Stay Secure with the Latest Linux Advisories

security advisoryupdateimportant

SUSE: 2023:3474-1 Important Update – DoS Issue Resolved in Manager 4.2

* bsc#1175823 * bsc#1208528 * bsc#1208577 * bsc#1209156 * bsc#1210103 . # Maintenance update for SUSE Manager 4.2: Server, Proxy and Retail Branch Server Announcement ID: SUSE-SU-2023:3474-1 Rating: important References: * bsc#1175823 * bsc#1208528 * bsc#1208577 * bsc#1209156 * bsc#1210103 * bsc#1210994 * bsc#1211100 * bsc#1211469 * bsc#1211650 * bsc#1211884 * bsc#1212032 * bsc#1212106 * bsc#1212416 * bsc#1212507 * bsc#1212589 * bsc#1212700 * bsc#1212943 * bsc#1213880 * bsc#1214187 * bsc#1214333 * jsc#MSQA-698 Cross-References: * CVE-2023-29409 CVSS scores: * CVE-2023-29409 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-29409 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.2 Module 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 * SUSE Manager Server 4.2 Module 4.2 An update that solves one vulnerability, contains one feature and has 19 security fixes can now be installed. ## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.2 ### Description: This update fixes the following issues: spacecmd: * Version 4.2.24-1 * Update translations spacewalk-backend: * Version 4.2.29-1 * Use a constant to get the product name in python code rather than reading rhn.conf (bsc#1212943) * Only show missing /root/.curlrc error with log_level = 5 (bsc#1212507) spacewalk-web: * Version 4.2.36-1 * Update translations * Fix VHM CPU and RAM display when 0 (bsc#1175823) * Fix parsing error when showing notification message details (bsc#1211469) How to apply this update: 1. Log in as root user to the SUSE Manager Proxy or Retail Branch Server. 2. Stop the proxy service: `spacewalk-proxy stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-proxy start` ## Recommended update for SUSE Manager Server 4.2 ### Description: This update fixes the followingissues: hub-xmlrpc-api: * Security fix: * CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. (bsc#1213880) * There are no direct source changes. The CVE on hub-xmlrpc-api is fixed rebuilding the sources with the patched Go version. spacecmd: * Version 4.2.24-1 * Update translations spacewalk-backend: * Version 4.2.29-1 * Use a constant to get the product name in python code rather than reading rhn.conf (bsc#1212943) * Only show missing /root/.curlrc error with log_level = 5 (bsc#1212507) spacewalk-java: * Version 4.2.55-1 * Set swap memory value if available * Set primary FQDN to hostname if none is set (bsc#1209156, bsc#1214333) * Version 4.2.54-1 * Consider venv-salt-minion package update as a Salt update to prevent backtraces on upgrading salt with itself (bsc#1211884) * Version 4.2.53-1 * Fix "more then one method candidate found" for API function (bsc#1211100) * Fixed a bug that caused the tab Autoinstallation to hide when clicking on Power Management Management/Operations on SSM -> Provisioning * Update copyright year (bsc#1212106) * Disable jinja processing for the roster file (bsc#1211650) * Version 4.2.52-1 * Update jetty-util to version 9.4.51 * Version 4.2.51-1 * Update version of Tomcat build dependencies spacewalk-reports: * Version 4.2.8-1 * Drop Python2 compatibility (bsc#1212589) spacewalk-setup: * Version 4.2.13-1 * Drop usage of salt.ext.six in embedded_diskspace_check spacewalk-utils: * Version 4.2.20-1 * Drop Python2 compatibility spacewalk-web: * Version 4.2.36-1 * Update translation * Fix VHM CPU and RAM display when 0 (bsc#1175823) * Fix parsing error when showing notification message details (bsc#1211469) susemanager: * Version 4.2.44-1 * Require LTSS channels for SUSE Linux Enterprise 15 SP1/SP2/SP3 and SUSE Manager Proxy 4.2 (bsc#1214187) * Version 4.2.43-1 * Add missing Salt 3006.0 dependencies tobootstrap repo definitions (bsc#1212700) * Make mgr-salt-ssh to properly fix HOME environment to avoid issues with gitfs (bsc#1210994) susemanager-doc-indexes: * Typo correction for Cobbler buildiso command in Client Configuration Guide * Replaced plain text with dedicated attribute for AutoYaST * Added a note about Oracle Unbreakable Linux Network mirroring requirements in Client Configuration Guide (bsc#1212032) * Added SUSE Linux Enterprise 15 SP5 and openSUSE Leap 15.5 as supported clients in the Client Configuration Guide * Fixed missing tables of content in the Reference Guide (bsc#1208577) * Fixed instruction for Single sign-on implementation example in the Administration Guide (bsc#1210103) * Removed reference to non-exitent files in Reference Guide (bsc#1208528) susemanager-docs_en: * Typo correction for Cobbler buildiso command in Client Configuration Guide * Replaced plain text with