SUSE: 2023:3474-1 important: Maintenance SUSE Manager 4.2
Summary
### This update fixes the following issues: spacecmd: * Version 4.2.24-1 * Update translations spacewalk-backend: * Version 4.2.29-1 * Use a constant to get the product name in python code rather than reading rhn.conf (bsc#1212943) * Only show missing /root/.curlrc error with log_level = 5 (bsc#1212507) spacewalk-web: * Version 4.2.36-1 * Update translations * Fix VHM CPU and RAM display when 0 (bsc#1175823) * Fix parsing error when showing notification message details (bsc#1211469) How to apply this update: 1. Log in as root user to the SUSE Manager Proxy or Retail Branch Server. 2. Stop the proxy service: `spacewalk-proxy stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-proxy start` ## Recommended update for SUSE Manager Server 4.2 ### This update fixes the following issues: hub-xmlrpc-api: * Security fix: * CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. (bsc#1213880) * There are no direct source changes. The CVE on hub-xmlrpc-api is fixed rebuilding the sources with the patched Go version. spacecmd: * Version 4.2.24-1 * Update translations spacewalk-backend: * Version 4.2.29-1 * Use a constant to get the product name in python code rather than reading rhn.conf (bsc#1212943) * Only show missing /root/.curlrc error with log_level = 5 (bsc#1212507) spacewalk-java: * Version 4.2.55-1 * Set swap memory value if available * Set primary FQDN to hostname if none is set (bsc#1209156, bsc#1214333) * Version 4.2.54-1 * Consider venv-salt-minion package update as a Salt update to prevent backtraces on upgrading salt with itself (bsc#1211884) * Version 4.2.53-1 * Fix "more then one method candidate found" for API function (bsc#1211100) * Fixed a bug that caused the tab Autoinstallation to hide when clicking on Power Management Management/Operations on SSM -> Provisioning * Update copyright year (bsc#1212106) * Disable jinja processing for the roster file (bsc#1211650) * Version 4.2.52-1 * Update jetty-util to version 9.4.51 * Version 4.2.51-1 * Update version of Tomcat build dependencies spacewalk-reports: * Version 4.2.8-1 * Drop Python2 compatibility (bsc#1212589) spacewalk-setup: * Version 4.2.13-1 * Drop usage of salt.ext.six in embedded_diskspace_check spacewalk-utils: * Version 4.2.20-1 * Drop Python2 compatibility spacewalk-web: * Version 4.2.36-1 * Update translation * Fix VHM CPU and RAM display when 0 (bsc#1175823) * Fix parsing error when showing notification message details (bsc#1211469) susemanager: * Version 4.2.44-1 * Require LTSS channels for SUSE Linux Enterprise 15 SP1/SP2/SP3 and SUSE Manager Proxy 4.2 (bsc#1214187) * Version 4.2.43-1 * Add missing Salt 3006.0 dependencies to bootstrap repo definitions (bsc#1212700) * Make mgr-salt-ssh to properly fix HOME environment to avoid issues with gitfs (bsc#1210994) susemanager-doc-indexes: * Typo correction for Cobbler buildiso command in Client Configuration Guide * Replaced plain text with dedicated attribute for AutoYaST * Added a note about Oracle Unbreakable Linux Network mirroring requirements in Client Configuration Guide (bsc#1212032) * Added SUSE Linux Enterprise 15 SP5 and openSUSE Leap 15.5 as supported clients in the Client Configuration Guide * Fixed missing tables of content in the Reference Guide (bsc#1208577) * Fixed instruction for Single sign-on implementation example in the Administration Guide (bsc#1210103) * Removed reference to non-exitent files in Reference Guide (bsc#1208528) susemanager-docs_en: * Typo correction for Cobbler buildiso command in Client Configuration Guide * Replaced plain text with dedicated attribute for AutoYaST * Added a note about Oracle Unbreakable Linux Network mirroring requirements in Client Configuration Guide (bsc#1212032) * Added SUSE Linux Enterprise 15 SP5 and openSUSE Leap 15.5 as supported clients in the Client Configuration Guide * Fixed missing tables of content in the Reference Guide (bsc#1208577) * Fixed instruction for Single sign-on implementation example in the Administration Guide (bsc#1210103) * Removed reference to non-exitent files in Reference Guide (bsc#1208528) susemanager-schema: * Version 4.2.29-1 * Add schema directory for susemanager-schema-4.2.29 susemanager-sls: * Version 4.2.35-1 * Do not disable salt-minion on salt-ssh managed clients * Use venv-salt-minion instead of salt for docker states (bsc#1212416) How to