SUSE: 2022:3194-1 moderate: SUSE Manager Server 4.3
Summary
This update fixes the following issues: apache-commons-csv: - Fix the URL for the package - Declare the LICENSE file as license and not doc apache-commons-math3: - Fix the URL for the package - Declare the LICENSE file as license and not doc drools: - Declare the LICENSE file as license and not doc image-sync-formula: - Update to version 0.1.1658330139.861779d * Fix deleting of unused boot images * Support deltas for system images (bsc#1201498) * Do not try to show changes in images (bsc#1199998) inter-server-sync: - Version 0.2.3 * Compress exported sql data #16631 jakarta-commons-validator: - Declare the LICENSE file as license and not doc jose4j: - Declare the LICENSE file as license and not doc kie-api: - Declare the LICENSE file as license and not doc mvel2: - Declare the LICENSE file as license and not doc optaplanner: - Declare the LICENSE file as license and not doc python-susemanager-retail: - Update to version 0.1.1658330139.861779d * Support deltas for system images (bsc#1201498) * Fix error message on incorrect --log-level arg (bsc#1199727) python-urlgrabber: - Fix wrong logic on find_proxy method causing proxy not being used reprepro: - Bump up the maxsize on a fixed-size C buffer to avoid breaking on some autogenerated rust packages - Flush stdout and stderr before execv of an end hook - Add support for Zstd compressed debs - Added alternative package name for db4-devel. salt-netapi-client: - Declare the LICENSE file as license and not doc smdba: - Declare the LICENSE file as license and not doc spacecmd: - Version 4.3.14-1 * Fix missing argument on system_listmigrationtargets (bsc#1201003) * Show correct help on calling kickstart_importjson with no arguments * Fix tracebacks on spacecmd kickstart_export (bsc#1200591) * Change proxy container config default filename to end with tar.gz spacewalk: - Version 4.3.5-1 * Simplified PostgreSQL14 requirement. * Update server-migrator to dist-upgrade to openSUSE 15.4 spacewalk-backend: - Version 4.3.15-1 * cleanup leftovers from removing unused xmlrpc endpoint * Fix issues with "http proxy" not being used by reposync in some cases spacewalk-certs-tools: - Version 4.3.14-1 * traditional stack bootstrap: install product packages (bsc#1201142) * display messages to restart services after certificate change * improve CA Chain checking by comparing authorityKeyIdentifier with subjectKeyIdentifier spacewalk-client-tools: - Version 4.3.11-1 * Update translation strings spacewalk-config: - Version 4.3.9-1 * fix posttrans error "RHN-ORG-TRUSTED-SSL-CERT" not found spacewalk-java: - Version 4.3.35-1 * Modify parameter type when communicating with the search server (bsc#1187028) * Fix hibernate error on deleting an image with delta * Changed logout method to POST on HTTP API (bsc#1199663) * Turned API information endpoints public (bsc#1199817) * Fix typo and ordering of JSON over HTTP API example scripts * Improved log handling in HTTP API (bsc#1199662) * set Channel GPG Key info from SCC data * set GPG Key Url as channel pillar data (bsc#1199984) * new API endpoint for addErrataUpdate, that take multiple servers as argument * Move ImageSync pillars to database (bsc#1199157) * Fix conflict when system is assigned to multiple instances of the same formula (bsc#1194394) * Fix initial profile and build host on Image Build page (bsc#1199659) * Convert formula integer values when upgrading (bsc#1200347) * Cleanup salt known_hosts when generating proxy containers config * Modify proxy containers configuration files set output * Change proxy containers config to tarball with yaml files * Fixed date format on scheduler related messages (bsc#1195455) * Improved dropdown layout handling * Fix download CSV * Hide authentication data in PAYG UI (bsc#1199679) * Clean grub2 reinstall entry in autoyast snippet (bsc#1199950) * Show reboot alert message on all system detail pages (bsc#1199779) * Show