Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 9 articles for you...
100
security advisorydenial of serviceSuSESUSE Multi-Linux Manager Client Tools Important Update 2026-0631-1
An update that solves three vulnerabilities, contains one feature and has three security fixes can now be installed.. # Security update 5.1.2 for Multi-Linux Manager Salt Bundle Announcement ID: SUSE-SU-2026:0631-1 Release Date: 2026-02-25T09:47:25Z Rating: important References: * bsc#1240532 * bsc#1246130 * bsc#1254325 * bsc#1254903 * bsc#1254904 * bsc#1254905 * jsc#MSQA-1040 Cross-References: * CVE-2025-67724 * CVE-2025-67725 * CVE-2025-67726 CVSS scores: * CVE-2025-67724 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-67724 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2025-67725 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67725 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67725 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67726 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67726 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67726 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Multi-Linux Manager Client Tools for SLE 15 * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 An update that solves three vulnerabilities, contains one feature and has three security fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Backported security patches for Salt vendored tornado: * CVE-2025-67724: Fixed missing validation of supplied reason phrase (bsc#1254903) * CVE-2025-67725: Fixed DoS via malicious HTTP request (bsc#1254905) * CVE-2025-67726: Fixed HTTP header parameter parsing algorithm (bsc#1254904) * Made syntax in httputil_test compatible withPython 3.6 * Fixed KeyError in postgres module with PostgreSQL 17 (bsc#1254325) * Use internal deb classes instead of external aptsource lib * Speed up wheel key.finger call (bsc#1240532) * Improved utils.find_json function (bsc#1246130) * Extended warn_until period to 2027 ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for SLE 15 zypper in -t patch SUSE-MultiLinuxManagerTools-SLE-15-2026-631=1 * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-MultiLinuxManagerTools-SLE-Micro-5-2026-631=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-150002.5.9.1 * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-150002.5.9.1 ## References: * https://www.suse.com/security/cve/CVE-2025-67724.html * https://www.suse.com/security/cve/CVE-2025-67725.html * https://www.suse.com/security/cve/CVE-2025-67726.html * https://bugzilla.suse.com/show_bug.cgi?id=1240532 * https://bugzilla.suse.com/show_bug.cgi?id=1246130 * https://bugzilla.suse.com/show_bug.cgi?id=1254325 * https://bugzilla.suse.com/show_bug.cgi?id=1254903 * https://bugzilla.suse.com/show_bug.cgi?id=1254904 * https://bugzilla.suse.com/show_bug.cgi?id=1254905 * https://jira.suse.com/browse/MSQA-1040 . An important update for SUSE Multi-Linux Manager addresses three vulnerabilities and enhances security features.. SUSE Multi-Linux Manager, security update, Salt Bundle, Linux vulnerabilities, patch management. . Severity: Important. LinuxSecurity.com Team
Feb 25, 2026
•Important
SuSE
217
security advisoryDoSpackagingOracle Linux 8: ELSA-2025-3210 Important Update: podman DoS
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-3210 http://linux.oracle.com/errata/ELSA-2025-3210.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable LinuxNetwork: x86_64: aardvark-dns-1.10.1-2.module+el8.10.0+90541+332b2aa7.x86_64.rpm buildah-1.33.12-1.module+el8.10.0+90541+332b2aa7.x86_64.rpm buildah-tests-1.33.12-1.module+el8.10.0+90541+332b2aa7.x86_64.rpm cockpit-podman-84.1-1.module+el8.10.0+90541+332b2aa7.noarch.rpm conmon-2.1.10-1.module+el8.10.0+90541+332b2aa7.x86_64.rpm containernetworking-plugins-1.4.0-5.module+el8.10.0+90541+332b2aa7.x86_64.rpm containers-common-1-82.0.1.module+el8.10.0+90541+332b2aa7.x86_64.rpm container-selinux-2.229.0-2.module+el8.10.0+90541+332b2aa7.noarch.rpm crit-3.18-5.module+el8.10.0+90541+332b2aa7.x86_64.rpm criu-3.18-5.module+el8.10.0+90541+332b2aa7.x86_64.rpm criu-devel-3.18-5.module+el8.10.0+90541+332b2aa7.x86_64.rpm criu-libs-3.18-5.module+el8.10.0+90541+332b2aa7.x86_64.rpm crun-1.14.3-2.module+el8.10.0+90541+332b2aa7.x86_64.rpm fuse-overlayfs-1.13-1.module+el8.10.0+90541+332b2aa7.x86_64.rpm libslirp-4.4.0-2.module+el8.10.0+90541+332b2aa7.x86_64.rpm libslirp-devel-4.4.0-2.module+el8.10.0+90541+332b2aa7.x86_64.rpm netavark-1.10.3-1.module+el8.10.0+90541+332b2aa7.x86_64.rpm oci-seccomp-bpf-hook-1.2.10-1.module+el8.10.0+90541+332b2aa7.x86_64.rpm podman-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.x86_64.rpm podman-catatonit-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.x86_64.rpm podman-docker-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.noarch.rpm podman-gvproxy-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.x86_64.rpm podman-plugins-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.x86_64.rpm podman-remote-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.x86_64.rpm podman-tests-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.x86_64.rpm python3-criu-3.18-5.module+el8.10.0+90541+332b2aa7.x86_64.rpm python3-podman-4.9.0-3.module+el8.10.0+90541+332b2aa7.noarch.rpm runc-1.1.12-6.module+el8.10.0+90541+332b2aa7.x86_64.rpm skopeo-1.14.5-3.module+el8.10.0+90541+332b2aa7.x86_64.rpm skopeo-tests-1.14.5-3.module+el8.10.0+90541+332b2aa7.x86_64.rpm slirp4netns-1.2.3-1.module+el8.10.0+90541+332b2aa7.x86_64.rpm udica-0.2.6-21.module+el8.10.0+90541+332b2aa7.noarch.rpm aarch64: aardvark-dns-1.10.1-2.module+el8.10.0+90541+332b2aa7.aarch64.rpm buildah-1.33.12-1.module+el8.10.0+90541+332b2aa7.aarch64.rpm buildah-tests-1.33.12-1.module+el8.10.0+90541+332b2aa7.aarch64.rpm cockpit-podman-84.1-1.module+el8.10.0+90541+332b2aa7.noarch.rpm conmon-2.1.10-1.module+el8.10.0+90541+332b2aa7.aarch64.rpm containernetworking-plugins-1.4.0-5.module+el8.10.0+90541+332b2aa7.aarch64.rpm containers-common-1-82.0.1.module+el8.10.0+90541+332b2aa7.aarch64.rpm container-selinux-2.229.0-2.module+el8.10.0+90541+332b2aa7.noarch.rpm crit-3.18-5.module+el8.10.0+90541+332b2aa7.aarch64.rpm criu-3.18-5.module+el8.10.0+90541+332b2aa7.aarch64.rpm criu-devel-3.18-5.module+el8.10.0+90541+332b2aa7.aarch64.rpm criu-libs-3.18-5.module+el8.10.0+90541+332b2aa7.aarch64.rpm crun-1.14.3-2.module+el8.10.0+90541+332b2aa7.aarch64.rpm fuse-overlayfs-1.13-1.module+el8.10.0+90541+332b2aa7.aarch64.rpm libslirp-4.4.0-2.module+el8.10.0+90541+332b2aa7.aarch64.rpm libslirp-devel-4.4.0-2.module+el8.10.0+90541+332b2aa7.aarch64.rpm netavark-1.10.3-1.module+el8.10.0+90541+332b2aa7.aarch64.rpm oci-seccomp-bpf-hook-1.2.10-1.module+el8.10.0+90541+332b2aa7.aarch64.rpm podman-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.aarch64.rpm podman-catatonit-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.aarch64.rpm podman-docker-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.noarch.rpm podman-gvproxy-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.aarch64.rpm podman-plugins-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.aarch64.rpm podman-remote-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.aarch64.rpm podman-tests-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.aarch64.rpm python3-criu-3.18-5.module+el8.10.0+90541+332b2aa7.aarch64.rpm python3-podman-4.9.0-3.module+el8.10.0+90541+332b2aa7.noarch.rpm runc-1.1.12-6.module+el8.10.0+90541+332b2aa7.aarch64.rpm skopeo-1.14.5-3.module+el8.10.0+90541+332b2aa7.aarch64.rpm skopeo-tests-1.14.5-3.module+el8.10.0+90541+332b2aa7.aarch64.rpm slirp4netns-1.2.3-1.module+el8.10.0+90541+332b2aa7.aarch64.rpm udica-0.2.6-21.module+el8.10.0+90541+332b2aa7.