apply this update: 1. Log in as root user to the SUSE Manager Server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Proxy 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-3474=1 * SUSE Manager Server 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-3474=1 ## Package List: * SUSE Manager Proxy 4.2 Module 4.2 (noarch) * spacewalk-backend-4.2.29-150300.4.44.5 * spacewalk-base-minimal-config-4.2.36-150300.3.47.5 * spacecmd-4.2.24-150300.4.42.3 * spacewalk-base-minimal-4.2.36-150300.3.47.5 * SUSE Manager Server 4.2 Module 4.2 (ppc64le s390x x86_64) * inter-server-sync-debuginfo-0.3.0-150300.8.36.1 * susemanager-4.2.44-150300.3.59.1 * hub-xmlrpc-api-0.7-150300.3.14.2 * inter-server-sync-0.3.0-150300.8.36.1 * susemanager-tools-4.2.44-150300.3.59.1 * SUSE Manager Server 4.2 Module 4.2 (noarch) * spacewalk-java-lib-4.2.55-150300.3.73.2 * spacewalk-backend-package-push-server-4.2.29-150300.4.44.5 * spacewalk-backend-xml-export-libs-4.2.29-150300.4.44.5 * spacewalk-base-minimal-4.2.36-150300.3.47.5 * spacewalk-utils-extras-4.2.20-150300.3.27.3 * spacewalk-setup-4.2.13-150300.3.21.3 * spacewalk-backend-iss-4.2.29-150300.4.44.5 * spacewalk-backend-xmlrpc-4.2.29-150300.4.44.5 * spacewalk-html-4.2.36-150300.3.47.5 * spacewalk-java-4.2.55-150300.3.73.2 * susemanager-doc-indexes-4.2-150300.12.48.5 * spacewalk-utils-4.2.20-150300.3.27.3 * spacewalk-backend-4.2.29-150300.4.44.5 * spacewalk-base-4.2.36-150300.3.47.5 * spacewalk-backend-tools-4.2.29-150300.4.44.5 * spacewalk-backend-sql-postgresql-4.2.29-150300.4.44.5 * susemanager-sls-4.2.35-150300.3.54.3 * spacecmd-4.2.24-150300.4.42.3 * spacewalk-java-config-4.2.55-150300.3.73.2 * susemanager-schema-4.2.29-150300.3.41.5 * spacewalk-backend-server-4.2.29-150300.4.44.5 * spacewalk-base-minimal-config-4.2.36-150300.3.47.5 * spacewalk-backend-sql-4.2.29-150300.4.44.5 * spacewalk-backend-applet-4.2.29-150300.4.44.5 * spacewalk-backend-config-files-4.2.29-150300.4.44.5 * susemanager-docs_en-pdf-4.2-150300.12.48.3 * susemanager-docs_en-4.2-150300.12.48.3 * spacewalk-java-postgresql-4.2.55-150300.3.73.2 * spacewalk-backend-config-files-tool-4.2.29-150300.4.44.5 * spacewalk-backend-app-4.2.29-150300.4.44.5 * spacewalk-reports-4.2.8-150300.3.12.3 * spacewalk-backend-iss-export-4.2.29-150300.4.44.5 * uyuni-config-modules-4.2.35-150300.3.54.3 * spacewalk-taskomatic-4.2.55-150300.3.73.2 * spacewalk-backend-config-files-common-4.2.29-150300.4.44.5
References
* bsc#1175823
* bsc#1208528
* bsc#1208577
* bsc#1209156
* bsc#1210103
* bsc#1210994
* bsc#1211100
* bsc#1211469
* bsc#1211650
* bsc#1211884
* bsc#1212032
* bsc#1212106
* bsc#1212416
* bsc#1212507
* bsc#1212589
* bsc#1212700
* bsc#1212943
* bsc#1213880
* bsc#1214187
* bsc#1214333
* jsc#MSQA-698
Cross-
* CVE-2023-29409
CVSS scores:
* CVE-2023-29409 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-29409 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:
* SUSE Manager Proxy 4.2
* SUSE Manager Proxy 4.2 Module 4.2
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Server 4.2
* SUSE Manager Server 4.2 Module 4.2
An update that solves one vulnerability, contains one feature and has 19
security fixes can now be installed.
## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.2
##
* https://www.suse.com/security/cve/CVE-2023-29409.html
* https://bugzilla.suse.com/show_bug.cgi?id=1175823
* https://bugzilla.suse.com/show_bug.cgi?id=1208528
* https://bugzilla.suse.com/show_bug.cgi?id=1208577
* https://bugzilla.suse.com/show_bug.cgi?id=1209156
* https://bugzilla.suse.com/show_bug.cgi?id=1210103
* https://bugzilla.suse.com/show_bug.cgi?id=1210994
* https://bugzilla.suse.com/show_bug.cgi?id=1211100
* https://bugzilla.suse.com/show_bug.cgi?id=1211469
* https://bugzilla.suse.com/show_bug.cgi?id=1211650
* https://bugzilla.suse.com/show_bug.cgi?id=1211884
* https://bugzilla.suse.com/show_bug.cgi?id=1212032
* https://bugzilla.suse.com/show_bug.cgi?id=1212106
* https://bugzilla.suse.com/show_bug.cgi?id=1212416
* https://bugzilla.suse.com/show_bug.cgi?id=1212507
* https://bugzilla.suse.com/show_bug.cgi?id=1212589
* https://bugzilla.suse.com/show_bug.cgi?id=1212700
* https://bugzilla.suse.com/show_bug.cgi?id=1212943
* https://bugzilla.suse.com/show_bug.cgi?id=1213880
* https://bugzilla.suse.com/show_bug.cgi?id=1214187
* https://bugzilla.suse.com/show_bug.cgi?id=1214333
* https://jira.suse.com/login.jsp
![Dist Suse](/images/distros/dist-suse.gif)