

# Maintenance update for SUSE Manager 4.2: Server, Proxy and Retail Branch
Server

Announcement ID: SUSE-SU-2023:1831-1  
Rating: important  
References:

  * bsc#1179926
  * bsc#1197027
  * bsc#1206562
  * bsc#1206973
  * bsc#1207063
  * bsc#1207308
  * bsc#1207352
  * bsc#1207490
  * bsc#1207799
  * bsc#1207829
  * bsc#1207830
  * bsc#1207838
  * bsc#1207883
  * bsc#1208288
  * bsc#1208321
  * bsc#1208325
  * bsc#1208586
  * bsc#1208687
  * bsc#1208719
  * bsc#1208772
  * bsc#1208908
  * bsc#1209369
  * bsc#1209386
  * bsc#1209434
  * bsc#1209703
  * jsc#PED-2777

  
Cross-References:

  * CVE-2020-8908
  * CVE-2022-0860
  * CVE-2023-22644

  
CVSS scores:

  * CVE-2020-8908 ( SUSE ):  4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  * CVE-2020-8908 ( NVD ):  3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  * CVE-2022-0860 ( SUSE ):  8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
  * CVE-2022-0860 ( NVD ):  9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  * CVE-2023-22644 ( NVD ):  3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

  
Affected Products:

  * Development Tools Module 15-SP4
  * openSUSE Leap 15.4
  * SUSE Enterprise Storage 7
  * SUSE Enterprise Storage 7.1
  * SUSE Linux Enterprise Desktop 15 SP4
  * SUSE Linux Enterprise High Performance Computing 15 SP2
  * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
  * SUSE Linux Enterprise High Performance Computing 15 SP3
  * SUSE Linux Enterprise High Performance Computing 15 SP4
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
  * SUSE Linux Enterprise Real Time 15 SP3
  * SUSE Linux Enterprise Real Time 15 SP4
  * SUSE Linux Enterprise Server 15 SP2
  * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
  * SUSE Linux Enterprise Server 15 SP3
  * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
  * SUSE Linux Enterprise Server 15 SP4
  * SUSE Linux Enterprise Server for SAP Applications 15 SP2
  * SUSE Linux Enterprise Server for SAP Applications 15 SP3
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4
  * SUSE Manager Proxy 4.2
  * SUSE Manager Proxy 4.2 Module 4.2
  * SUSE Manager Proxy 4.3
  * SUSE Manager Retail Branch Server 4.2
  * SUSE Manager Retail Branch Server 4.3
  * SUSE Manager Server 4.2
  * SUSE Manager Server 4.2 Module 4.2
  * SUSE Manager Server 4.3

  
  
An update that solves three vulnerabilities, contains one feature and has 22
security fixes can now be installed.

## Security update for SUSE Manager Server 4.2

### Description:

This update fixes the following issues:

cobbler:

  * CVE-2022-0860: Unbreak PAM authentication due to missing encode of user
    input in the PAM auth module of Cobbler (bsc#1197027)
  * Fix S390X auto-installation for cases where kernel options are longer than
    79 characters (bsc#1207308)
  * Switch packaging from patch based to Git tree based development
  * All patches that are being removed in this revision are contained in the new
    Git tree.

guava:

  * Upgrade to guava 30.1.1
  * CVE-2020-8908: temp directory creation vulnerability in Guava versions prior
    to 30.0. (bsc#1179926)
  * Remove parent reference from ALL distributed pom files
  * Avoid version-less dependencies that can cause problems with some tools
  * Build the package with ant in order to prevent build cycles using a
    generated and customized ant build system
  * Produce with Java >= 9 binaries that are compatible with Java 8

jsr-305:

  * Deliver jsr-305 to SUSE Manager as Guava dependency

mgr-libmod:

  * Version 4.2.8-1
  * Ignore extra metadata fields for Liberty Linux (bsc#1208908)

spacecmd:

  * Version 4.2.22-1
  * Display activation key details after executing the corresponding command
    (bsc#1208719)
  * Show targetted packages before actually removing them (bsc#1207830)
  * Fix spacecmd not showing any output for softwarechannel_diff and
    softwarechannel_errata_diff (bsc#1207352)

spacewalk-backend:

  * Version 4.2.27-1
  * Fix the mgr-inter-sync not creating valid repository metadata when dealing
    with empty channels (bsc#1207829)
  * Fix repo sync for cloud "Pay As You Go" connected repositories (bsc#1208772)
  * Fix issues with kickstart syncing on mirrorlist repositories
  * Do not sync .mirrorlist and other non needed files
  * reposync: catch local file not found urlgrabber error properly (bsc#1208288)

spacewalk-client-tools:

  * Version 4.2.23-1
  * Update translation strings

spacewalk-java:

