to spacewalk-common-channels.ini * add deprecation warning for spacewalk-clone-by-date * Add EPEL8 for Almalinux 8 and Rocky 8 in spacewalk-common-channels.ini * openSUSE Leap 15.4 repositories spacewalk-web: - Version 4.3.23-1 * Update the version for the WebUI * Fix initial profile and build host on Image Build page (bsc#1199659) * Handle multi line error messages in proxy containers config creation * Hide authentication data in PAYG UI (bsc#1199679) * add textarea to formulas * Consistently use conf value for SPA engine timeout * Remove nodejs-packaging as a build requirement * Update translation strings subscription-matcher: - Declare the LICENSE file as license and not doc susemanager: - Version 4.3.18-1 * Add missing python3-gnupg to Debian10 bootstrap repo (bsc#1201842) * Add clients tool product to generate bootstrap repo on OpenSUSE 15.x (bsc#1201189) * Add Oracle Linux 9 bootstrap repositories for Uyuni * Add AlmaLinux 9 bootstrap repositories for Uyuni * Add Red Hat Enterprise Linux 9 repositories for Uyuni * Make the Salt Bundle optional for bootstrap repositories for Debian 9 and SUSE Manager Proxy 4.2 * Enable bootstrapping for Ubuntu 22.04 LTS * fix pg-migrate-x-to-y.sh comment: migration without creating backup use -f option * bootstrap repo: set optional packages * Add python3-contextvars and python3-immutables to missing bootstrap repos (bsc#1200606) * Update server-migrator to dist-upgrade to openSUSE 15.4 susemanager-build-keys: - Version 15.4.3 * Add Uyuni Client Tools key * Install keys for Client Tools Channels in salt filesystem to be able to deploy them to clients * Add openEuler 22.03 key * Add AlmaLinux 9 key * Add Oracle Linux 9 keys * RPM-GPG-KEY-openEuler * RPM-GPG-KEY-AlmaLinux-9 * RPM-GPG-KEY-oracle * RPM-GPG-KEY-oracle-backup susemanager-docs_en: - Described disabling local repositories in Client Configuration Guide - Remove misleading installation screen shots in the Installation and Upgrade Guide (bsc#1201411) - Fixed Ubuntu 18 Client registration in Client Configuration Guide (bsc#1201224) - Removed sle-module-pythonX in VM Installation chapter of Installation and Upgrade Guide because SUSE Manager 4.3 does not require it - In the Custom Channel section of the Administration Guide add a note about synchronizing repositories regularly - Removed SUSE Linux Enterprise 11 from the list of supported client systems - Update section about changing SSL certificates - Added ports 1232 and 1233 in the Ports section of the Installation and Upgrade Guide; required for Salt SSH Push (bsc#1200532) - Fixed 'fast' switch ('-f') of the database migration script in Installation and Upgrade Guide - Updated Virtualization chapter in Client Configuration Guide; more on limitation other than Xen and KVM - Added information about registering RHEL clients on Azure in the Import Entitlements and Certificates section of the Client Configuration Guide (bsc#1198944) - Fixed VisibleIf documentation in Formula section of the Salt Guide - Added note about importing CA certifcate in Installation and Upgrade Guide (bsc#1198358) - Documented defining monitored targets using file-based service discovery provided in the Prometheus formula in the Salt Guide - In Supported Clients and Features chapter in Client Configuration Guide, remove SUSE Linux Enterprise 11 (bsc#1199147) - Improve traditional client deprecation statement in Client Configuration Guide (bsc#1199714) susemanager-schema: - Version 4.3.13-1 * update GPG key urls in channels set by spacewalk-common-channels * add gpg key info to suseProductSCCRepository (bsc#1199984) * Move ImageSync pillars to database (bsc#1199157) susemanager-sls: - Version 4.3.24-1 * Fix issue bootstrap issue with Debian 9 because missing python3-contextvars (bsc#1201782) * Fix deploy of SLE Micro CA Certificate (bsc#1200276) * disable local repos before bootstrap and at highstate (bsc#1191925) * deploy GPG keys to the clients and define trust in channels (bsc#1199984) * Enable