patch as installed in CVE Audit even if successor patch affects additional packages (bsc#1199646) * Fix refresh action confirmation message when no system is selected * Fix Intenal Server Error when URI contains invalid sysid (bsc#1186011) * Fix notification message on system properties update to ensure style consistency (bsc#1172179) * Fix containerized proxy configuration machine name * Improve CLM channel cloning performance (bsc#1199523) * Keep the websocket connections alive with ping/pong frames (bsc#1199874) * add detection of Ubuntu 22.04 * fix missing remote command history events for big output (bsc#1199656) * fix api log message references the wrong user (bsc#1179962) * Consistently use conf value for SPA engine timeout * fix download of packages with caret sign in the version due to missing url decode * Add specific requirement for Cobbler 3.2.1 to not conflict with Leap 15.4 * Fix send login(s) and send password actions to avoid user enumeration (bsc#1199629) (CVE-2022-31248) spacewalk-search: - Version 4.3.6-1 * Add method to handle session id as String * Migrated from log4j1.x.x to log4j2.x.x * update ivy development files spacewalk-setup: - Version 4.3.10-1 * spacewalk-setup-cobbler assumes /etc/apache2/conf.d now as a default instead of /etc/httpd/conf.d (bsc#1198356) * Allow alternative usage of perl-Net-LibIDN2. spacewalk-utils: - Version 4.3.13-1 * change gpg key urls to file urls where possible * spacewalk-hostname-rename now correctly replaces the hostname for the mgr-sync configuration file (bsc#1198356) * spacewalk-hostname-rename now utilizes the "--apache2-conf-dir" flag for spacewalk-setup-cobbler * Add repositories for Ubuntu 22.04 LTS * Add AlmaLinux 9 and Oracle Linux 9 to spacewalk-common-channels * Add missing SLES 15 SP4 client tools repositories to spacewalk-common-channels.ini * add deprecation warning for spacewalk-clone-by-date * Add EPEL8 for Almalinux 8 and Rocky 8 in spacewalk-common-channels.ini * openSUSE Leap 15.4 repositories spacewalk-web: - Version 4.3.23-1 * Update the version for the WebUI * Fix initial profile and build host on Image Build page (bsc#1199659) * Handle multi line error messages in proxy containers config creation * Hide authentication data in PAYG UI (bsc#1199679) * add textarea to formulas * Consistently use conf value for SPA engine timeout * Remove nodejs-packaging as a build requirement * Update translation strings subscription-matcher: - Declare the LICENSE file as license and not doc susemanager: - Version 4.3.18-1 * Add missing python3-gnupg to Debian10 bootstrap repo (bsc#1201842) * Add clients tool product to generate bootstrap repo on OpenSUSE 15.x (bsc#1201189) * Add Oracle Linux 9 bootstrap repositories for Uyuni * Add AlmaLinux 9 bootstrap repositories for Uyuni * Add Red Hat Enterprise Linux 9 repositories for Uyuni * Make the Salt Bundle optional for bootstrap repositories for Debian 9 and SUSE Manager Proxy 4.2 * Enable bootstrapping for Ubuntu 22.04 LTS * fix pg-migrate-x-to-y.sh comment: migration without creating backup use -f option * bootstrap repo: set optional packages * Add python3-contextvars and python3-immutables to missing bootstrap repos (bsc#1200606) * Update server-migrator to dist-upgrade to openSUSE 15.4 susemanager-build-keys: - Version 15.4.3 * Add Uyuni Client Tools key * Install keys for Client Tools Channels in salt filesystem to be able to deploy them to clients * Add openEuler 22.03 key * Add AlmaLinux 9 key * Add Oracle Linux 9 keys * RPM-GPG-KEY-openEuler * RPM-GPG-KEY-AlmaLinux-9 * RPM-GPG-KEY-oracle * RPM-GPG-KEY-oracle-backup susemanager-docs_en: - Described disabling local repositories in Client Configuration Guide - Remove misleading installation screen shots in the Installation and Upgrade Guide (bsc#1201411) - Fixed Ubuntu 18 Client registration in Client Configuration Guide (bsc#1201224) - Removed sle-module-pythonX in VM Installation chapter of Installation