Discover Government News



# Maintenance update for SUSE Manager 4.2: Server, Proxy and Retail Branch
Server

Announcement ID: SUSE-SU-2023:3474-1  
Rating: important  
References:

  * bsc#1175823
  * bsc#1208528
  * bsc#1208577
  * bsc#1209156
  * bsc#1210103
  * bsc#1210994
  * bsc#1211100
  * bsc#1211469
  * bsc#1211650
  * bsc#1211884
  * bsc#1212032
  * bsc#1212106
  * bsc#1212416
  * bsc#1212507
  * bsc#1212589
  * bsc#1212700
  * bsc#1212943
  * bsc#1213880
  * bsc#1214187
  * bsc#1214333
  * jsc#MSQA-698

  
Cross-References:

  * CVE-2023-29409

  
CVSS scores:

  * CVE-2023-29409 ( SUSE ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-29409 ( NVD ):  5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

  
Affected Products:

  * SUSE Manager Proxy 4.2
  * SUSE Manager Proxy 4.2 Module 4.2
  * SUSE Manager Retail Branch Server 4.2
  * SUSE Manager Server 4.2
  * SUSE Manager Server 4.2 Module 4.2

  
  
An update that solves one vulnerability, contains one feature and has 19
security fixes can now be installed.

## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.2

### Description:

This update fixes the following issues:

spacecmd:

  * Version 4.2.24-1
  * Update translations

spacewalk-backend:

  * Version 4.2.29-1
  * Use a constant to get the product name in python code rather than reading
    rhn.conf (bsc#1212943)
  * Only show missing /root/.curlrc error with log_level = 5 (bsc#1212507)

spacewalk-web:

  * Version 4.2.36-1
  * Update translations
  * Fix VHM CPU and RAM display when 0 (bsc#1175823)
  * Fix parsing error when showing notification message details (bsc#1211469)

How to apply this update:

  1. Log in as root user to the SUSE Manager Proxy or Retail Branch Server.
  2. Stop the proxy service: `spacewalk-proxy stop`
  3. Apply the patch using either zypper patch or YaST Online Update.
  4. Start the Spacewalk service: `spacewalk-proxy start`

## Recommended update for SUSE Manager Server 4.2

### Description:

This update fixes the following issues:

hub-xmlrpc-api:

  * Security fix:
  * CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to
    8192 bits to avoid DoSing client/server while validating signatures for
    extremely large RSA keys. (bsc#1213880)
    * There are no direct source changes. The CVE on hub-xmlrpc-api is fixed rebuilding the sources with the patched Go version.

spacecmd:

  * Version 4.2.24-1
  * Update translations

spacewalk-backend:

  * Version 4.2.29-1
  * Use a constant to get the product name in python code rather than reading
    rhn.conf (bsc#1212943)
  * Only show missing /root/.curlrc error with log_level = 5 (bsc#1212507)

spacewalk-java:

  * Version 4.2.55-1
  * Set swap memory value if available
  * Set primary FQDN to hostname if none is set (bsc#1209156, bsc#1214333)
  * Version 4.2.54-1
  * Consider venv-salt-minion package update as a Salt update to prevent
    backtraces on upgrading salt with itself (bsc#1211884)
  * Version 4.2.53-1
  * Fix "more then one method candidate found" for API function (bsc#1211100)
  * Fixed a bug that caused the tab Autoinstallation to hide when clicking on
    Power Management Management/Operations on SSM -> Provisioning
  * Update copyright year (bsc#1212106)
  * Disable jinja processing for the roster file (bsc#1211650)
  * Version 4.2.52-1
  * Update jetty-util to version 9.4.51
  * Version 4.2.51-1
  * Update version of Tomcat build dependencies

spacewalk-reports:

  * Version 4.2.8-1
  * Drop Python2 compatibility (bsc#1212589)

spacewalk-setup:

  * Version 4.2.13-1
  * Drop usage of salt.ext.six in embedded_diskspace_check

spacewalk-utils:

  * Version 4.2.20-1
  * Drop Python2 compatibility

spacewalk-web:

  * Version 4.2.36-1
  * Update translation
  * Fix VHM CPU and RAM display when 0 (bsc#1175823)
  * Fix parsing error when showing notification message details (bsc#1211469)

susemanager:

  * Version 4.2.44-1
  * Require LTSS channels for SUSE Linux Enterprise 15 SP1/SP2/SP3 and SUSE
    Manager Proxy 4.2 (bsc#1214187)
  * Version 4.2.43-1
  * Add missing Salt 3006.0 dependencies to bootstrap repo definitions
    (bsc#1212700)
  * Make mgr-salt-ssh to properly fix HOME environment to avoid issues with
    gitfs (bsc#1210994)

susemanager-doc-indexes:

  * Typo correction for Cobbler buildiso command in Client Configuration Guide
  * Replaced plain text with dedicated attribute for AutoYaST
  * Added a note about Oracle Unbreakable Linux Network mirroring requirements
    in Client Configuration Guide (bsc#1212032)
  * Added SUSE Linux Enterprise 15 SP5 and openSUSE Leap 15.5 as supported
    clients in the Client Configuration Guide
  * Fixed missing tables of content in the Reference Guide (bsc#1208577)
  * Fixed instruction for Single sign-on implementation example in the
    Administration Guide (bsc#1210103)
  * Removed reference to non-exitent files in Reference Guide (bsc#1208528)

susemanager-docs_en:

  * Typo correction for Cobbler buildiso command in Client Configuration Guide
  * Replaced plain text with dedicated attribute for AutoYaST
  * Added a note about Oracle Unbreakable Linux Network mirroring requirements
    in Client Configuration Guide (bsc#1212032)
  * Added SUSE Linux Enterprise 15 SP5 and openSUSE Leap 15.5 as supported
    clients in the Client Configuration Guide
  * Fixed missing tables of content in the Reference Guide (bsc#1208577)
  * Fixed instruction for Single sign-on implementation example in the
    Administration Guide (bsc#1210103)
  * Removed reference to non-exitent files in Reference Guide (bsc#1208528)

susemanager-schema:

  * Version 4.2.29-1
  * Add schema directory for susemanager-schema-4.2.29

susemanager-sls:

  * Version 4.2.35-1
  * Do not disable salt-minion on salt-ssh managed clients
  * Use venv-salt-minion instead of salt for docker states (bsc#1212416)

How to apply this update:

  1. Log in as root user to the SUSE Manager Server.
  2. Stop the Spacewalk service: `spacewalk-service stop`
  3. Apply the patch using either zypper patch or YaST Online Update.
  4. Start the Spacewalk service: `spacewalk-service start`

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Manager Proxy 4.2 Module 4.2  
    zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-3474=1

  * SUSE Manager Server 4.2 Module 4.2  
    zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-3474=1

## Package List:

  * SUSE Manager Proxy 4.2 Module 4.2 (noarch)
    * spacewalk-backend-4.2.29-150300.4.44.5
    * spacewalk-base-minimal-config-4.2.36-150300.3.47.5
    * spacecmd-4.2.24-150300.4.42.3
    * spacewalk-base-minimal-4.2.36-150300.3.47.5
  * SUSE Manager Server 4.2 Module 4.2 (ppc64le s390x x86_64)
    * inter-server-sync-debuginfo-0.3.0-150300.8.36.1
    * susemanager-4.2.44-150300.3.59.1
    * hub-xmlrpc-api-0.7-150300.3.14.2
    * inter-server-sync-0.3.0-150300.8.36.1
    * susemanager-tools-4.2.44-150300.3.59.1
  * SUSE Manager Server 4.2 Module 4.2 (noarch)
    * spacewalk-java-lib-4.2.55-150300.3.73.2
    * spacewalk-backend-package-push-server-4.2.29-150300.4.44.5
    * spacewalk-backend-xml-export-libs-4.2.29-150300.4.44.5
    * spacewalk-base-minimal-4.2.36-150300.3.47.5
    * spacewalk-utils-extras-4.2.20-150300.3.27.3
    * spacewalk-setup-4.2.13-150300.3.21.3
    * spacewalk-backend-iss-4.2.29-150300.4.44.5
    * spacewalk-backend-xmlrpc-4.2.29-150300.4.44.5
    * spacewalk-html-4.2.36-150300.3.47.5
    * spacewalk-java-4.2.55-150300.3.73.2
    * susemanager-doc-indexes-4.2-150300.12.48.5
    * spacewalk-utils-4.2.20-150300.3.27.3
    * spacewalk-backend-4.2.29-150300.4.44.5
    * spacewalk-base-4.2.36-150300.3.47.5
    * spacewalk-backend-tools-4.2.29-150300.4.44.5
    * spacewalk-backend-sql-postgresql-4.2.29-150300.4.44.5
    * susemanager-sls-4.2.35-150300.3.54.3
    * spacecmd-4.2.24-150300.4.42.3
    * spacewalk-java-config-4.2.55-150300.3.73.2
    * susemanager-schema-4.2.29-150300.3.41.5
    * spacewalk-backend-server-4.2.29-150300.4.44.5
    * spacewalk-base-minimal-config-4.2.36-150300.3.47.5
    * spacewalk-backend-sql-4.2.29-150300.4.44.5
    * spacewalk-backend-applet-4.2.29-150300.4.44.5
    * spacewalk-backend-config-files-4.2.29-150300.4.44.5
    * susemanager-docs_en-pdf-4.2-150300.12.48.3
    * susemanager-docs_en-4.2-150300.12.48.3
    * spacewalk-java-postgresql-4.2.55-150300.3.73.2
    * spacewalk-backend-config-files-tool-4.2.29-150300.4.44.5
    * spacewalk-backend-app-4.2.29-150300.4.44.5
    * spacewalk-reports-4.2.8-150300.3.12.3
    * spacewalk-backend-iss-export-4.2.29-150300.4.44.5
    * uyuni-config-modules-4.2.35-150300.3.54.3
    * spacewalk-taskomatic-4.2.55-150300.3.73.2
    * spacewalk-backend-config-files-common-4.2.29-150300.4.44.5