basic support for Ubuntu 22.04 * Add port parameter to mgrutil.remove_ssh_known_host * Prevent possible tracebacks on calling module.run from mgrcompat by setting proper globals with using LazyLoader * Fix bootstrapping for Ubuntu 18.04 with classic Salt package (bsc#1200707) * create CA certificate symlink on Proxies which might get lost due to de-installation of the ca package uyuni-common-libs: - Version 4.3.5-1 * Fix reposync issue about 'rpm.hdr' object has no attribute 'get' virtual-host-gatherer: - Declare the LICENSE file as license and not doc woodstox: - Declare the LICENSE file as license and not doc xmlpull-api: - Declare the LICENSE file as license and not doc How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3194=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (ppc64le s390x x86_64): inter-server-sync-0.2.3-150400.3.3.1 inter-server-sync-debuginfo-0.2.3-150400.3.3.1 python3-uyuni-common-libs-4.3.5-150400.3.3.2 reprepro-5.3.0-150400.3.3.1 reprepro-debuginfo-5.3.0-150400.3.3.1 reprepro-debugsource-5.3.0-150400.3.3.1 smdba-1.7.10-0.150400.4.3.1 susemanager-4.3.18-150400.3.3.2 susemanager-tools-4.3.18-150400.3.3.2 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch): apache-commons-csv-1.2-150400.3.3.1 apache-commons-math3-3.2-150400.3.3.1 drools-7.17.0-150400.3.3.1 image-sync-formula-0.1.1658330139.861779d-150400.3.3.1 jakarta-commons-validator-1.1.4-21.150400.21.3.4 jose4j-0.5.1-150400.3.3.1 kie-api-7.17.0-150400.3.3.1 mvel2-2.2.6.Final-150400.3.3.1 optaplanner-7.17.0-150400.3.3.1 python3-spacewalk-certs-tools-4.3.14-150400.3.3.2 python3-spacewalk-client-tools-4.3.11-150400.3.3.4 python3-susemanager-retail-1.0.1658330139.861779d-150400.3.3.1 python3-urlgrabber-4.1.0-150400.3.3.1 salt-netapi-client-0.20.0-150400.3.3.5 spacecmd-4.3.14-150400.3.3.2 spacewalk-backend-4.3.15-150400.3.3.5 spacewalk-backend-app-4.3.15-150400.3.3.5 spacewalk-backend-applet-4.3.15-150400.3.3.5 spacewalk-backend-config-files-4.3.15-150400.3.3.5 spacewalk-backend-config-files-common-4.3.15-150400.3.3.5 spacewalk-backend-config-files-tool-4.3.15-150400.3.3.5 spacewalk-backend-iss-4.3.15-150400.3.3.5 spacewalk-backend-iss-export-4.3.15-150400.3.3.5 spacewalk-backend-package-push-server-4.3.15-150400.3.3.5 spacewalk-backend-server-4.3.15-150400.3.3.5 spacewalk-backend-sql-4.3.15-150400.3.3.5 spacewalk-backend-sql-postgresql-4.3.15-150400.3.3.5 spacewalk-backend-tools-4.3.15-150400.3.3.5 spacewalk-backend-xml-export-libs-4.3.15-150400.3.3.5 spacewalk-backend-xmlrpc-4.3.15-150400.3.3.5 spacewalk-base-4.3.23-150400.3.3.4 spacewalk-base-minimal-4.3.23-150400.3.3.4 spacewalk-base-minimal-config-4.3.23-150400.3.3.4 spacewalk-certs-tools-4.3.14-150400.3.3.2 spacewalk-client-tools-4.3.11-150400.3.3.4 spacewalk-common-4.3.5-150400.3.3.2 spacewalk-config-4.3.9-150400.3.3.3 spacewalk-html-4.3.23-150400.3.3.4 spacewalk-java-4.3.35-150400.3.3.5 spacewalk-java-config-4.3.35-150400.3.3.5 spacewalk-java-lib-4.3.35-150400.3.3.5 spacewalk-java-postgresql-4.3.35-150400.3.3.5 spacewalk-postgresql-4.3.5-150400.3.3.2 spacewalk-search-4.3.6-150400.3.3.3 spacewalk-setup-4.3.10-150400.3.3.3 spacewalk-taskomatic-4.3.35-150400.3.3.5 spacewalk-utils-4.3.13-150400.3.3.3 spacewalk-utils-extras-4.3.13-150400.3.3.3 subscription-matcher-0.29-150400.3.3.1 susemanager-build-keys-15.4.3-150400.3.3.1 susemanager-build-keys-web-15.4.3-150400.3.3.1 susemanager-docs_en-4.3-150400.9.3.1 susemanager-docs_en-pdf-4.3-150400.9.3.1 susemanager-retail-tools-1.0.1658330139.861779d-150400.3.3.1 susemanager-schema-4.3.13-150400.3.3.3 susemanager-schema-utility-4.3.13-150400.3.3.3 susemanager-sls-4.3.24-150400.3.3.1 uyuni-config-modules-4.3.24-150400.3.3.1 virtual-host-gatherer-1.0.23-150400.3.3.1 virtual-host-gatherer-Kubernetes-1.0.23-150400.3.3.1 virtual-host-gatherer-Nutanix-1.0.23-150400.3.3.1 virtual-host-gatherer-VMware-1.0.23-150400.3.3.1 virtual-host-gatherer-libcloud-1.0.23-150400.3.3.1 woodstox-4.4.2-150400.3.3.1 xmlpull-api-1.1.3.1-150400.3.3.1