  * Version 4.2.49-1
  * Refactor Java notification synchronize to avoid deadlocks (bsc#1209369)

  * Version 4.2.48-1

  * Prevent logging formula data (bsc#1209386)
  * Use gnu-jaf instead of jaf
  * Use reload4j instead of log4j or log4j12
  * Use slf4j-reload4j
  * Save scheduler user when creating Patch actions manually (bsc#1208321)
  * Add `mgr_server_is_uyuni` minion pillar item
  * Do not execute immediately Package Refresh action for the SSH minion
    (bsc#1208325)
  * Mark as failed actions that cannot be scheduled because earliest date is too
    old
  * Update earliest date when rescheduling failed actions (bsc#1206562)
  * Fix reconnection of postgres event stream
  * fix NumberFormatException when syncing Ubuntu errata (bsc#1207883)
  * Fix duplicate keys in image tables (bsc#1207799)
  * Fix CLM environments UI for environment labels containing dots (bsc#1207838)

spacewalk-search:

  * Version 4.2.10-1
  * Use reload4j instead of log4j or log4j12

spacewalk-web:

  * Version 4.2.34-1
  * Fix datetime picker appearing behind modal edge (bsc#1209703)

  * Version 4.2.33-1

  * Deprecate jQuery datepicker, integrate React datepicker
  * Fix CLM environments UI for environment labels containing dots (bsc#1207838)

subscription-matcher:

  * Relax antlr version requirement

supportutils-plugin-susemanager:

  * Version 4.2.6-1
  * Fix DB connection check tool (bsc#1208586)

susemanager-build-keys:

  * Version 15.3.7 (jsc#PED-2777):
  * Add new 4096 bit RSA build key gpg-pubkey-3fa1d6ce-63c9481c.asc
  * add new 4096 bit RSA reserve build key gpg-pubkey-d588dc46-63c939db.asc
  * Add 2022 2048 bit RSA PTF key suse_ptf_key-6F5DA62B.asc
  * Add new 4096 bit RSA PTF key suse_ptf_key_2023.asc

susemanager-doc-indexes:

  * Removed z196 and z114 from listing in System Z chapter of the Installation
    and Upgrade Guide (bsc#1206973)
  * Branding updated for 2023
  * New search engine optimization improvements for documentation
  * Translations are now included in the webui help documentation
  * Local search is now provided with the webui help documentation

susemanager-docs_en:

  * Removed z196 and z114 from listing in System Z chapter of the Installation
    and Upgrade Guide (bsc#1206973)
  * Branding updated for 2023
  * New search engine optimization improvements for documentation
  * Translations are now included in the WebUI help documentation
  * Local search is now provided with the WebUI help documentation

susemanager-sls:

  * Version 4.2.32-1
  * Improve error handling in mgr_events.py (bsc#1208687)

susemanager-tftpsync:

  * Version 4.2.4-1
  * Fix removal of proxies section in cobbler settings (bsc#1207063)

uyuni-common-libs:

  * Version 4.2.10-1
  * Allow default component for context manager.

virtual-host-gatherer:

  * Version 1.0.25-1
  * Report total CPU numbers in the libvirt module

How to apply this update:

  1. Log in as root user to the SUSE Manager Server.
  2. Stop the Spacewalk service: `spacewalk-service stop`
  3. Apply the patch using either zypper patch or YaST Online Update.
  4. Start the Spacewalk service: `spacewalk-service start`

## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.2

### Description:

This update fixes the following issues:

mgr-daemon:

  * Version 4.2.11-1
  * Update translation strings

spacecmd:

  * Version 4.2.22-1
  * Display activation key details after executing the corresponding command
    (bsc#1208719)
  * Show targetted packages before actually removing them (bsc#1207830)
  * Fix spacecmd not showing any output for softwarechannel_diff and
    softwarechannel_errata_diff (bsc#1207352)

spacewalk-backend:

  * Version 4.2.27-1
  * Fix the mgr-inter-sync not creating valid repository metadata when dealing
    with empty channels (bsc#1207829)
  * fix repo sync for cloud payg connected repositories (bsc#1208772)
  * Fix issues with kickstart syncing on mirrorlist repositories
  * Do not sync .mirrorlist and other non needed files
  * reposync: catch local file not found urlgrabber error properly (bsc#1208288)

spacewalk-client-tools:

  * Version 4.2.23-1
  * Update translation strings

spacewalk-proxy:

  * Version 4.2.14-1
  * Avoid unnecessary debug messages from proxy backend (bsc#1207490)

spacewalk-web:

  * Version 4.2.34-1
  * Fix datetime picker appearing behind modal edge (bsc#1209703)

  * Version 4.2.33-1

  * Deprecate jQuery datepicker, integrate React datepicker
  * Fix CLM environments UI for environment labels containing dots (bsc#1207838)

susemanager-build-keys:

  * Version 15.3.7 (jsc#PED-2777):
  * Add new 4096 bit RSA build key gpg-pubkey-3fa1d6ce-63c9481c.asc
  * Add new 4096 bit RSA reserve build key gpg-pubkey-d588dc46-63c939db.asc
  * Add 2022 2048 bit RSA PTF key suse_ptf_key-6F5DA62B.asc
  * Add new 4096 bit RSA PTF key suse_ptf_key_2023.asc

uyuni-common-libs:

  * Version 4.2.10-1
  * Allow default component for context manager.