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//aardvark-dns-1.10.1-2.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//buildah-1.33.12-1.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//cockpit-podman-84.1-1.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//conmon-2.1.10-1.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//containernetworking-plugins-1.4.0-5.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//containers-common-1-82.0.1.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//container-selinux-2.229.0-2.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//criu-3.18-5.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//crun-1.14.3-2.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//fuse-overlayfs-1.13-1.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//libslirp-4.4.0-2.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//netavark-1.10.3-1.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//oci-seccomp-bpf-hook-1.2.10-1.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//podman-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-podman-4.9.0-3.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//runc-1.1.12-6.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//skopeo-1.14.5-3.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//slirp4netns-1.2.3-1.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//udica-0.2.6-21.module+el8.10.0+90541+332b2aa7.src.rpm Related CVEs: CVE-2025-22869 Description ofchanges: aardvark-dns buildah cockpit-podman conmon containernetworking-plugins containers-common [1-82.0.1] - Updated removed references [Orabug: 33473101] (Alex Burmashev) - Adjust registries.conf (Nikita Gerasimov) - remove references to RedHat registry (Nikita Gerasimov) [2:1-82] - update vendored components - Resolves: RHEL-40801 [2:1-81] - Update shortnames from Pyxis - Related: Jira:RHEL-2110 [2:1-80] - bump release to preserve upgrade path - Resolves: Jira:RHEL-12277 [2:1-59] - update vendored components - Related: Jira:RHEL-2110 [2:1-58] - update vendored components - Related: Jira:RHEL-2110 [2:1-57] - fix shortnames for rhel-minimal - Related: Jira:RHEL-2110 [2:1-56] - implement GPG auto updating mechanism from redhat-release - Resolves: #RHEL-2110 [2:1-55] - update GPG keys to the current content of redhat-release - Resolves: #RHEL-3164 [2:1-54] - update vendored components and shortnames - Related: #2176055 [2:1-53] - update vendored components - Related: #2176055 [2:1-52] - update vendored components - Related: #2176055 [2:1-51] - be sure default_capabilities contain SYS_CHROOT - Resolves: #2166195 [2:1-50] - improve shortnames generation - Related: #2176055 [2:1-49] - update vendored components and configuration files - Related: #2123641 [2:1-48] - update vendored components and configuration files - Related: #2123641 [2:1-47] - enable NET_RAW capability for RHEL8 only - Related: #2123641 [2:1-46] - update vendored components and configuration files - Related: #2123641 [2:1-45] - update vendored components and configuration files - Related: #2123641 [2:1-44] - update vendored components and configuration files - Related: #2123641 [2:1-43] - update vendored components and configuration files - Related: #2123641 [2:1-42] - update vendored components and configuration files - Related: #2123641 [2:1-41] - add beta GPG key - Related: #2123641 [2:1-40] - add beta keys to default-policy.json - Related: #2061390 [2:1-39] - update shortnames - Related: #2061390 [2:1-38] - archlimitation because of go-md2man (missing on i686) - Related: #2061390 [2:1-37] - add install section - update vendored components - Related: #2061390 [2:1-36] - remove aardvark-dns and netavark - packaged separately - update vendored components and configuration files - Related: #2061390 [2:1-35] - update vendored components and configuration files - Related: #2061390 [2:1-34] - remove rhel-els and update shortnames - Related: #2061390 [2:1-33] - update shortnames - Related: #2061390 [2:1-32] - additional fix for unqualified registries - Related: #2061390 [2:1-31] - fix unqualified registries - Related: #2061390 [2:1-30] - update vendored components and configuration files - Related: #2061390 [2:1-29] - update unqualified registries list - Related: #2061390 [2:1-28] - update aardvark-dns and netavark to 1.0.3 - update vendored components - Related: #2061390 [2:1-27] - add man page sources too - Related: #2061390 [2:1-26] - add missing man pages from Fedora - Related: #2061390 [2:1-25] - allow consuming aardvark-dns and netavark from upstream branch - Related: #2061390 [2:1-24] - update to netavark and aardvark-dns 1.0.2 - update vendored components - Related: #2061390 [2:1-23] - update to netavark and aardvark-dns 1.0.1 - Related: #2001445 [2:1-22] - build rust packages with RUSTFLAGS set to make ExecShield happy - Related: #2001445 [2:1-21] - do not specify infra_image in containers.conf - needed to resolve gating test failures - Related: #2001445 [2:1-20] - update to netavark-1.0.0 and aardvark-dns-1.0.0 - Related: #2001445 [2:1-19] - package aarvark-dns and netavark as part of the containers-common - Related: #2001445 [2:1-18] - update shortnames and vendored components - Related: #2001445 [2:1-17] - containers.conf should contain network_backend = "cni" in RHEL8.6 - Related: #2001445 [2:1-16] - update vendored components and configuration files - Related: #2001445 [2:1-15] - sync vendored components - Related: #2001445 [2:1-14] - sync vendored components - Related:#2001445 [2:1-13] - update shortnames from Pyxis - Related: #2001445 [2:1-12] - do not allow broken content from Pyxis to land in shortnames.conf - Related: #2001445 [2:1-11] - sync vendored components - update shortnames from Pyxis - Related: #2001445 [2:1-10] - use log_driver = "journald" and events_logger = "journald" for RHEL9 - Related: #2001445 [2:1-9] - consume seccomp.json from the oldest vendored version of c/common, not main branch - Related: #2001445 [2:1-8] - update vendored components - Related: #2001445 [2:1-7] - make log_driver = "k8s-file" default in containers.conf - Related: #2001445 [2:1-6] - sync vendored components - Related: #2001445 [2:1-5] - update to the new vendored components - Related: #2001445 [2:1-4] - update to the new vendored components - Related: #2001445 [2:1-3] - update to the new vendored components - Related: #2001445 [2:1-2] - synchronize config files for RHEL-8.5 - Related: #1934415 [2:1-1] - initial import - Related: #1934415 container-selinux criu crun fuse-overlayfs libslirp netavark oci-seccomp-bpf-hook podman [4.9.4-20.0.1] - Fixes issue of container created in cgroupv2 not start in cgroupv1 [Orabug: 36136813] - Fixes container memory limit not set after host is rebooted with cgroupv2 [Orabug: 36136802] - Fixes issue of podman execvp error while using podmansh [Orabug: 36756665] [4:4.9.4-20] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/0e11f82) - fixes "CVE-2025-22869 container-tools:rhel8/podman: Potential denial of service in golang.org/x/crypto [rhel-8.10.z]" - Resolves: RHEL-81299 python-podman runc skopeo slirp4netns udica _______________________________________________ El-errata mailing list