and Upgrade Guide because SUSE Manager 4.3 does not require it - In the Custom Channel section of the Administration Guide add a note about synchronizing repositories regularly - Removed SUSE Linux Enterprise 11 from the list of supported client systems - Update section about changing SSL certificates - Added ports 1232 and 1233 in the Ports section of the Installation and Upgrade Guide; required for Salt SSH Push (bsc#1200532) - Fixed 'fast' switch ('-f') of the database migration script in Installation and Upgrade Guide - Updated Virtualization chapter in Client Configuration Guide; more on limitation other than Xen and KVM - Added information about registering RHEL clients on Azure in the Import Entitlements and Certificates section of the Client Configuration Guide (bsc#1198944) - Fixed VisibleIf documentation in Formula section of the Salt Guide - Added note about importing CA certifcate in Installation and Upgrade Guide (bsc#1198358) - Documented defining monitored targets using file-based service discovery provided in the Prometheus formula in the Salt Guide - In Supported Clients and Features chapter in Client Configuration Guide, remove SUSE Linux Enterprise 11 (bsc#1199147) - Improve traditional client deprecation statement in Client Configuration Guide (bsc#1199714) susemanager-schema: - Version 4.3.13-1 * update GPG key urls in channels set by spacewalk-common-channels * add gpg key info to suseProductSCCRepository (bsc#1199984) * Move ImageSync pillars to database (bsc#1199157) susemanager-sls: - Version 4.3.24-1 * Fix issue bootstrap issue with Debian 9 because missing python3-contextvars (bsc#1201782) * Fix deploy of SLE Micro CA Certificate (bsc#1200276) * disable local repos before bootstrap and at highstate (bsc#1191925) * deploy GPG keys to the clients and define trust in channels (bsc#1199984) * Enable basic support for Ubuntu 22.04 * Add port parameter to mgrutil.remove_ssh_known_host * Prevent possible tracebacks on calling module.run from mgrcompat by setting proper globals with using LazyLoader * Fix bootstrapping for Ubuntu 18.04 with classic Salt package (bsc#1200707) * create CA certificate symlink on Proxies which might get lost due to de-installation of the ca package uyuni-common-libs: - Version 4.3.5-1 * Fix reposync issue about 'rpm.hdr' object has no attribute 'get' virtual-host-gatherer: - Declare the LICENSE file as license and not doc woodstox: - Declare the LICENSE file as license and not doc xmlpull-api: - Declare the LICENSE file as license and not doc How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3194=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (ppc64le s390x x86_64): inter-server-sync-0.2.3-150400.3.3.1 inter-server-sync-debuginfo-0.2.3-150400.3.3.1 python3-uyuni-common-libs-4.3.5-150400.3.3.2 reprepro-5.3.0-150400.3.3.1 reprepro-debuginfo-5.3.0-150400.3.3.1 reprepro-debugsource-5.3.0-150400.3.3.1 smdba-1.7.10-0.150400.4.3.1 susemanager-4.3.18-150400.3.3.2 susemanager-tools-4.3.18-150400.3.3.2 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch): apache-commons-csv-1.2-150400.3.3.1 apache-commons-math3-3.2-150400.3.3.1 drools-7.17.0-150400.3.3.1 image-sync-formula-0.1.1658330139.861779d-150400.3.3.1 jakarta-commons-validator-1.1.4-21.150400.21.3.4 jose4j-0.5.1-150400.3.3.1 kie-api-7.17.0-150400.3.3.1 mvel2-2.2.6.Final-150400.3.3.1 optaplanner-7.17.0-150400.3.3.1 python3-spacewalk-certs-tools-4.3.14-150400.3.3.2 python3-spacewalk-client-tools-4.3.11-150400.3.3.4 python3-susemanager-retail-1.0.1658330139.861779d-150400.3.3.1 python3-urlgrabber-4.1.0-150400.3.3.1 salt-netapi-client-0.20.0-150400.3.3.5 spacecmd-4.3.14-150400.3.3.2 spacewalk-backend-4.3.15-150400.3.3.5 spacewalk-backend-app-4.3.15-150400.3.3.5 spacewalk-backend-applet-4.3.15-150400.3.3.5 spacewalk-backend-config-files-4.3.15-150400.3.3.5 spacewalk-backend-config-files-common-4.3.15-150400.3.3.5 spacewalk-backend-config-files-tool-4.3.15-150400.3.3.5 