How to apply this update:

  1. Log in as root user to the SUSE Manager Proxy or Retail Branch Server.
  2. Stop the proxy service: `spacewalk-proxy stop`
  3. Apply the patch using either zypper patch or YaST Online Update.
  4. Start the Spacewalk service: `spacewalk-proxy start`

## Recommended update for jsr-305

### Description:

This update for jsr-305 provides the following fix:

    
    
    - Ship the correct versions of jsr-305 on SUSE Manager repositories (no source changes).
    

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Manager Proxy 4.2 Module 4.2  
    zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-1831=1

  * SUSE Manager Server 4.2 Module 4.2  
    zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-1831=1

  * openSUSE Leap 15.4  
    zypper in -t patch openSUSE-SLE-15.4-2023-1831=1

  * Development Tools Module 15-SP4  
    zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-1831=1

  * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1831=1

  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1831=1

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1831=1

  * SUSE Linux Enterprise Real Time 15 SP3  
    zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1831=1

  * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1831=1

  * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1831=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP2  
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1831=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP3  
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1831=1

  * SUSE Enterprise Storage 7.1  
    zypper in -t patch SUSE-Storage-7.1-2023-1831=1

  * SUSE Enterprise Storage 7  
    zypper in -t patch SUSE-Storage-7-2023-1831=1

## Package List:

  * SUSE Manager Proxy 4.2 Module 4.2 (noarch)
    * spacewalk-proxy-salt-4.2.14-150300.3.27.6
    * python3-spacewalk-client-tools-4.2.23-150300.4.33.7
    * spacewalk-client-setup-4.2.23-150300.4.33.7
    * spacewalk-base-minimal-4.2.34-150300.3.41.5
    * python3-spacewalk-client-setup-4.2.23-150300.4.33.7
    * susemanager-build-keys-15.3.6-150300.3.9.5
    * spacewalk-client-tools-4.2.23-150300.4.33.7
    * spacewalk-proxy-management-4.2.14-150300.3.27.6
    * spacecmd-4.2.22-150300.4.36.7
    * mgr-daemon-4.2.11-150300.2.12.5
    * spacewalk-proxy-redirect-4.2.14-150300.3.27.6
    * spacewalk-check-4.2.23-150300.4.33.7
    * spacewalk-base-minimal-config-4.2.34-150300.3.41.5
    * spacewalk-proxy-package-manager-4.2.14-150300.3.27.6
    * susemanager-build-keys-web-15.3.6-150300.3.9.5
    * spacewalk-proxy-common-4.2.14-150300.3.27.6
    * python3-spacewalk-check-4.2.23-150300.4.33.7
    * spacewalk-proxy-broker-4.2.14-150300.3.27.6
    * spacewalk-backend-4.2.27-150300.4.38.7
  * SUSE Manager Proxy 4.2 Module 4.2 (x86_64)
    * python3-uyuni-common-libs-4.2.10-150300.3.17.6
  * SUSE Manager Server 4.2 Module 4.2 (noarch)
    * guava-30.1.1-150300.4.3.4
    * virtual-host-gatherer-libcloud-1.0.25-150300.3.12.5
    * virtual-host-gatherer-VMware-1.0.25-150300.3.12.5
    * spacewalk-backend-package-push-server-4.2.27-150300.4.38.7
    * spacewalk-backend-xmlrpc-4.2.27-150300.4.38.7
    * spacewalk-java-lib-4.2.49-150300.3.63.3
    * spacewalk-backend-app-4.2.27-150300.4.38.7
    * spacewalk-java-4.2.49-150300.3.63.3
    * spacewalk-base-minimal-config-4.2.34-150300.3.41.5
    * susemanager-sls-4.2.32-150300.3.46.5
    * susemanager-docs_en-pdf-4.2-150300.12.42.5
    * susemanager-doc-indexes-4.2-150300.12.42.6
    * subscription-matcher-0.29-150300.6.15.5
    * virtual-host-gatherer-Nutanix-1.0.25-150300.3.12.5
    * spacewalk-backend-4.2.27-150300.4.38.7
    * spacewalk-search-4.2.10-150300.3.18.6
    * spacewalk-base-minimal-4.2.34-150300.3.41.5
    * spacewalk-backend-sql-postgresql-4.2.27-150300.4.38.7
    * mgr-libmod-4.2.8-150300.3.9.6
    * spacewalk-backend-iss-export-4.2.27-150300.4.38.7
    * susemanager-docs_en-4.2-150300.12.42.5
    * supportutils-plugin-susemanager-4.2.6-150300.3.12.5