Apr 04, 2025
•Important
Oracle
100
security advisorycriticalsecurity fixSUSE: 2024:4007-1 critical: SUSE Manager 4.3 Security Update
* bsc#1146701 * bsc#1211899 * bsc#1212985 * bsc#1217003 * bsc#1217338 . # Maintenance update for SUSE Manager 4.3 Release Notes Announcement ID: SUSE-SU-2024:4007-1 Release Date: 2024-11-18T13:20:16Z Rating: critical References: * bsc#1146701 * bsc#1211899 * bsc#1212985 * bsc#1217003 * bsc#1217338 * bsc#1217978 * bsc#1218090 * bsc#1219450 * bsc#1219645 * bsc#1219887 * bsc#1221435 * bsc#1221505 * bsc#1223312 * bsc#1223988 * bsc#1224108 * bsc#1224209 * bsc#1225603 * bsc#1225619 * bsc#1225960 * bsc#1226090 * bsc#1226439 * bsc#1226461 * bsc#1226478 * bsc#1226687 * bsc#1226917 * bsc#1227133 * bsc#1227334 * bsc#1227406 * bsc#1227526 * bsc#1227543 * bsc#1227599 * bsc#1227606 * bsc#1227746 * bsc#1228036 * bsc#1228101 * bsc#1228130 * bsc#1228147 * bsc#1228286 * bsc#1228326 * bsc#1228345 * bsc#1228412 * bsc#1228545 * bsc#1228638 * bsc#1228851 * bsc#1228945 * bsc#1229079 * bsc#1229178 * bsc#1229260 * bsc#1229339 * bsc#1231332 * bsc#1231852 * bsc#1231900 * bsc#1231922 * jsc#MSQA-863 Cross-References: * CVE-2024-47533 * CVE-2024-49502 * CVE-2024-49503 CVSS scores: * CVE-2024-47533 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-49502 ( SUSE ): 4.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-49502 ( SUSE ): 3.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N * CVE-2024-49503 ( SUSE ): 4.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-49503 ( SUSE ): 3.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves three vulnerabilities, contains one feature and has 50 security fixes can now be installed. ## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.3 ### Description: This update fixes the followingissues: release-notes-susemanager-proxy: * Update to SUSE Manager 4.3.14 * Bugs mentioned: bsc#1217003, bsc#1221505, bsc#1225619, bsc#1225960, bsc#1226917 bsc#1227606, bsc#1228036, bsc#1228345, bsc#1228851, bsc#1229079 bsc#1229260, bsc#1229339 ## Security update for SUSE Manager Server 4.3 ### Description: This update fixes the following issues: release-notes-susemanager: * Update to SUSE Manager 4.3.14 * Ubuntu 24.04 support as client * Product migration from RHEL and Clones to SUSE Liberty Linux * POS image templates now produce compressed images * Date format for API endpoints has been changed to ISO-8601 format * Security issues fixed: CVE-2024-47533, CVE-2024-49502, CVE-2024-49503 * Bugs mentioned: bsc#1146701, bsc#1211899, bsc#1212985, bsc#1217003, bsc#1217338 bsc#1217978, bsc#1218090, bsc#1219450, bsc#1219645, bsc#1219887 bsc#1221435, bsc#1221505, bsc#1223312, bsc#1223988, bsc#1224108 bsc#1224209, bsc#1225603, bsc#1225619, bsc#1225960, bsc#1226090 bsc#1226439, bsc#1226461, bsc#1226478, bsc#1226687, bsc#1226917 bsc#1227133, bsc#1227334, bsc#1227406, bsc#1227526, bsc#1227543 bsc#1227599, bsc#1227606, bsc#1227746, bsc#1228036, bsc#1228101 bsc#1228130, bsc#1228147, bsc#1228286, bsc#1228326, bsc#1228345 bsc#1228412, bsc#1228545, bsc#1228638, bsc#1228851, bsc#1228945 bsc#1229079, bsc#1229178, bsc#1229260, bsc#1229339, bsc#1231332 bsc#1231852, bsc#1231922, bsc#1231900 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-4007=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-4007=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-4007=1 * SUSE Manager Server 4.3 zypper in -t patchSUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-4007=1 ## Package List: * openSUSE Leap 15.4 (noarch) * release-notes-susemanager-proxy-4.3.14-150400.3.90.1 * release-notes-susemanager-4.3.14-150400.3.122.1 * SUSE Manager Proxy 4.3 (noarch) * release-notes-susemanager-proxy-4.3.14-150400.3.90.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * release-notes-susemanager-proxy-4.3.14-150400.3.90.1 * SUSE Manager Server 4.3 (noarch) * release-notes-susemanager-4.3.14-150400.3.122.1 ## References: * https://www.suse.com/security/cve/CVE-2024-47533.html * https://www.suse.com/security/cve/CVE-2024-49502.html * https://www.suse.com/security/cve/CVE-2024-49503.html * https://bugzilla.suse.com/show_bug.cgi?id=1146701 * https://bugzilla.suse.com/show_bug.cgi?id=1211899 * https://bugzilla.suse.com/show_bug.cgi?id=1212985 * https://bugzilla.suse.com/show_bug.cgi?id=1217003 * https://bugzilla.suse.com/show_bug.cgi?id=1217338 * https://bugzilla.suse.com/show_bug.cgi?id=1217978 * https://bugzilla.suse.com/show_bug.cgi?id=1218090 * https://bugzilla.suse.com/show_bug.cgi?id=1219450 * https://bugzilla.suse.com/show_bug.cgi?id=1219645 * https://bugzilla.suse.com/show_bug.cgi?id=1219887 * https://bugzilla.suse.com/show_bug.cgi?id=1221435 * https://bugzilla.suse.com/show_bug.cgi?id=1221505 * https://bugzilla.suse.com/show_bug.cgi?id=1223312 * https://bugzilla.suse.com/show_bug.cgi?id=1223988 * https://bugzilla.suse.com/show_bug.cgi?id=1224108 * https://bugzilla.suse.com/show_bug.cgi?id=1224209 * https://bugzilla.suse.com/show_bug.cgi?id=1225603 * https://bugzilla.suse.com/show_bug.cgi?id=1225619 * https://bugzilla.suse.com/show_bug.cgi?id=1225960 * https://bugzilla.suse.com/show_bug.cgi?id=1226090 * https://bugzilla.suse.com/show_bug.cgi?id=1226439 * https://bugzilla.suse.com/show_bug.cgi?id=1226461 * https://bugzilla.suse.com/show_bug.cgi?id=1226478 * https://bugzilla.suse.com/show_bug.cgi?id=1226687 *https://bugzilla.suse.com/show_bug.cgi?id=1226917 * https://bugzilla.suse.com/show_bug.cgi?id=1227133 * https://bugzilla.suse.com/show_bug.cgi?id=1227334 * https://bugzilla.suse.com/show_bug.cgi?id=1227406 * https://bugzilla.suse.com/show_bug.cgi?id=1227526 * https://bugzilla.suse.com/show_bug.cgi?id=1227543 * https://bugzilla.suse.com/show_bug.cgi?id=1227599 * https://bugzilla.suse.com/show_bug.cgi?id=1227606 * https://bugzilla.suse.com/show_bug.cgi?id=1227746 * https://bugzilla.suse.com/show_bug.cgi?id=1228036 * https://bugzilla.suse.com/show_bug.cgi?id=1228101 * https://bugzilla.suse.com/show_bug.cgi?id=1228130 * https://bugzilla.suse.com/show_bug.cgi?id=1228147 * https://bugzilla.suse.com/show_bug.cgi?id=1228286 * https://bugzilla.suse.com/show_bug.cgi?id=1228326 * https://bugzilla.suse.com/show_bug.cgi?id=1228345 * https://bugzilla.suse.com/show_bug.cgi?id=1228412 * https://bugzilla.suse.com/show_bug.cgi?id=1228545 * https://bugzilla.suse.com/show_bug.cgi?id=1228638 * https://bugzilla.suse.com/show_bug.cgi?id=1228851 * https://bugzilla.suse.com/show_bug.cgi?id=1228945 * https://bugzilla.suse.com/show_bug.cgi?id=1229079 * https://bugzilla.suse.com/show_bug.cgi?id=1229178 * https://bugzilla.suse.com/show_bug.cgi?id=1229260 * https://bugzilla.suse.com/show_bug.cgi?id=1229339 * https://bugzilla.suse.com/show_bug.cgi?id=1231332 * https://bugzilla.suse.com/show_bug.cgi?id=1231852 * https://bugzilla.suse.com/show_bug.cgi?id=1231900 * https://bugzilla.suse.com/show_bug.cgi?id=1231922 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FMSQA-863&page_caps=&user_role= . The recent update for SUSE Manager 4.3 brings essential security improvements and upgrades scheduled for release in November 2024.. SUSE Manager updates, security patch, critical vulnerabilities, maintenance release. . Severity: Critical. LinuxSecurity.com Team
Nov 18, 2024
•Critical
SuSE
100
security advisorysecurity issuecriticalSUSE: 2024:4009-1 critical: SUSE Manager 5.0 Security Fixes