dedicated attribute for AutoYaST * Added a note about Oracle Unbreakable Linux Network mirroring requirements in Client Configuration Guide (bsc#1212032) * Added SUSE Linux Enterprise 15 SP5 and openSUSE Leap 15.5 as supported clients in the Client Configuration Guide * Fixed missing tables of content in the Reference Guide (bsc#1208577) * Fixed instruction for Single sign-on implementation example in the Administration Guide (bsc#1210103) * Removed reference to non-exitent files in Reference Guide (bsc#1208528) susemanager-schema: * Version 4.2.29-1 * Add schema directory for susemanager-schema-4.2.29 susemanager-sls: * Version 4.2.35-1 * Do not disable salt-minion on salt-ssh managed clients * Use venv-salt-minion instead of salt for docker states (bsc#1212416) How to apply this update: 1. Log in as root user to the SUSE Manager Server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` ## Patch Instructions: To install this SUSE update use the SUSErecommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Proxy 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-3474=1 * SUSE Manager Server 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-3474=1 ## Package List: * SUSE Manager Proxy 4.2 Module 4.2 (noarch) * spacewalk-backend-4.2.29-150300.4.44.5 * spacewalk-base-minimal-config-4.2.36-150300.3.47.5 * spacecmd-4.2.24-150300.4.42.3 * spacewalk-base-minimal-4.2.36-150300.3.47.5 * SUSE Manager Server 4.2 Module 4.2 (ppc64le s390x x86_64) * inter-server-sync-debuginfo-0.3.0-150300.8.36.1 * susemanager-4.2.44-150300.3.59.1 * hub-xmlrpc-api-0.7-150300.3.14.2 * inter-server-sync-0.3.0-150300.8.36.1 * susemanager-tools-4.2.44-150300.3.59.1 * SUSE Manager Server 4.2 Module 4.2 (noarch) * spacewalk-java-lib-4.2.55-150300.3.73.2 * spacewalk-backend-package-push-server-4.2.29-150300.4.44.5 * spacewalk-backend-xml-export-libs-4.2.29-150300.4.44.5 * spacewalk-base-minimal-4.2.36-150300.3.47.5 * spacewalk-utils-extras-4.2.20-150300.3.27.3 * spacewalk-setup-4.2.13-150300.3.21.3 * spacewalk-backend-iss-4.2.29-150300.4.44.5 * spacewalk-backend-xmlrpc-4.2.29-150300.4.44.5 * spacewalk-html-4.2.36-150300.3.47.5 * spacewalk-java-4.2.55-150300.3.73.2 * susemanager-doc-indexes-4.2-150300.12.48.5 * spacewalk-utils-4.2.20-150300.3.27.3 * spacewalk-backend-4.2.29-150300.4.44.5 * spacewalk-base-4.2.36-150300.3.47.5 * spacewalk-backend-tools-4.2.29-150300.4.44.5 * spacewalk-backend-sql-postgresql-4.2.29-150300.4.44.5 * susemanager-sls-4.2.35-150300.3.54.3 * spacecmd-4.2.24-150300.4.42.3 * spacewalk-java-config-4.2.55-150300.3.73.2 * susemanager-schema-4.2.29-150300.3.41.5 * spacewalk-backend-server-4.2.29-150300.4.44.5 * spacewalk-base-minimal-config-4.2.36-150300.3.47.5 * spacewalk-backend-sql-4.2.29-150300.4.44.5 * spacewalk-backend-applet-4.2.29-150300.4.44.5 *spacewalk-backend-config-files-4.2.29-150300.4.44.5 * susemanager-docs_en-pdf-4.2-150300.12.48.3 * susemanager-docs_en-4.2-150300.12.48.3 * spacewalk-java-postgresql-4.2.55-150300.3.73.2 * spacewalk-backend-config-files-tool-4.2.29-150300.4.44.5 * spacewalk-backend-app-4.2.29-150300.4.44.5 * spacewalk-reports-4.2.8-150300.3.12.3 * spacewalk-backend-iss-export-4.2.29-150300.4.44.5 * uyuni-config-modules-4.2.35-150300.3.54.3 * spacewalk-taskomatic-4.2.55-150300.3.73.2 * spacewalk-backend-config-files-common-4.2.29-150300.4.44.5 ## References: * https://www.suse.com/security/cve/CVE-2023-29409.html * https://bugzilla.suse.com/show_bug.cgi?id=1175823 * https://bugzilla.suse.com/show_bug.cgi?id=1208528 * https://bugzilla.suse.com/show_bug.cgi?id=1208577 * https://bugzilla.suse.com/show_bug.cgi?id=1209156 * https://bugzilla.suse.com/show_bug.cgi?id=1210103 * https://bugzilla.suse.com/show_bug.cgi?id=1210994 * https://bugzilla.suse.com/show_bug.cgi?id=1211100 * https://bugzilla.suse.com/show_bug.cgi?id=1211469 * https://bugzilla.suse.com/show_bug.cgi?id=1211650 * https://bugzilla.suse.com/show_bug.cgi?id=1211884 * https://bugzilla.suse.com/show_bug.cgi?id=1212032 * https://bugzilla.suse.com/show_bug.cgi?id=1212106 * https://bugzilla.suse.com/show_bug.cgi?id=1212416 * https://bugzilla.suse.com/show_bug.cgi?id=1212507 * https://bugzilla.suse.com/show_bug.cgi?id=1212589 * https://bugzilla.suse.com/show_bug.cgi?id=1212700 * https://bugzilla.suse.com/show_bug.cgi?id=1212943 * https://bugzilla.suse.com/show_bug.cgi?id=1213880 * https://bugzilla.suse.com/show_bug.cgi?id=1214187 * https://bugzilla.suse.com/show_bug.cgi?id=1214333 * . Essential upkeep notification for SUSE Manager 4.2 tackles significant concerns and patch updates for security vulnerabilities.. SUSE Manager 4.2, security fix, maintenance update. . Severity: Important. LinuxSecurity.com Team

Feb 27, 2024 •Important SuSE