## References:

  * https://www.suse.com/security/cve/CVE-2023-29409.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1175823
  * https://bugzilla.suse.com/show_bug.cgi?id=1208528
  * https://bugzilla.suse.com/show_bug.cgi?id=1208577
  * https://bugzilla.suse.com/show_bug.cgi?id=1209156
  * https://bugzilla.suse.com/show_bug.cgi?id=1210103
  * https://bugzilla.suse.com/show_bug.cgi?id=1210994
  * https://bugzilla.suse.com/show_bug.cgi?id=1211100
  * https://bugzilla.suse.com/show_bug.cgi?id=1211469
  * https://bugzilla.suse.com/show_bug.cgi?id=1211650
  * https://bugzilla.suse.com/show_bug.cgi?id=1211884
  * https://bugzilla.suse.com/show_bug.cgi?id=1212032
  * https://bugzilla.suse.com/show_bug.cgi?id=1212106
  * https://bugzilla.suse.com/show_bug.cgi?id=1212416
  * https://bugzilla.suse.com/show_bug.cgi?id=1212507
  * https://bugzilla.suse.com/show_bug.cgi?id=1212589
  * https://bugzilla.suse.com/show_bug.cgi?id=1212700
  * https://bugzilla.suse.com/show_bug.cgi?id=1212943
  * https://bugzilla.suse.com/show_bug.cgi?id=1213880
  * https://bugzilla.suse.com/show_bug.cgi?id=1214187
  * https://bugzilla.suse.com/show_bug.cgi?id=1214333
  * https://jira.suse.com/login.jsp

SUSE: 2023:3474-1 important: Maintenance SUSE Manager 4.2

February 27, 2024
* bsc#1175823 * bsc#1208528 * bsc#1208577 * bsc#1209156 * bsc#1210103