* bsc#1228945 * bsc#1229077 * bsc#1229923 * bsc#1230255 * bsc#1230536 . # Maintenance update for SUSE Manager 5.0: Server, Proxy and Retail Branch Server Announcement ID: SUSE-SU-2024:4009-1 Release Date: 2024-11-18T13:21:54Z Rating: critical References: * bsc#1228945 * bsc#1229077 * bsc#1229923 * bsc#1230255 * bsc#1230536 * bsc#1231332 * bsc#1231568 * bsc#1231852 * bsc#1231900 * bsc#1231922 * jsc#MSQA-863 Cross-References: * CVE-2024-47533 * CVE-2024-49502 * CVE-2024-49503 CVSS scores: * CVE-2024-47533 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-49502 ( SUSE ): 4.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-49502 ( SUSE ): 3.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N * CVE-2024-49503 ( SUSE ): 4.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-49503 ( SUSE ): 3.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise Micro 5.5 * SUSE Manager Proxy 5.0 Extension 5.0 * SUSE Manager Retail Branch Server 5.0 Extension 5.0 * SUSE Manager Server 5.0 Extension 5.0 An update that solves three vulnerabilities, contains one feature and has seven security fixes can now be installed. ## Recommended update for SUSE Manager Proxy 5.0 ### Description: This update fixes the following issues: proxy-httpd-image: * Version 5.0.8 * Store Proxy FQDN in rhn.conf for auth token use (bsc#1230255) proxy-salt-broker-image: * Version 5.0.8 * Update for next release proxy-squid-image: * Version 5.0.8 * Update for next release proxy-ssh-image: * Version 5.0.8 * Update for next release proxy-tftpd-image: * Version 5.0.8 * Update for next release ## Recommended update for SUSE Manager Retail Branch Server 5.0 ### Description: This update fixes the following issues: proxy-httpd-image: * Version 5.0.8 * Store Proxy FQDN in rhn.conf for auth token use(bsc#1230255) proxy-salt-broker-image: * Version 5.0.8 * Update for next release proxy-squid-image: * Version 5.0.8 * Update for next release proxy-ssh-image: * Version 5.0.8 * Update for next release proxy-tftpd-image: * Version 5.0.8 * Update for next release ## Security update for SUSE Manager Server 5.0 ### Description: This update fixes the following issues: server-attestation-image: * Version 5.0.6 * Update for next release server-hub-xmlrpc-api-image: * Version 5.0.8 * Update for next release server-image: * Version 5.0.9 * Add HANA and cluster formulas to Server image (bsc#1230536) * Use /etc/krb5.conf.d for all kerberos related configurations (bsc#1229077) * Do not install outdated package "spacewalk-utils-extras" on Server image (bsc#1228945) * Fix package name search when syncing volumes data (bsc#1229923) server-migration-14-16-image: * Version 5.0.9 * Update for next release susemanager-sync-data: * Version 5.0.8-0 * Add SUSE Linux Enterprise 15 SP5 LTSS channel families * Add MicroOS PPC channel family * Set Ubuntu 22.04 to released * Version 5.0.7-0 * Add Ubuntu 24.04 support * Add channel family for SLES 12 SP5 LTSS Extended Security ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Proxy 5.0 Extension 5.0 zypper in -t patch SUSE-SUSE-Manager-Proxy-5.0-2024-4009=1 * SUSE Manager Retail Branch Server 5.0 Extension 5.0 zypper in -t patch SUSE-SUSE-Manager-Retail-Branch-Server-5.0-2024-4009=1 * SUSE Manager Server 5.0 Extension 5.0 zypper in -t patch SUSE-SUSE-Manager-Server-5.0-2024-4009=1 ## Package List: * SUSE Manager Proxy 5.0 Extension 5.0 (aarch64) * suse-manager-5.0-aarch64-proxy-ssh-image-5.0.2-7.6.9 * suse-manager-5.0-aarch64-proxy-squid-image-5.0.2-7.6.11 *suse-manager-5.0-aarch64-proxy-httpd-image-5.0.2-7.6.29 * suse-manager-5.0-aarch64-proxy-tftpd-image-5.0.2-7.6.9 * suse-manager-5.0-aarch64-proxy-salt-broker-image-5.0.2-7.6.30 * SUSE Manager Proxy 5.0 Extension 5.0 (ppc64le) * suse-manager-5.0-ppc64le-proxy-salt-broker-image-5.0.2-7.6.30 * suse-manager-5.0-ppc64le-proxy-squid-image-5.0.2-7.6.11 * suse-manager-5.0-ppc64le-proxy-ssh-image-5.0.2-7.6.9 * suse-manager-5.0-ppc64le-proxy-httpd-image-5.0.2-7.6.29 * suse-manager-5.0-ppc64le-proxy-tftpd-image-5.0.2-7.6.9 * SUSE Manager Proxy 5.0 Extension 5.0 (s390x) * suse-manager-5.0-s390x-proxy-ssh-image-5.0.2-7.6.9 * suse-manager-5.0-s390x-proxy-salt-broker-image-5.0.2-7.6.30 * suse-manager-5.0-s390x-proxy-httpd-image-5.0.2-7.6.29 * suse-manager-5.0-s390x-proxy-squid-image-5.0.2-7.6.11 * suse-manager-5.0-s390x-proxy-tftpd-image-5.0.2-7.6.9 * SUSE Manager Proxy 5.0 Extension 5.0 (x86_64) * suse-manager-5.0-x86_64-proxy-tftpd-image-5.0.2-7.6.9 * suse-manager-5.0-x86_64-proxy-ssh-image-5.0.2-7.6.9 * suse-manager-5.0-x86_64-proxy-salt-broker-image-5.0.2-7.6.30 * suse-manager-5.0-x86_64-proxy-squid-image-5.0.2-7.6.11 * suse-manager-5.0-x86_64-proxy-httpd-image-5.0.2-7.6.29 * SUSE Manager Retail Branch Server 5.0 Extension 5.0 (aarch64) * suse-manager-5.0-aarch64-proxy-ssh-image-5.0.2-7.6.9 * suse-manager-5.0-aarch64-proxy-squid-image-5.0.2-7.6.11 * suse-manager-5.0-aarch64-proxy-httpd-image-5.0.2-7.6.29 * suse-manager-5.0-aarch64-proxy-tftpd-image-5.0.2-7.6.9 * suse-manager-5.0-aarch64-proxy-salt-broker-image-5.0.2-7.6.30 * SUSE Manager Retail Branch Server 5.0 Extension 5.0 (ppc64le) * suse-manager-5.0-ppc64le-proxy-salt-broker-image-5.0.2-7.6.30 * suse-manager-5.0-ppc64le-proxy-squid-image-5.0.2-7.6.11 * suse-manager-5.0-ppc64le-proxy-ssh-image-5.0.2-7.6.9 * suse-manager-5.0-ppc64le-proxy-httpd-image-5.0.2-7.6.29 * suse-manager-5.0-ppc64le-proxy-tftpd-image-5.0.2-7.6.9 * SUSE Manager Retail BranchServer 5.0 Extension 5.0 (s390x) * suse-manager-5.0-s390x-proxy-ssh-image-5.0.2-7.6.9 * suse-manager-5.0-s390x-proxy-salt-broker-image-5.0.2-7.6.30 * suse-manager-5.0-s390x-proxy-httpd-image-5.0.2-7.6.29 * suse-manager-5.0-s390x-proxy-squid-image-5.0.2-7.6.11 * suse-manager-5.0-s390x-proxy-tftpd-image-5.0.2-7.6.9 * SUSE Manager Retail Branch Server 5.0 Extension 5.0 (x86_64) * suse-manager-5.0-x86_64-proxy-tftpd-image-5.0.2-7.6.9 * suse-manager-5.0-x86_64-proxy-ssh-image-5.0.2-7.6.9 * suse-manager-5.0-x86_64-proxy-salt-broker-image-5.0.2-7.6.30 * suse-manager-5.0-x86_64-proxy-squid-image-5.0.2-7.6.11 * suse-manager-5.0-x86_64-proxy-httpd-image-5.0.2-7.6.29 * SUSE Manager Server 5.0 Extension 5.0 (aarch64) * suse-manager-5.0-aarch64-server-image-5.0.2-7.6.32 * suse-manager-5.0-aarch64-server-migration-14-16-image-5.0.2-7.6.25 * suse-manager-5.0-aarch64-server-attestation-image-5.0.2-6.6.9 * suse-manager-5.0-aarch64-server-hub-xmlrpc-api-image-5.0.2-6.6.12 * SUSE Manager Server 5.0 Extension 5.0 (ppc64le) * suse-manager-5.0-ppc64le-server-image-5.0.2-7.6.32 * suse-manager-5.0-ppc64le-server-attestation-image-5.0.2-6.6.9 * suse-manager-5.0-ppc64le-server-hub-xmlrpc-api-image-5.0.2-6.6.12 * suse-manager-5.0-ppc64le-server-migration-14-16-image-5.0.2-7.6.25 * SUSE Manager Server 5.0 Extension 5.0 (s390x) * suse-manager-5.0-s390x-server-migration-14-16-image-5.0.2-7.6.25 * suse-manager-5.0-s390x-server-attestation-image-5.0.2-6.6.9 * suse-manager-5.0-s390x-server-hub-xmlrpc-api-image-5.0.2-6.6.12 * suse-manager-5.0-s390x-server-image-5.0.2-7.6.32 * SUSE Manager Server 5.0 Extension 5.0 (x86_64) * suse-manager-5.0-x86_64-server-image-5.0.2-7.6.32 * suse-manager-5.0-x86_64-server-hub-xmlrpc-api-image-5.0.2-6.6.12 * suse-manager-5.0-x86_64-server-attestation-image-5.0.2-6.6.9 * suse-manager-5.0-x86_64-server-migration-14-16-image-5.0.2-7.6.25 ## References: *https://www.suse.com/security/cve/CVE-2024-47533.html * https://www.suse.com/security/cve/CVE-2024-49502.html * https://www.suse.com/security/cve/CVE-2024-49503.html * https://bugzilla.suse.com/show_bug.cgi?id=1228945 * https://bugzilla.suse.com/show_bug.cgi?id=1229077 * https://bugzilla.suse.com/show_bug.cgi?id=1229923 * https://bugzilla.suse.com/show_bug.cgi?id=1230255 * https://bugzilla.suse.com/show_bug.cgi?id=1230536 * https://bugzilla.suse.com/show_bug.cgi?id=1231332 * https://bugzilla.suse.com/show_bug.cgi?id=1231568 * https://bugzilla.suse.com/show_bug.cgi?id=1231852 * https://bugzilla.suse.com/show_bug.cgi?id=1231900 * https://bugzilla.suse.com/show_bug.cgi?id=1231922 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FMSQA-863&page_caps=&user_role= . Key maintenance release for SUSE Manager version 5.0 targeting significant vulnerabilities and bug resolutions, enhancing overall security and performance across various components.. SUSE Manager Update, Security Fixes, Critical Maintenance, SUSE Linux Updates. . Severity: Critical. LinuxSecurity.com Team