    * spacewalk-backend-applet-4.2.27-150300.4.38.7
    * spacewalk-backend-config-files-common-4.2.27-150300.4.38.7
    * spacewalk-html-4.2.34-150300.3.41.5
    * spacewalk-backend-server-4.2.27-150300.4.38.7
    * spacewalk-backend-config-files-tool-4.2.27-150300.4.38.7
    * spacewalk-backend-config-files-4.2.27-150300.4.38.7
    * cobbler-3.1.2-150300.5.22.5
    * spacewalk-base-4.2.34-150300.3.41.5
    * spacewalk-backend-xml-export-libs-4.2.27-150300.4.38.7
    * virtual-host-gatherer-1.0.25-150300.3.12.5
    * spacewalk-backend-iss-4.2.27-150300.4.38.7
    * spacecmd-4.2.22-150300.4.36.7
    * spacewalk-backend-tools-4.2.27-150300.4.38.7
    * virtual-host-gatherer-Kubernetes-1.0.25-150300.3.12.5
    * susemanager-build-keys-15.3.6-150300.3.9.5
    * spacewalk-java-postgresql-4.2.49-150300.3.63.3
    * jsr-305-3.0.2-150200.3.7.5
    * python3-spacewalk-client-tools-4.2.23-150300.4.33.7
    * uyuni-config-modules-4.2.32-150300.3.46.5
    * spacewalk-client-tools-4.2.23-150300.4.33.7
    * spacewalk-backend-sql-4.2.27-150300.4.38.7
    * susemanager-build-keys-web-15.3.6-150300.3.9.5
    * spacewalk-java-config-4.2.49-150300.3.63.3
    * spacewalk-taskomatic-4.2.49-150300.3.63.3
  * SUSE Manager Server 4.2 Module 4.2 (ppc64le s390x x86_64)
    * susemanager-tftpsync-4.2.4-150300.3.6.6
    * python3-uyuni-common-libs-4.2.10-150300.3.17.6
  * openSUSE Leap 15.4 (noarch)
    * jsr-305-3.0.2-150200.3.7.5
    * jsr-305-javadoc-3.0.2-150200.3.7.5
  * Development Tools Module 15-SP4 (noarch)
    * jsr-305-3.0.2-150200.3.7.5
  * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
    * jsr-305-3.0.2-150200.3.7.5
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch)
    * jsr-305-3.0.2-150200.3.7.5
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
    * jsr-305-3.0.2-150200.3.7.5
  * SUSE Linux Enterprise Real Time 15 SP3 (noarch)
    * jsr-305-3.0.2-150200.3.7.5
  * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
    * jsr-305-3.0.2-150200.3.7.5
  * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
    * jsr-305-3.0.2-150200.3.7.5
  * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
    * jsr-305-3.0.2-150200.3.7.5
  * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
    * jsr-305-3.0.2-150200.3.7.5
  * SUSE Enterprise Storage 7.1 (noarch)
    * jsr-305-3.0.2-150200.3.7.5
  * SUSE Enterprise Storage 7 (noarch)
    * jsr-305-3.0.2-150200.3.7.5

## References:

  * https://www.suse.com/security/cve/CVE-2020-8908.html
  * https://www.suse.com/security/cve/CVE-2022-0860.html
  * https://www.suse.com/security/cve/CVE-2023-22644.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1179926
  * https://bugzilla.suse.com/show_bug.cgi?id=1197027
  * https://bugzilla.suse.com/show_bug.cgi?id=1206562
  * https://bugzilla.suse.com/show_bug.cgi?id=1206973
  * https://bugzilla.suse.com/show_bug.cgi?id=1207063
  * https://bugzilla.suse.com/show_bug.cgi?id=1207308
  * https://bugzilla.suse.com/show_bug.cgi?id=1207352
  * https://bugzilla.suse.com/show_bug.cgi?id=1207490
  * https://bugzilla.suse.com/show_bug.cgi?id=1207799
  * https://bugzilla.suse.com/show_bug.cgi?id=1207829
  * https://bugzilla.suse.com/show_bug.cgi?id=1207830
  * https://bugzilla.suse.com/show_bug.cgi?id=1207838
  * https://bugzilla.suse.com/show_bug.cgi?id=1207883
  * https://bugzilla.suse.com/show_bug.cgi?id=1208288
  * https://bugzilla.suse.com/show_bug.cgi?id=1208321
  * https://bugzilla.suse.com/show_bug.cgi?id=1208325
  * https://bugzilla.suse.com/show_bug.cgi?id=1208586
  * https://bugzilla.suse.com/show_bug.cgi?id=1208687
  * https://bugzilla.suse.com/show_bug.cgi?id=1208719
  * https://bugzilla.suse.com/show_bug.cgi?id=1208772
  * https://bugzilla.suse.com/show_bug.cgi?id=1208908
  * https://bugzilla.suse.com/show_bug.cgi?id=1209369
  * https://bugzilla.suse.com/show_bug.cgi?id=1209386
  * https://bugzilla.suse.com/show_bug.cgi?id=1209434
  * https://bugzilla.suse.com/show_bug.cgi?id=1209703
  * https://jira.suse.com/login.jsp