Summary

### This update fixes the following issues: spacecmd: * Version 4.2.24-1 * Update translations spacewalk-backend: * Version 4.2.29-1 * Use a constant to get the product name in python code rather than reading rhn.conf (bsc#1212943) * Only show missing /root/.curlrc error with log_level = 5 (bsc#1212507) spacewalk-web: * Version 4.2.36-1 * Update translations * Fix VHM CPU and RAM display when 0 (bsc#1175823) * Fix parsing error when showing notification message details (bsc#1211469) How to apply this update: 1. Log in as root user to the SUSE Manager Proxy or Retail Branch Server. 2. Stop the proxy service: `spacewalk-proxy stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-proxy start` ## Recommended update for SUSE Manager Server 4.2 ### This update fixes the following issues: hub-xmlrpc-api: * Security fix: * CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. (bsc#1213880) * There are no direct source changes. The CVE on hub-xmlrpc-api is fixed rebuilding the sources with the patched Go version. spacecmd: * Version 4.2.24-1 * Update translations spacewalk-backend: * Version 4.2.29-1 * Use a constant to get the product name in python code rather than reading rhn.conf (bsc#1212943) * Only show missing /root/.curlrc error with log_level = 5 (bsc#1212507) spacewalk-java: * Version 4.2.55-1 * Set swap memory value if available * Set primary FQDN to hostname if none is set (bsc#1209156, bsc#1214333) * Version 4.2.54-1 * Consider venv-salt-minion package update as a Salt update to prevent backtraces on upgrading salt with itself (bsc#1211884) * Version 4.2.53-1 * Fix "more then one method candidate found" for API function (bsc#1211100) * Fixed a bug that caused the tab Autoinstallation to hide when clicking on Power Management Management/Operations on SSM -> Provisioning * Update copyright year (bsc#1212106) * Disable jinja processing for the roster file (bsc#1211650) * Version 4.2.52-1 * Update jetty-util to version 9.4.51 * Version 4.2.51-1 * Update version of Tomcat build dependencies spacewalk-reports: * Version 4.2.8-1 * Drop Python2 compatibility (bsc#1212589) spacewalk-setup: * Version 4.2.13-1 * Drop usage of salt.ext.six in embedded_diskspace_check spacewalk-utils: * Version 4.2.20-1 * Drop Python2 compatibility spacewalk-web: * Version 4.2.36-1 * Update translation * Fix VHM CPU and RAM display when 0 (bsc#1175823) * Fix parsing error when showing notification message details (bsc#1211469) susemanager: * Version 4.2.44-1 * Require LTSS channels for SUSE Linux Enterprise 15 SP1/SP2/SP3 and SUSE Manager Proxy 4.2 (bsc#1214187) * Version 4.2.43-1 * Add missing Salt 3006.0 dependencies to bootstrap repo definitions (bsc#1212700) * Make mgr-salt-ssh to properly fix HOME environment to avoid issues with gitfs (bsc#1210994) susemanager-doc-indexes: * Typo correction for Cobbler buildiso command in Client Configuration Guide * Replaced plain text with dedicated attribute for AutoYaST * Added a note about Oracle Unbreakable Linux Network mirroring requirements in Client Configuration Guide (bsc#1212032) * Added SUSE Linux Enterprise 15 SP5 and openSUSE Leap 15.5 as supported clients in the Client Configuration Guide * Fixed missing tables of content in the Reference Guide (bsc#1208577) * Fixed instruction for Single sign-on implementation example in the Administration Guide (bsc#1210103) * Removed reference to non-exitent files in Reference Guide (bsc#1208528) susemanager-docs_en: * Typo correction for Cobbler buildiso command in Client Configuration Guide * Replaced plain text with dedicated attribute for AutoYaST * Added a note about Oracle Unbreakable Linux Network mirroring requirements in Client Configuration Guide (bsc#1212032) * Added SUSE Linux Enterprise 15 SP5 and openSUSE Leap 15.5 as supported clients in the Client Configuration Guide * Fixed missing tables of content in the Reference Guide (bsc#1208577) * Fixed instruction for Single sign-on implementation example in the Administration Guide (bsc#1210103) * Removed reference to non-exitent files in Reference Guide (bsc#1208528) susemanager-schema: * Version 4.2.29-1 * Add schema directory for susemanager-schema-4.2.29 susemanager-sls: * Version 4.2.35-1 * Do not disable salt-minion on salt-ssh managed clients * Use venv-salt-minion instead of salt for docker states (bsc#1212416) How to apply this update: 1. Log in as root user to the SUSE Manager Server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Proxy 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-3474=1 * SUSE Manager Server 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-3474=1 ## Package List: * SUSE Manager Proxy 4.2 Module 4.2 (noarch) * spacewalk-backend-4.2.29-150300.4.44.5 * spacewalk-base-minimal-config-4.2.36-150300.3.47.5 * spacecmd-4.2.24-150300.4.42.3 * spacewalk-base-minimal-4.2.36-150300.3.47.5 * SUSE Manager Server 4.2 Module 4.2 (ppc64le s390x x86_64) * inter-server-sync-debuginfo-0.3.0-150300.8.36.1 * susemanager-4.2.44-150300.3.59.1 * hub-xmlrpc-api-0.7-150300.3.14.2 * inter-server-sync-0.3.0-150300.8.36.1 * susemanager-tools-4.2.44-150300.3.59.1 * SUSE Manager Server 4.2 Module 4.2 (noarch) * spacewalk-java-lib-4.2.55-150300.3.73.2 * spacewalk-backend-package-push-server-4.2.29-150300.4.44.5 * spacewalk-backend-xml-export-libs-4.2.29-150300.4.44.5 * spacewalk-base-minimal-4.2.36-150300.3.47.5 * spacewalk-utils-extras-4.2.20-150300.3.27.3 * spacewalk-setup-4.2.13-150300.3.21.3 * spacewalk-backend-iss-4.2.29-150300.4.44.5 * spacewalk-backend-xmlrpc-4.2.29-150300.4.44.5 * spacewalk-html-4.2.36-150300.3.47.5 * spacewalk-java-4.2.55-150300.3.73.2 * susemanager-doc-indexes-4.2-150300.12.48.5 * spacewalk-utils-4.2.20-150300.3.27.3 * spacewalk-backend-4.2.29-150300.4.44.5 * spacewalk-base-4.2.36-150300.3.47.5 * spacewalk-backend-tools-4.2.29-150300.4.44.5 * spacewalk-backend-sql-postgresql-4.2.29-150300.4.44.5 * susemanager-sls-4.2.35-150300.3.54.3 * spacecmd-4.2.24-150300.4.42.3 * spacewalk-java-config-4.2.55-150300.3.73.2 * susemanager-schema-4.2.29-150300.3.41.5 * spacewalk-backend-server-4.2.29-150300.4.44.5 * spacewalk-base-minimal-config-4.2.36-150300.3.47.5 * spacewalk-backend-sql-4.2.29-150300.4.44.5 * spacewalk-backend-applet-4.2.29-150300.4.44.5 * spacewalk-backend-config-files-4.2.29-150300.4.44.5 * susemanager-docs_en-pdf-4.2-150300.12.48.3 * susemanager-docs_en-4.2-150300.12.48.3 * spacewalk-java-postgresql-4.2.55-150300.3.73.2 * spacewalk-backend-config-files-tool-4.2.29-150300.4.44.5 * spacewalk-backend-app-4.2.29-150300.4.44.5 * spacewalk-reports-4.2.8-150300.3.12.3 * spacewalk-backend-iss-export-4.2.29-150300.4.44.5 * uyuni-config-modules-4.2.35-150300.3.54.3 * spacewalk-taskomatic-4.2.55-150300.3.73.2 * spacewalk-backend-config-files-common-4.2.29-150300.4.44.5