Nov 18, 2024
•Critical
SuSE
100
security advisorymoderatedenial of serviceSUSE Manager 4.3 Security Update: 2024:1507-1 Moderate Denial of Service
* bsc#1170848 * bsc#1208572 * bsc#1214340 * bsc#1214387 * bsc#1216085 . # Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server Announcement ID: SUSE-SU-2024:1507-1 Rating: moderate References: * bsc#1170848 * bsc#1208572 * bsc#1214340 * bsc#1214387 * bsc#1216085 * bsc#1217204 * bsc#1217874 * bsc#1218764 * bsc#1218805 * bsc#1218931 * bsc#1218957 * bsc#1219061 * bsc#1219233 * bsc#1219634 * bsc#1219875 * bsc#1220101 * bsc#1220169 * bsc#1220194 * bsc#1220221 * bsc#1220376 * bsc#1220705 * bsc#1220726 * bsc#1220903 * bsc#1220980 * bsc#1221111 * bsc#1221182 * bsc#1221279 * bsc#1221465 * bsc#1221571 * bsc#1221784 * bsc#1221922 * bsc#1222110 * bsc#1222347 * jsc#MSQA-760 Cross-References: * CVE-2023-51775 CVSS scores: * CVE-2023-51775 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 Module 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that solves one vulnerability, contains one feature and has 32 security fixes can now be installed. ## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.3 ### Description: This update fixes the following issues: mgr-daemon: * Version 4.3.9-0 * Update translation strings spacecmd: * Version 4.3.27-0 * Update translation strings spacewalk-backend: * Version 4.3.28-0 * Strip whitespace from .deb package metadata (bsc#1214387) * Fix inserting NULL into some columns during ISSv1 sync (bsc#1220980) * Add support for package signature type V4 RSA/SHA512 (bsc#1221465) * Unquote HTML-encoded credentials before synchronizing repositories (bsc#1217204) spacewalk-certs-tools: * Version 4.3.23-0 * Fix liberty bootstrapping when zypper is installed (bsc#1222347) * Apply reboot method changes for transactional systems in the bootstrap script spacewalk-client-tools: * Version 4.3.19-0 * Update translation strings spacewalk-web: * Version 4.3.38-0 * Upgrade json5 to 2.2.3 * Upgrade semver to 7.6.0 * Add one-shot action execution to recurring custom state create/edit * Add two filters for rpmlint in package spacewalk-web: explicit-lib- dependency and filename-too-long-for-joliet * Fix virtual systems filters (bsc#1208572) * Improve CLM Create New Filter button * Bump the WebUI version to 4.3.12 uyuni-common-libs: * Version 4.3.10-0 * Add support for package signature type V4 RSA/SHA384 * Add support for package signature type V4 RSA/SHA512 (bsc#1221465) uyuni-proxy-systemd-services: * Version 4.3.12-0 * Update to SUSE Manager 4.3.12 * Version 4.3.11-1 * Update the image version How to apply this update: 1. Log in as root user to the SUSE Manager Proxy or Retail Branch Server. 2. Stop the proxy service: `spacewalk-proxy stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-proxy start` ## Security update for SUSE Manager Server 4.3 ### Description: This update fixes the following issues: cobbler: * Provide option to use pre-built GRUB bootloader * Prevent parallel executions of cobbler sync actions (bsc#1218764) image-sync-formula: * Update to version 0.1.1711646883.4a44375 * Add missing URL tag * Update license to SPDX syntax inter-server-sync: * Version 0.3.3-1 * Correct primary key export for table suseproductsccrepository (bsc#1220169) jose4j: * CVE-2023-51775: Fix denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value (bsc#1220726) smdba: * Version 1.7.13 * postmaster no longer exists from > =16 and it's an alias for postgresql, using postgresql command spacecmd: * Version 4.3.27-0 * Update translation strings spacewalk-backend: * Version 4.3.28-0 * Strip whitespace from .deb package metadata (bsc#1214387) * Fix inserting NULL into some columnsduring ISSv1 sync (bsc#1220980) * Add support for package signature type V4 RSA/SHA512 (bsc#1221465) * Unquote HTML-encoded credentials before synchronizing repositories (bsc#1217204) spacewalk-certs-tools: * Version 4.3.23-0 * Fix liberty bootstrapping when zypper is installed (bsc#1222347) * Apply reboot method changes for transactional systems in the bootstrap script spacewalk-client-tools: * Version 4.3.19-0 * Update translation strings spacewalk-config: * Version 4.3.13-0 * Be explicit about default Apache configs being overwritten on updates and point to making custom configs. (bsc#1219061) spacewalk-java: * Version 4.3.73-0 * New API endpoint for getRelevantErrata. It takes multiple servers as argument and it returns an array of maps representing the errata that can be applied to each system * Version 4.3.72-0 * Use execution module call to detect client instance flavor (PAYG/BYOS) in public cloud (bsc#1218805) * Update help text for the custom repo filter field (bsc#1217874) * Fix issue where Salt cannot access autoinstallation files (bsc#1220221) * Fix issue when checking for credential duplication (bsc#1218957) * Fix matching epoch while creating Ubuntu erratas * When an action that belongs to an action chain is unscheduled, unschedule the action chain as well (bsc#1221784) * Reschedule failed SSH actions caused by a connection error due to a scheduled reboot * Fix removal of old IPv6 addresses (bsc#1214340) * Do not automatically add child channels outside of selected base channel (bsc#1220101) * Fix listProxies API call (bsc#1219233) * Fix system.provisionSystem when called via HTTP API (bsc#1219875) * Remove package sync not available message in Software > Packages > Profile since it is no longer available for supported clients (bsc#1221279) * Fix login for read-only users when using HTTP API (bsc#1221111) * Add one-shot action execution to recurring custom state create/edit * Fix a typo in'Deploy Files' page * Drop system password as identifier on SCC system registration (bsc#1219634, bsc#1221182) * Fix memory size extraction in virtual instances (bsc#1219634) * Fix virtual systems filters (bsc#1208572) * Update license to include the year 2024 * Add timeout for SMTP server connection (bsc#1218931) * Commit Salt event removal in case of process failure (bsc#1218931) * Users with API read only are only allowed to make GET requests * Ignore retry suffix when getting recurring action id from schedule name * Sort CLM project filters by filter name spacewalk-web: * Version 4.3.38-0 * Upgrade json5 to 2.2.3 * Upgrade semver to 7.6.0 * Add one-shot action execution to recurring custom state create/edit * Fix virtual systems filters (bsc#1208572) * Improve CLM Create New Filter button * Bump the WebUI version to 4.3.12 subscription-matcher: * Version 0.37 * add missing part number (bsc#1221922) * Fix penalties logging by initializing the score director consistently * Removed wrong apache-commons-lang dependency * Version 0.36 * Fixed Log4j 2 initialization supportutils-plugin-susemanager: * Version 4.3.11-0 * Add Salt and Reposync connections to minimum required DB connections calculation susemanager: * Version 4.3.35-0 * Add bootstrap repository definition for openSUSE Leap 15.6 * Add bootstrap repository definition for SUSE Linux Enterprise 15 SP6 susemanager-docs_en: * Removed Debian 10 from the list of supported clients * Added new workflow describing updating of clients using recurring actions to Commown Workflows * Added documentation on adding a storage device for VMWare * Documented registercloudguest tools for registering public cloud installation (BYOS) by adding a reference to the Public Cloud Guide * Added information about requirements for the PostgreSQL database to the Installation and Upgrade Guide (bsc#1220376) * Fixed the instructions for SSL Certificates (bsc#1219061) * Remove package syncparagraph in package-management doc since it is not available for Salt clients and traditional clients are no longer supported (bsc#1221279) * Fixed incorrect reference to SUSE Linux Enterprise Server 15 SP5 as base product for SUSE Manager 4.3, even in public cloud * Updated VM based installation for 4.3 VM image with ignition or cloudinit in Installation and Upgrade Guide * Added reference from Hub documentation to Inter-Server Synchronization in Large Deployment Guide * Documented Virtualization Guest and Virtualization Host Formula * Reformatted Supported Clients tables in Client Configuration Guide and Installation and Upgrade Guide * Add documentation about SMTP timeout configuration * Documented SSH key rotation in Salt Guide (bsc#1170848) * Documented liberate formula in Salt Guide * Fixed Prepare on-demand images section in Client Configuration * Fixed a changed configuration parameter for salt-ssh * Added Pay-as-you-go on the Cloud: FAQ document * Updated max-connections tuning recommendation in Large Deployment * Added troubleshooting instructions for setting up in public cloud (BYOS) to Administration Guide * Added section about migrating Enterprise Linux (EL) clients to SUSE Liberty Linux to Client Configuration Guide * Added detailed information about the messages produced by subscription matcher * Added Pay-as-you-go as supported service on Azure to the Public Cloud Guide * Added and fixed configuration details in Troubleshooting Renaming Server in Administration Guide susemanager-schema: * Version 4.3.25-0 * Add update-salt to internal state table susemanager-sls: * Version 4.3.41-0 * Use execution module call to detect client instance flavor (PAYG/BYOS) in public cloud (bsc#1218805) * Do not log dnf needs-restarting output in Salt's log (bsc#1220194) * Dynamically load an SELinux policy for "Push via SSH tunnel" for SELinux enabled clients. This policy allows communication over a custom SSH port *Fix reboot needed detection for SUSE systems * Fix SUSE Liberty Linux bootstrapping when Zypper is installed (bsc#1222347) * Distinguish between different SUSE versions when detecting if a reboot is needed (bsc#1220903, bsc#1221571) * Improve updatestack update in uptodate state * Add a standalone update-salt state * Add pillar check to skip reboot_if_needed state * Recognize .tar.xz and .ext4 image files (bsc#1216085) * Avoid issues on reactivating traditional clients as Salt managed * Fix the case of missing requisites on bootstrap (bsc#1220705) susemanager-sync-data: * Version 4.3.17-0 * AlmaLinux 9 PowerTools was renamed into CRB (bsc#1222110) uyuni-common-libs: * Version 4.3.10-0 * Add support for package signature type V4 RSA/SHA384 * Add support for package signature type V4 RSA/SHA512 (bsc#1221465) uyuni-reportdb-schema: * Version 4.3.10-0 * Provide reportdb upgrade schema path structure How to apply this update: 1. Log in as root user to the SUSE Manager Server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Proxy 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2024-1507=1 * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2024-1507=1 ## Package List: * SUSE Manager Proxy 4.3 Module 4.3 (noarch) * spacewalk-base-minimal-4.3.38-150400.3.42.6 * python3-spacewalk-certs-tools-4.3.23-150400.3.28.5 * python3-spacewalk-client-setup-4.3.19-150400.3.27.5 * python3-spacewalk-client-tools-4.3.19-150400.3.27.5 * mgr-daemon-4.3.9-150400.3.15.5 * spacewalk-backend-4.3.28-150400.3.41.7 *spacecmd-4.3.27-150400.3.36.5 * spacewalk-certs-tools-4.3.23-150400.3.28.5 * spacewalk-client-setup-4.3.19-150400.3.27.5 * spacewalk-client-tools-4.3.19-150400.3.27.5 * python3-spacewalk-check-4.3.19-150400.3.27.5 * spacewalk-check-4.3.19-150400.3.27.5 * spacewalk-base-minimal-config-4.3.38-150400.3.42.6 * SUSE Manager Proxy 4.3 Module 4.3 (x86_64) * python3-uyuni-common-libs-4.3.10-150400.3.18.4 * SUSE Manager Server 4.3 Module 4.3 (noarch) * spacewalk-java-lib-4.3.73-150400.3.79.1 * susemanager-docs_en-4.3-150400.9.56.4 * spacewalk-backend-package-push-server-4.3.28-150400.3.41.7 * spacewalk-backend-4.3.28-150400.3.41.7 * spacewalk-java-4.3.73-150400.3.79.1 * spacewalk-backend-iss-export-4.3.28-150400.3.41.7 * spacewalk-backend-xmlrpc-4.3.28-150400.3.41.7 * spacewalk-base-4.3.38-150400.3.42.6 * spacewalk-taskomatic-4.3.73-150400.3.79.1 * spacewalk-backend-sql-4.3.28-150400.3.41.7 * spacewalk-backend-sql-postgresql-4.3.28-150400.3.41.7 * python3-spacewalk-certs-tools-4.3.23-150400.3.28.5 * python3-spacewalk-client-tools-4.3.19-150400.3.27.5 * susemanager-docs_en-pdf-4.3-150400.9.56.4 * jose4j-0.5.1-150400.3.9.4 * spacewalk-backend-config-files-tool-4.3.28-150400.3.41.7 * spacecmd-4.3.27-150400.3.36.5 * spacewalk-certs-tools-4.3.23-150400.3.28.5 * susemanager-schema-4.3.25-150400.3.39.5 * spacewalk-backend-config-files-common-4.3.28-150400.3.41.7 * supportutils-plugin-susemanager-4.3.11-150400.3.21.4 * spacewalk-java-config-4.3.73-150400.3.79.1 * image-sync-formula-0.1.1711646883.4a44375-150400.3.18.4 * spacewalk-base-minimal-config-4.3.38-150400.3.42.6 * spacewalk-java-postgresql-4.3.73-150400.3.79.1 * subscription-matcher-0.37-150400.3.22.4 * susemanager-schema-utility-4.3.25-150400.3.39.5 * uyuni-reportdb-schema-4.3.10-150400.3.15.6 * spacewalk-backend-xml-export-libs-4.3.28-150400.3.41.7 * spacewalk-backend-iss-4.3.28-150400.3.41.7 *susemanager-sync-data-4.3.17-150400.3.25.4 * cobbler-3.3.3-150400.5.42.5 * spacewalk-backend-config-files-4.3.28-150400.3.41.7 * spacewalk-backend-applet-4.3.28-150400.3.41.7 * spacewalk-base-minimal-4.3.38-150400.3.42.6 * spacewalk-backend-app-4.3.28-150400.3.41.7 * uyuni-config-modules-4.3.41-150400.3.47.6 * susemanager-sls-4.3.41-150400.3.47.6 * spacewalk-html-4.3.38-150400.3.42.6 * spacewalk-client-tools-4.3.19-150400.3.27.5 * spacewalk-backend-tools-4.3.28-150400.3.41.7 * spacewalk-backend-server-4.3.28-150400.3.41.7 * spacewalk-config-4.3.13-150400.3.15.5 * SUSE Manager Server 4.3 Module 4.3 (ppc64le s390x x86_64) * smdba-1.7.13-0.150400.4.12.4 * susemanager-4.3.35-150400.3.48.6 * inter-server-sync-debuginfo-0.3.3-150400.3.30.4 * inter-server-sync-0.3.3-150400.3.30.4 * susemanager-tools-4.3.35-150400.3.48.6 * python3-uyuni-common-libs-4.3.10-150400.3.18.4 ## References: * https://www.suse.com/security/cve/CVE-2023-51775.html * https://bugzilla.suse.com/show_bug.cgi?id=1170848 * https://bugzilla.suse.com/show_bug.cgi?id=1208572 * https://bugzilla.suse.com/show_bug.cgi?id=1214340 * https://bugzilla.suse.com/show_bug.cgi?id=1214387 * https://bugzilla.suse.com/show_bug.cgi?id=1216085 * https://bugzilla.suse.com/show_bug.cgi?id=1217204 * https://bugzilla.suse.com/show_bug.cgi?id=1217874 * https://bugzilla.suse.com/show_bug.cgi?id=1218764 * https://bugzilla.suse.com/show_bug.cgi?id=1218805 * https://bugzilla.suse.com/show_bug.cgi?id=1218931 * https://bugzilla.suse.com/show_bug.cgi?id=1218957 * https://bugzilla.suse.com/show_bug.cgi?id=1219061 * https://bugzilla.suse.com/show_bug.cgi?id=1219233 * https://bugzilla.suse.com/show_bug.cgi?id=1219634 * https://bugzilla.suse.com/show_bug.cgi?id=1219875 * https://bugzilla.suse.com/show_bug.cgi?id=1220101 * https://bugzilla.suse.com/show_bug.cgi?id=1220169 * https://bugzilla.suse.com/show_bug.cgi?id=1220194 *https://bugzilla.suse.com/show_bug.cgi?id=1220221 * https://bugzilla.suse.com/show_bug.cgi?id=1220376 * https://bugzilla.suse.com/show_bug.cgi?id=1220705 * https://bugzilla.suse.com/show_bug.cgi?id=1220726 * https://bugzilla.suse.com/show_bug.cgi?id=1220903 * https://bugzilla.suse.com/show_bug.cgi?id=1220980 * https://bugzilla.suse.com/show_bug.cgi?id=1221111 * https://bugzilla.suse.com/show_bug.cgi?id=1221182 * https://bugzilla.suse.com/show_bug.cgi?id=1221279 * https://bugzilla.suse.com/show_bug.cgi?id=1221465 * https://bugzilla.suse.com/show_bug.cgi?id=1221571 * https://bugzilla.suse.com/show_bug.cgi?id=1221784 * https://bugzilla.suse.com/show_bug.cgi?id=1221922 * https://bugzilla.suse.com/show_bug.cgi?id=1222110 * https://bugzilla.suse.com/show_bug.cgi?id=1222347 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FMSQA-760&page_caps=&user_role= . SUSE Manager 4.3 undergoes regular security patches and enhancements for the server, proxy, and retail branch server elements.. SUSE Manager Updates, Server Security Advisory, Proxy Maintenance, Retail Branch Security. . LinuxSecurity.com Team
May 06, 2024
SuSE
100
security advisorycritical issuesoftware updateSUSE: 2024:1532-1 Important: SUSE Manager 4.3 Security Updates
* bsc#1170848 * bsc#1208572 * bsc#1214340 * bsc#1214387 * bsc#1216085 . # Maintenance update for SUSE Manager 4.3 Release Notes Announcement ID: SUSE-SU-2024:1532-1 Rating: important References: * bsc#1170848 * bsc#1208572 * bsc#1214340 * bsc#1214387 * bsc#1216085 * bsc#1217204 * bsc#1217874 * bsc#1218764 * bsc#1218805 * bsc#1218931 * bsc#1218957 * bsc#1219061 * bsc#1219233 * bsc#1219634 * bsc#1219875 * bsc#1220001 * bsc#1220101 * bsc#1220169 * bsc#1220194 * bsc#1220221 * bsc#1220376 * bsc#1220705 * bsc#1220726 * bsc#1220903 * bsc#1220980 * bsc#1221111 * bsc#1221182 * bsc#1221279 * bsc#1221465 * bsc#1221571 * bsc#1221784 * bsc#1221922 * bsc#1222110 * bsc#1222347 * jsc#MSQA-760 Cross-References: * CVE-2023-51775 CVSS scores: * CVE-2023-51775 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability, contains one feature and has 33 security fixes can now be installed. ## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.3 ### Description: This update fixes the following issues: release-notes-susemanager-proxy: * Update to SUSE Manager 4.3.12 * Bugs mentioned: bsc#1208572, bsc#1214387, bsc#1217204, bsc#1220980, bsc#1221465 bsc#1222347, bsc#1220001 ## Security update for SUSE Manager Server 4.3 ### Description: This update fixes the following issues: release-notes-susemanager: * Update to SUSE Manager 4.3.12 * Monitoring: Node exporter upgraded to 1.7.0 * Automatic migration from Salt 3000 to the Salt Bundle * New update-salt recurring state * uyuni-proxy-systemd-services package has been added to proxy channel * New Errata getRelevantErrata API endpoint * CVEs fixed: 2023-51775 * Bugs mentioned: bsc#1170848, bsc#1208572, bsc#1214340, bsc#1214387, bsc#1216085bsc#1217204, bsc#1217874, bsc#1218764, bsc#1218805, bsc#1218931 bsc#1218957, bsc#1219061, bsc#1219233, bsc#1219634, bsc#1219875 bsc#1220101, bsc#1220169, bsc#1220194, bsc#1220221, bsc#1220376 bsc#1220705, bsc#1220726, bsc#1220903, bsc#1220980, bsc#1221111 bsc#1221182, bsc#1221279, bsc#1221465, bsc#1221571, bsc#1221784 bsc#1221922, bsc#1222110, bsc#1222347 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-1532=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-1532=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1532=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-1532=1 ## Package List: * SUSE Manager Proxy 4.3 (noarch) * release-notes-susemanager-proxy-4.3.12-150400.3.82.3 * SUSE Manager Retail Branch Server 4.3 (noarch) * release-notes-susemanager-proxy-4.3.12-150400.3.82.3 * SUSE Manager Server 4.3 (noarch) * release-notes-susemanager-4.3.12-150400.3.108.2 * openSUSE Leap 15.4 (noarch) * release-notes-susemanager-proxy-4.3.12-150400.3.82.3 * release-notes-susemanager-4.3.12-150400.3.108.2 ## References: * https://www.suse.com/security/cve/CVE-2023-51775.html * https://bugzilla.suse.com/show_bug.cgi?id=1170848 * https://bugzilla.suse.com/show_bug.cgi?id=1208572 * https://bugzilla.suse.com/show_bug.cgi?id=1214340 * https://bugzilla.suse.com/show_bug.cgi?id=1214387 * https://bugzilla.suse.com/show_bug.cgi?id=1216085 * https://bugzilla.suse.com/show_bug.cgi?id=1217204 * https://bugzilla.suse.com/show_bug.cgi?id=1217874 * https://bugzilla.suse.com/show_bug.cgi?id=1218764 * https://bugzilla.suse.com/show_bug.cgi?id=1218805 *https://bugzilla.suse.com/show_bug.cgi?id=1218931 * https://bugzilla.suse.com/show_bug.cgi?id=1218957 * https://bugzilla.suse.com/show_bug.cgi?id=1219061 * https://bugzilla.suse.com/show_bug.cgi?id=1219233 * https://bugzilla.suse.com/show_bug.cgi?id=1219634 * https://bugzilla.suse.com/show_bug.cgi?id=1219875 * https://bugzilla.suse.com/show_bug.cgi?id=1220001 * https://bugzilla.suse.com/show_bug.cgi?id=1220101 * https://bugzilla.suse.com/show_bug.cgi?id=1220169 * https://bugzilla.suse.com/show_bug.cgi?id=1220194 * https://bugzilla.suse.com/show_bug.cgi?id=1220221 * https://bugzilla.suse.com/show_bug.cgi?id=1220376 * https://bugzilla.suse.com/show_bug.cgi?id=1220705 * https://bugzilla.suse.com/show_bug.cgi?id=1220726 * https://bugzilla.suse.com/show_bug.cgi?id=1220903 * https://bugzilla.suse.com/show_bug.cgi?id=1220980 * https://bugzilla.suse.com/show_bug.cgi?id=1221111 * https://bugzilla.suse.com/show_bug.cgi?id=1221182 * https://bugzilla.suse.com/show_bug.cgi?id=1221279 * https://bugzilla.suse.com/show_bug.cgi?id=1221465 * https://bugzilla.suse.com/show_bug.cgi?id=1221571 * https://bugzilla.suse.com/show_bug.cgi?id=1221784 * https://bugzilla.suse.com/show_bug.cgi?id=1221922 * https://bugzilla.suse.com/show_bug.cgi?id=1222110 * https://bugzilla.suse.com/show_bug.cgi?id=1222347 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FMSQA-760&page_caps=&user_role= . A significant enhancement for SUSE Manager 4.3 involves vital security updates and improvements for essential concerns.. SUSE Manager Update, Security Fixes, Maintenance Advisory. . Severity: Important. LinuxSecurity.com Team
May 06, 2024
•Important
SuSE
100
security advisorysoftware patchsecurity fixSUSE: 2023:1831-1 Important: Update for SUSE Manager Server 4.2