spacewalk-backend-iss-4.3.15-150400.3.3.5 spacewalk-backend-iss-export-4.3.15-150400.3.3.5 spacewalk-backend-package-push-server-4.3.15-150400.3.3.5 spacewalk-backend-server-4.3.15-150400.3.3.5 spacewalk-backend-sql-4.3.15-150400.3.3.5 spacewalk-backend-sql-postgresql-4.3.15-150400.3.3.5 spacewalk-backend-tools-4.3.15-150400.3.3.5 spacewalk-backend-xml-export-libs-4.3.15-150400.3.3.5 spacewalk-backend-xmlrpc-4.3.15-150400.3.3.5 spacewalk-base-4.3.23-150400.3.3.4 spacewalk-base-minimal-4.3.23-150400.3.3.4 spacewalk-base-minimal-config-4.3.23-150400.3.3.4 spacewalk-certs-tools-4.3.14-150400.3.3.2 spacewalk-client-tools-4.3.11-150400.3.3.4 spacewalk-common-4.3.5-150400.3.3.2 spacewalk-config-4.3.9-150400.3.3.3 spacewalk-html-4.3.23-150400.3.3.4 spacewalk-java-4.3.35-150400.3.3.5 spacewalk-java-config-4.3.35-150400.3.3.5 spacewalk-java-lib-4.3.35-150400.3.3.5 spacewalk-java-postgresql-4.3.35-150400.3.3.5 spacewalk-postgresql-4.3.5-150400.3.3.2 spacewalk-search-4.3.6-150400.3.3.3 spacewalk-setup-4.3.10-150400.3.3.3 spacewalk-taskomatic-4.3.35-150400.3.3.5 spacewalk-utils-4.3.13-150400.3.3.3 spacewalk-utils-extras-4.3.13-150400.3.3.3 subscription-matcher-0.29-150400.3.3.1 susemanager-build-keys-15.4.3-150400.3.3.1 susemanager-build-keys-web-15.4.3-150400.3.3.1 susemanager-docs_en-4.3-150400.9.3.1 susemanager-docs_en-pdf-4.3-150400.9.3.1 susemanager-retail-tools-1.0.1658330139.861779d-150400.3.3.1 susemanager-schema-4.3.13-150400.3.3.3 susemanager-schema-utility-4.3.13-150400.3.3.3 susemanager-sls-4.3.24-150400.3.3.1 uyuni-config-modules-4.3.24-150400.3.3.1 virtual-host-gatherer-1.0.23-150400.3.3.1 virtual-host-gatherer-Kubernetes-1.0.23-150400.3.3.1 virtual-host-gatherer-Nutanix-1.0.23-150400.3.3.1 virtual-host-gatherer-VMware-1.0.23-150400.3.3.1 virtual-host-gatherer-libcloud-1.0.23-150400.3.3.1 woodstox-4.4.2-150400.3.3.1 xmlpull-api-1.1.3.1-150400.3.3.1
References
#1172179 #1179962 #1186011 #1187028 #1191925
#1194394 #1195455 #1198356 #1198358 #1198944
#1199147 #1199157 #1199523 #1199629 #1199646
#1199656 #1199659 #1199662 #1199663 #1199679
#1199714 #1199727 #1199779 #1199817 #1199874
#1199950 #1199984 #1199998 #1200276 #1200347
#1200532 #1200591 #1200606 #1200707 #1201003
#1201142 #1201189 #1201224 #1201411 #1201498
#1201782 #1201842
Cross- CVE-2022-31248
CVSS scores:
CVE-2022-31248 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2022-31248 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Server 4.3
SUSE Manager Server 4.3
https://www.suse.com/security/cve/CVE-2022-31248.html
https://bugzilla.suse.com/1172179
https://bugzilla.suse.com/1179962
https://bugzilla.suse.com/1186011
https://bugzilla.suse.com/1187028
https://bugzilla.suse.com/1191925
https://bugzilla.suse.com/1194394
https://bugzilla.suse.com/1195455
https://bugzilla.suse.com/1198356
https://bugzilla.suse.com/1198358
https://bugzilla.suse.com/1198944
https://bugzilla.suse.com/1199147
https://bugzilla.suse.com/1199157
https://bugzilla.suse.com/1199523
https://bugzilla.suse.com/1199629
https://bugzilla.suse.com/1199646
https://bugzilla.suse.com/1199656
https://bugzilla.suse.com/1199659
https://bugzilla.suse.com/1199662
https://bugzilla.suse.com/1199663
https://bugzilla.suse.com/1199679
https://bugzilla.suse.com/1199714
https://bugzilla.suse.com/1199727
https://bugzilla.suse.com/1199779
https://bugzilla.suse.com/1199817
https://bugzilla.suse.com/1199874
https://bugzilla.suse.com/1199950
https://bugzilla.suse.com/1199984
https://bugzilla.suse.com/1199998
https://bugzilla.suse.com/1200276
https://bugzilla.suse.com/1200347
https://bugzilla.suse.com/1200532
https://bugzilla.suse.com/1200591
https://bugzilla.suse.com/1200606
https://bugzilla.suse.com/1200707
https://bugzilla.suse.com/1201003
https://bugzilla.suse.com/1201142
https://bugzilla.suse.com/1201189
https://bugzilla.suse.com/1201224
https://bugzilla.suse.com/1201411
https://bugzilla.suse.com/1201498
https://bugzilla.suse.com/1201782
https://bugzilla.suse.com/1201842