SUSE: 2023:1831-1 important: Maintenance SUSE Manager 4.2

February 27, 2024

* bsc#1179926 * bsc#1197027 * bsc#1206562 * bsc#1206973 * bsc#1207063

Summary

### This update fixes the following issues: cobbler: * CVE-2022-0860: Unbreak PAM authentication due to missing encode of user input in the PAM auth module of Cobbler (bsc#1197027) * Fix S390X auto-installation for cases where kernel options are longer than 79 characters (bsc#1207308) * Switch packaging from patch based to Git tree based development * All patches that are being removed in this revision are contained in the new Git tree. guava: * Upgrade to guava 30.1.1 * CVE-2020-8908: temp directory creation vulnerability in Guava versions prior to 30.0. (bsc#1179926) * Remove parent reference from ALL distributed pom files * Avoid version-less dependencies that can cause problems with some tools * Build the package with ant in order to prevent build cycles using a generated and customized ant build system * Produce with Java >= 9 binaries that are compatible with Java 8 jsr-305: * Deliver jsr-305 to SUSE Manager as Guava dependency mgr-libmod: * Version 4.2.8-1 * Ignore extra metadata fields for Liberty Linux (bsc#1208908) spacecmd: * Version 4.2.22-1 * Display activation key details after executing the corresponding command (bsc#1208719) * Show targetted packages before actually removing them (bsc#1207830) * Fix spacecmd not showing any output for softwarechannel_diff and softwarechannel_errata_diff (bsc#1207352) spacewalk-backend: * Version 4.2.27-1 * Fix the mgr-inter-sync not creating valid repository metadata when dealing with empty channels (bsc#1207829) * Fix repo sync for cloud "Pay As You Go" connected repositories (bsc#1208772) * Fix issues with kickstart syncing on mirrorlist repositories * Do not sync .mirrorlist and other non needed files * reposync: catch local file not found urlgrabber error properly (bsc#1208288) spacewalk-client-tools: * Version 4.2.23-1 * Update translation strings spacewalk-java: * Version 4.2.49-1 * Refactor Java notification synchronize to avoid deadlocks (bsc#1209369) * Version 4.2.48-1 * Prevent logging formula data (bsc#1209386) * Use gnu-jaf instead of jaf * Use reload4j instead of log4j or log4j12 * Use slf4j-reload4j * Save scheduler user when creating Patch actions manually (bsc#1208321) * Add `mgr_server_is_uyuni` minion pillar item * Do not execute immediately Package Refresh action for the SSH minion (bsc#1208325) * Mark as failed actions that cannot be scheduled because earliest date is too old * Update earliest date when rescheduling failed actions (bsc#1206562) * Fix reconnection of postgres event stream * fix NumberFormatException when syncing Ubuntu errata (bsc#1207883) * Fix duplicate keys in image tables (bsc#1207799) * Fix CLM environments UI for environment labels containing dots (bsc#1207838) spacewalk-search: * Version 4.2.10-1 * Use reload4j instead of log4j or log4j12 spacewalk-web: * Version 4.2.34-1 * Fix datetime picker appearing behind modal edge (bsc#1209703) * Version 4.2.33-1 * Deprecate jQuery datepicker, integrate React datepicker * Fix CLM environments UI for environment labels containing dots (bsc#1207838) subscription-matcher: * Relax antlr version requirement supportutils-plugin-susemanager: * Version 4.2.6-1 * Fix DB connection check tool (bsc#1208586) susemanager-build-keys: * Version 15.3.7 (jsc#PED-2777): * Add new 4096 bit RSA build key gpg-pubkey-3fa1d6ce-63c9481c.asc * add new 4096 bit RSA reserve build key gpg-pubkey-d588dc46-63c939db.asc * Add 2022 2048 bit RSA PTF key suse_ptf_key-6F5DA62B.asc * Add new 4096 bit RSA PTF key suse_ptf_key_2023.asc susemanager-doc-indexes: * Removed z196 and z114 from listing in System Z chapter of the Installation and Upgrade Guide (bsc#1206973) * Branding updated for 2023 * New search engine optimization improvements for documentation * Translations are now included in the webui help documentation * Local search is now provided with the webui help documentation susemanager-docs_en: * Removed z196 and