References

#1172179 #1179962 #1186011 #1187028 #1191925

#1194394 #1195455 #1198356 #1198358 #1198944

#1199147 #1199157 #1199523 #1199629 #1199646

#1199656 #1199659 #1199662 #1199663 #1199679

#1199714 #1199727 #1199779 #1199817 #1199874

#1199950 #1199984 #1199998 #1200276 #1200347

#1200532 #1200591 #1200606 #1200707 #1201003

#1201142 #1201189 #1201224 #1201411 #1201498

#1201782 #1201842

Cross- CVE-2022-31248

CVSS scores:

CVE-2022-31248 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE-2022-31248 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:

SUSE Linux Enterprise Module for SUSE Manager Server 4.3

SUSE Manager Server 4.3

https://www.suse.com/security/cve/CVE-2022-31248.html

https://bugzilla.suse.com/1172179

https://bugzilla.suse.com/1179962

https://bugzilla.suse.com/1186011

https://bugzilla.suse.com/1187028

https://bugzilla.suse.com/1191925

https://bugzilla.suse.com/1194394

https://bugzilla.suse.com/1195455

https://bugzilla.suse.com/1198356

https://bugzilla.suse.com/1198358

https://bugzilla.suse.com/1198944

https://bugzilla.suse.com/1199147

https://bugzilla.suse.com/1199157

https://bugzilla.suse.com/1199523

https://bugzilla.suse.com/1199629

https://bugzilla.suse.com/1199646

https://bugzilla.suse.com/1199656

https://bugzilla.suse.com/1199659

https://bugzilla.suse.com/1199662

https://bugzilla.suse.com/1199663

https://bugzilla.suse.com/1199679

https://bugzilla.suse.com/1199714

https://bugzilla.suse.com/1199727

https://bugzilla.suse.com/1199779

https://bugzilla.suse.com/1199817

https://bugzilla.suse.com/1199874

https://bugzilla.suse.com/1199950

https://bugzilla.suse.com/1199984

https://bugzilla.suse.com/1199998

https://bugzilla.suse.com/1200276

https://bugzilla.suse.com/1200347

https://bugzilla.suse.com/1200532

https://bugzilla.suse.com/1200591

https://bugzilla.suse.com/1200606

https://bugzilla.suse.com/1200707

https://bugzilla.suse.com/1201003

https://bugzilla.suse.com/1201142

https://bugzilla.suse.com/1201189

https://bugzilla.suse.com/1201224

https://bugzilla.suse.com/1201411

https://bugzilla.suse.com/1201498

https://bugzilla.suse.com/1201782

https://bugzilla.suse.com/1201842

Severity
Announcement ID: SUSE-SU-2022:3194-1
Rating: moderate

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.