References

* bsc#1175823

* bsc#1208528

* bsc#1208577

* bsc#1209156

* bsc#1210103

* bsc#1210994

* bsc#1211100

* bsc#1211469

* bsc#1211650

* bsc#1211884

* bsc#1212032

* bsc#1212106

* bsc#1212416

* bsc#1212507

* bsc#1212589

* bsc#1212700

* bsc#1212943

* bsc#1213880

* bsc#1214187

* bsc#1214333

* jsc#MSQA-698

Cross-

* CVE-2023-29409

CVSS scores:

* CVE-2023-29409 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-29409 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* SUSE Manager Proxy 4.2

* SUSE Manager Proxy 4.2 Module 4.2

* SUSE Manager Retail Branch Server 4.2

* SUSE Manager Server 4.2

* SUSE Manager Server 4.2 Module 4.2

An update that solves one vulnerability, contains one feature and has 19

security fixes can now be installed.

## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.2

##

* https://www.suse.com/security/cve/CVE-2023-29409.html

* https://bugzilla.suse.com/show_bug.cgi?id=1175823

* https://bugzilla.suse.com/show_bug.cgi?id=1208528

* https://bugzilla.suse.com/show_bug.cgi?id=1208577

* https://bugzilla.suse.com/show_bug.cgi?id=1209156

* https://bugzilla.suse.com/show_bug.cgi?id=1210103

* https://bugzilla.suse.com/show_bug.cgi?id=1210994

* https://bugzilla.suse.com/show_bug.cgi?id=1211100

* https://bugzilla.suse.com/show_bug.cgi?id=1211469

* https://bugzilla.suse.com/show_bug.cgi?id=1211650

* https://bugzilla.suse.com/show_bug.cgi?id=1211884

* https://bugzilla.suse.com/show_bug.cgi?id=1212032

* https://bugzilla.suse.com/show_bug.cgi?id=1212106

* https://bugzilla.suse.com/show_bug.cgi?id=1212416

* https://bugzilla.suse.com/show_bug.cgi?id=1212507

* https://bugzilla.suse.com/show_bug.cgi?id=1212589

* https://bugzilla.suse.com/show_bug.cgi?id=1212700

* https://bugzilla.suse.com/show_bug.cgi?id=1212943

* https://bugzilla.suse.com/show_bug.cgi?id=1213880

* https://bugzilla.suse.com/show_bug.cgi?id=1214187

* https://bugzilla.suse.com/show_bug.cgi?id=1214333

* https://jira.suse.com/login.jsp

Severity
Announcement ID: SUSE-SU-2023:3474-1
Rating: important

Related News