z114 from listing in System Z chapter of the Installation and Upgrade Guide (bsc#1206973) * Branding updated for 2023 * New search engine optimization improvements for documentation * Translations are now included in the WebUI help documentation * Local search is now provided with the WebUI help documentation susemanager-sls: * Version 4.2.32-1 * Improve error handling in mgr_events.py (bsc#1208687) susemanager-tftpsync: * Version 4.2.4-1 * Fix removal of proxies section in cobbler settings (bsc#1207063) uyuni-common-libs: * Version 4.2.10-1 * Allow default component for context manager. virtual-host-gatherer: * Version 1.0.25-1 * Report total CPU numbers in the libvirt module How to apply this update: 1. Log in as root user to the SUSE Manager Server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` ## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.2 ### This update fixes the following issues: mgr-daemon: * Version 4.2.11-1 * Update translation strings spacecmd: * Version 4.2.22-1 * Display activation key details after executing the corresponding command (bsc#1208719) * Show targetted packages before actually removing them (bsc#1207830) * Fix spacecmd not showing any output for softwarechannel_diff and softwarechannel_errata_diff (bsc#1207352) spacewalk-backend: * Version 4.2.27-1 * Fix the mgr-inter-sync not creating valid repository metadata when dealing with empty channels (bsc#1207829) * fix repo sync for cloud payg connected repositories (bsc#1208772) * Fix issues with kickstart syncing on mirrorlist repositories * Do not sync .mirrorlist and other non needed files * reposync: catch local file not found urlgrabber error properly (bsc#1208288) spacewalk-client-tools: * Version 4.2.23-1 * Update translation strings spacewalk-proxy: * Version 4.2.14-1 * Avoid unnecessary debug messages from proxy backend (bsc#1207490) spacewalk-web: * Version 4.2.34-1 * Fix datetime picker appearing behind modal edge (bsc#1209703) * Version 4.2.33-1 * Deprecate jQuery datepicker, integrate React datepicker * Fix CLM environments UI for environment labels containing dots (bsc#1207838) susemanager-build-keys: * Version 15.3.7 (jsc#PED-2777): * Add new 4096 bit RSA build key gpg-pubkey-3fa1d6ce-63c9481c.asc * Add new 4096 bit RSA reserve build key gpg-pubkey-d588dc46-63c939db.asc * Add 2022 2048 bit RSA PTF key suse_ptf_key-6F5DA62B.asc * Add new 4096 bit RSA PTF key suse_ptf_key_2023.asc uyuni-common-libs: * Version 4.2.10-1 * Allow default component for context manager. How to apply this update: 1. Log in as root user to the SUSE Manager Proxy or Retail Branch Server. 2. Stop the proxy service: `spacewalk-proxy stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-proxy start` ## Recommended update for jsr-305 ### This update for jsr-305 provides the following fix: - Ship the correct versions of jsr-305 on SUSE Manager repositories (no source changes). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Proxy 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-1831=1 * SUSE Manager Server 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-1831=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1831=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-1831=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1831=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1831=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1831=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1831=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1831=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1831=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1831=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1831=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1831=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1831=1 ## Package List: * SUSE Manager Proxy 4.2 Module 4.2 (noarch) * spacewalk-proxy-salt-4.2.14-150300.3.27.6 * python3-spacewalk-client-tools-4.2.23-150300.4.33.7 * spacewalk-client-setup-4.2.23-150300.4.33.7 * spacewalk-base-minimal-4.2.34-150300.3.41.5 * python3-spacewalk-client-setup-4.2.23-150300.4.33.7 * susemanager-build-keys-15.3.6-150300.3.9.5 * spacewalk-client-tools-4.2.23-150300.4.33.7 * spacewalk-proxy-management-4.2.14-150300.3.27.6 * spacecmd-4.2.22-150300.4.36.7 * mgr-daemon-4.2.11-150300.2.12.5 * spacewalk-proxy-redirect-4.2.14-150300.3.27.6 * spacewalk-check-4.2.23-150300.4.33.7 * spacewalk-base-minimal-config-4.2.34-150300.3.41.5 * spacewalk-proxy-package-manager-4.2.14-150300.3.27.6 * susemanager-build-keys-web-15.3.6-150300.3.9.5 * spacewalk-proxy-common-4.2.14-150300.3.27.6 * python3-spacewalk-check-4.2.23-150300.4.33.7 * spacewalk-proxy-broker-4.2.14-150300.3.27.6 * spacewalk-backend-4.2.27-150300.4.38.7 * SUSE Manager Proxy 4.2 Module 4.2 (x86_64) * python3-uyuni-common-libs-4.2.10-150300.3.17.6 * SUSE Manager Server 4.2 Module 4.2 (noarch) * guava-30.1.1-150300.4.3.4 * virtual-host-gatherer-libcloud-1.0.25-150300.3.12.5 * virtual-host-gatherer-VMware-1.0.25-150300.3.12.5 * spacewalk-backend-package-push-server-4.2.27-150300.4.38.7 * spacewalk-backend-xmlrpc-4.2.27-150300.4.38.7 * spacewalk-java-lib-4.2.49-150300.3.63.3 * spacewalk-backend-app-4.2.27-150300.4.38.7 * spacewalk-java-4.2.49-150300.3.63.3 * spacewalk-base-minimal-config-4.2.34-150300.3.41.5 * susemanager-sls-4.2.32-150300.3.46.5 * susemanager-docs_en-pdf-4.2-150300.12.42.5 * susemanager-doc-indexes-4.2-150300.12.42.6 * subscription-matcher-0.29-150300.6.15.5 * virtual-host-gatherer-Nutanix-1.0.25-150300.3.12.5 * spacewalk-backend-4.2.27-150300.4.38.7 * spacewalk-search-4.2.10-150300.3.18.6 * spacewalk-base-minimal-4.2.34-150300.3.41.5 * spacewalk-backend-sql-postgresql-4.2.27-150300.4.38.7 * mgr-libmod-4.2.8-150300.3.9.6 * spacewalk-backend-iss-export-4.2.27-150300.4.38.7 * susemanager-docs_en-4.2-150300.12.42.5 * supportutils-plugin-susemanager-4.2.6-150300.3.12.5 * spacewalk-backend-applet-4.2.27-150300.4.38.7 * spacewalk-backend-config-files-common-4.2.27-150300.4.38.7 * spacewalk-html-4.2.34-150300.3.41.5 * spacewalk-backend-server-4.2.27-150300.4.38.7 * spacewalk-backend-config-files-tool-4.2.27-150300.4.38.7 * spacewalk-backend-config-files-4.2.27-150300.4.38.7 * cobbler-3.1.2-150300.5.22.5 * spacewalk-base-4.2.34-150300.3.41.5 * spacewalk-backend-xml-export-libs-4.2.27-150300.4.38.7 * virtual-host-gatherer-1.0.25-150300.3.12.5 * spacewalk-backend-iss-4.2.27-150300.4.38.7 * spacecmd-4.2.22-150300.4.36.7 * spacewalk-backend-tools-4.2.27-150300.4.38.7 * virtual-host-gatherer-Kubernetes-1.0.25-150300.3.12.5 * susemanager-build-keys-15.3.6-150300.3.9.5 * spacewalk-java-postgresql-4.2.49-150300.3.63.3 * jsr-305-3.0.2-150200.3.7.5 * python3-spacewalk-client-tools-4.2.23-150300.4.33.7 * uyuni-config-modules-4.2.32-150300.3.46.5 * spacewalk-client-tools-4.2.23-150300.4.33.7 * spacewalk-backend-sql-4.2.27-150300.4.38.7 * susemanager-build-keys-web-15.3.6-150300.3.9.5 * spacewalk-java-config-4.2.49-150300.3.63.3 * spacewalk-taskomatic-4.2.49-150300.3.63.3 * SUSE Manager Server 4.2 Module 4.2 (ppc64le s390x x86_64) * susemanager-tftpsync-4.2.4-150300.3.6.6 * python3-uyuni-common-libs-4.2.10-150300.3.17.6 * openSUSE Leap 15.4 (noarch) * jsr-305-3.0.2-150200.3.7.5 * jsr-305-javadoc-3.0.2-150200.3.7.5 * Development Tools Module 15-SP4 (noarch) * jsr-305-3.0.2-150200.3.7.5 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * jsr-305-3.0.2-150200.3.7.5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * jsr-305-3.0.2-150200.3.7.5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * jsr-305-3.0.2-150200.3.7.5 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * jsr-305-3.0.2-150200.3.7.5 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * jsr-305-3.0.2-150200.3.7.5 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * jsr-305-3.0.2-150200.3.7.5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * jsr-305-3.0.2-150200.3.7.5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * jsr-305-3.0.2-150200.3.7.5 * SUSE Enterprise Storage 7.1 (noarch) * jsr-305-3.0.2-150200.3.7.5 * SUSE Enterprise Storage 7 (noarch) * jsr-305-3.0.2-150200.3.7.5

References

* bsc#1179926

* bsc#1197027

* bsc#1206562

* bsc#1206973

* bsc#1207063

* bsc#1207308

* bsc#1207352

* bsc#1207490

* bsc#1207799

* bsc#1207829

* bsc#1207830

* bsc#1207838

* bsc#1207883

* bsc#1208288

* bsc#1208321

* bsc#1208325

* bsc#1208586

* bsc#1208687

* bsc#1208719

* bsc#1208772

* bsc#1208908

* bsc#1209369

* bsc#1209386

* bsc#1209434

* bsc#1209703

* jsc#PED-2777

Cross-

* CVE-2020-8908

* CVE-2022-0860

* CVE-2023-22644

CVSS scores:

* CVE-2020-8908 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

* CVE-2020-8908 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

* CVE-2022-0860 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

* CVE-2022-0860 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

* CVE-2023-22644 ( NVD ): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Affected Products:

* Development Tools Module 15-SP4

* openSUSE Leap 15.4

* SUSE Enterprise Storage 7

* SUSE Enterprise Storage 7.1

* SUSE Linux Enterprise Desktop 15 SP4

* SUSE Linux Enterprise High Performance Computing 15 SP2

* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2

* SUSE Linux Enterprise High Performance Computing 15 SP3

* SUSE Linux Enterprise High Performance Computing 15 SP4

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3

* SUSE Linux Enterprise Real Time 15 SP3

* SUSE Linux Enterprise Real Time 15 SP4

* SUSE Linux Enterprise Server 15 SP2

* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2

* SUSE Linux Enterprise Server 15 SP3

* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3

* SUSE Linux Enterprise Server 15 SP4

* SUSE Linux Enterprise Server for SAP Applications 15 SP2

* SUSE Linux Enterprise Server for SAP Applications 15 SP3

* SUSE Linux Enterprise Server for SAP Applications 15 SP4

* SUSE Manager Proxy 4.2

* SUSE Manager Proxy 4.2 Module 4.2

* SUSE Manager Proxy 4.3

* SUSE Manager Retail Branch Server 4.2

* SUSE Manager Retail Branch Server 4.3

* SUSE Manager Server 4.2

* SUSE Manager Server 4.2 Module 4.2

* SUSE Manager Server 4.3

An update that solves three vulnerabilities, contains one feature and has 22

security fixes can now be installed.

## Security update for SUSE Manager Server 4.2

* https://www.suse.com/security/cve/CVE-2020-8908.html

* https://www.suse.com/security/cve/CVE-2022-0860.html

* https://www.suse.com/security/cve/CVE-2023-22644.html

* https://bugzilla.suse.com/show_bug.cgi?id=1179926

* https://bugzilla.suse.com/show_bug.cgi?id=1197027

* https://bugzilla.suse.com/show_bug.cgi?id=1206562

* https://bugzilla.suse.com/show_bug.cgi?id=1206973

* https://bugzilla.suse.com/show_bug.cgi?id=1207063

* https://bugzilla.suse.com/show_bug.cgi?id=1207308

* https://bugzilla.suse.com/show_bug.cgi?id=1207352

* https://bugzilla.suse.com/show_bug.cgi?id=1207490

* https://bugzilla.suse.com/show_bug.cgi?id=1207799

* https://bugzilla.suse.com/show_bug.cgi?id=1207829

* https://bugzilla.suse.com/show_bug.cgi?id=1207830

* https://bugzilla.suse.com/show_bug.cgi?id=1207838

* https://bugzilla.suse.com/show_bug.cgi?id=1207883

* https://bugzilla.suse.com/show_bug.cgi?id=1208288

* https://bugzilla.suse.com/show_bug.cgi?id=1208321

* https://bugzilla.suse.com/show_bug.cgi?id=1208325

* https://bugzilla.suse.com/show_bug.cgi?id=1208586

* https://bugzilla.suse.com/show_bug.cgi?id=1208687

* https://bugzilla.suse.com/show_bug.cgi?id=1208719

* https://bugzilla.suse.com/show_bug.cgi?id=1208772

* https://bugzilla.suse.com/show_bug.cgi?id=1208908

* https://bugzilla.suse.com/show_bug.cgi?id=1209369

* https://bugzilla.suse.com/show_bug.cgi?id=1209386

* https://bugzilla.suse.com/show_bug.cgi?id=1209434

* https://bugzilla.suse.com/show_bug.cgi?id=1209703

* https://jira.suse.com/login.jsp

Severity

Announcement ID: SUSE-SU-2023:1831-1

Rating: important

SUSE: 2023:1831-1 important: Maintenance SUSE Manager 4.2

Summary

References

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By