* bsc#1179926 * bsc#1197027 * bsc#1206562 * bsc#1206973 * bsc#1207063 . # Maintenance update for SUSE Manager 4.2: Server, Proxy and Retail Branch Server Announcement ID: SUSE-SU-2023:1831-1 Rating: important References: * bsc#1179926 * bsc#1197027 * bsc#1206562 * bsc#1206973 * bsc#1207063 * bsc#1207308 * bsc#1207352 * bsc#1207490 * bsc#1207799 * bsc#1207829 * bsc#1207830 * bsc#1207838 * bsc#1207883 * bsc#1208288 * bsc#1208321 * bsc#1208325 * bsc#1208586 * bsc#1208687 * bsc#1208719 * bsc#1208772 * bsc#1208908 * bsc#1209369 * bsc#1209386 * bsc#1209434 * bsc#1209703 * jsc#PED-2777 Cross-References: * CVE-2020-8908 * CVE-2022-0860 * CVE-2023-22644 CVSS scores: * CVE-2020-8908 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2020-8908 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2022-0860 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N * CVE-2022-0860 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2023-22644 ( NVD ): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAPApplications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.2 Module 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.2 Module 4.2 * SUSE Manager Server 4.3 An update that solves three vulnerabilities, contains one feature and has 22 security fixes can now be installed. ## Security update for SUSE Manager Server 4.2 ### Description: This update fixes the following issues: cobbler: * CVE-2022-0860: Unbreak PAM authentication due to missing encode of user input in the PAM auth module of Cobbler (bsc#1197027) * Fix S390X auto-installation for cases where kernel options are longer than 79 characters (bsc#1207308) * Switch packaging from patch based to Git tree based development * All patches that are being removed in this revision are contained in the new Git tree. guava: * Upgrade to guava 30.1.1 * CVE-2020-8908: temp directory creation vulnerability in Guava versions prior to 30.0. (bsc#1179926) * Remove parent reference from ALL distributed pom files * Avoid version-less dependencies that can cause problems with some tools * Build the package with ant in order to prevent build cycles using a generated and customized ant build system * Produce with Java > = 9 binaries that are compatible with Java 8 jsr-305: * Deliver jsr-305 to SUSE Manager as Guava dependency mgr-libmod: * Version 4.2.8-1 * Ignore extra metadata fields for Liberty Linux (bsc#1208908) spacecmd: * Version 4.2.22-1 * Display activation key details after executing the corresponding command (bsc#1208719) * Show targetted packages before actually removing them (bsc#1207830) * Fix spacecmd not showing any output for softwarechannel_diff and softwarechannel_errata_diff (bsc#1207352) spacewalk-backend: * Version 4.2.27-1 * Fix the mgr-inter-sync not creating valid repository metadata when dealing with empty channels(bsc#1207829) * Fix repo sync for cloud "Pay As You Go" connected repositories (bsc#1208772) * Fix issues with kickstart syncing on mirrorlist repositories * Do not sync.mirrorlist and other non needed files * reposync: catch local file not found urlgrabber error properly (bsc#1208288) spacewalk-client-tools: * Version 4.2.23-1 * Update translation strings spacewalk-java: * Version 4.2.49-1 * Refactor Java notification synchronize to avoid deadlocks (bsc#1209369) * Version 4.2.48-1 * Prevent logging formula data (bsc#1209386) * Use gnu-jaf instead of jaf * Use reload4j instead of log4j or log4j12 * Use slf4j-reload4j * Save scheduler user when creating Patch actions manually (bsc#1208321) * Add `mgr_server_is_uyuni` minion pillar item * Do not execute immediately Package Refresh action for the SSH minion (bsc#1208325) * Mark as failed actions that cannot be scheduled because earliest date is too old * Update earliest date when rescheduling failed actions (bsc#1206562) * Fix reconnection of postgres event stream * fix NumberFormatException when syncing Ubuntu errata (bsc#1207883) * Fix duplicate keys in image tables (bsc#1207799) * Fix CLM environments UI for environment labels containing dots (bsc#1207838) spacewalk-search: * Version 4.2.10-1 * Use reload4j instead of log4j or log4j12 spacewalk-web: * Version 4.2.34-1 * Fix datetime picker appearing behind modal edge (bsc#1209703) * Version 4.2.33-1 * Deprecate jQuery datepicker, integrate React datepicker * Fix CLM environments UI for environment labels containing dots (bsc#1207838) subscription-matcher: * Relax antlr version requirement supportutils-plugin-susemanager: * Version 4.2.6-1 * Fix DB connection check tool (bsc#1208586) susemanager-build-keys: * Version 15.3.7 (jsc#PED-2777): * Add new 4096 bit RSA build key gpg-pubkey-3fa1d6ce-63c9481c.asc * add new 4096 bit RSA reserve build key gpg-pubkey-d588dc46-63c939db.asc * Add 2022 2048 bit RSA PTF key suse_ptf_key-6F5DA62B.asc * Add new 4096 bit RSAPTF key suse_ptf_key_2023.asc susemanager-doc-indexes: * Removed z196 and z114 from listing in System Z chapter of the Installation and Upgrade Guide (bsc#1206973) * Branding updated for 2023 * New search engine optimization improvements for documentation * Translations are now included in the webui help documentation * Local search is now provided with the webui help documentation susemanager-docs_en: * Removed z196 and z114 from listing in System Z chapter of the Installation and Upgrade Guide (bsc#1206973) * Branding updated for 2023 * New search engine optimization improvements for documentation * Translations are now included in the WebUI help documentation * Local search is now provided with the WebUI help documentation susemanager-sls: * Version 4.2.32-1 * Improve error handling in mgr_events.py (bsc#1208687) susemanager-tftpsync: * Version 4.2.4-1 * Fix removal of proxies section in cobbler settings (bsc#1207063) uyuni-common-libs: * Version 4.2.10-1 * Allow default component for context manager. virtual-host-gatherer: * Version 1.0.25-1 * Report total CPU numbers in the libvirt module How to apply this update: 1. Log in as root user to the SUSE Manager Server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` ## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.2 ### Description: This update fixes the following issues: mgr-daemon: * Version 4.2.11-1 * Update translation strings spacecmd: * Version 4.2.22-1 * Display activation key details after executing the corresponding command (bsc#1208719) * Show targetted packages before actually removing them (bsc#1207830) * Fix spacecmd not showing any output for softwarechannel_diff and softwarechannel_errata_diff (bsc#1207352) spacewalk-backend: * Version 4.2.27-1 * Fix the mgr-inter-sync not creating valid repository metadata when dealing with emptychannels (bsc#1207829) * fix repo sync for cloud payg connected repositories (bsc#1208772) * Fix issues with kickstart syncing on mirrorlist repositories * Do not sync.mirrorlist and other non needed files * reposync: catch local file not found urlgrabber error properly (bsc#1208288) spacewalk-client-tools: * Version 4.2.23-1 * Update translation strings spacewalk-proxy: * Version 4.2.14-1 * Avoid unnecessary debug messages from proxy backend (bsc#1207490) spacewalk-web: * Version 4.2.34-1 * Fix datetime picker appearing behind modal edge (bsc#1209703) * Version 4.2.33-1 * Deprecate jQuery datepicker, integrate React datepicker * Fix CLM environments UI for environment labels containing dots (bsc#1207838) susemanager-build-keys: * Version 15.3.7 (jsc#PED-2777): * Add new 4096 bit RSA build key gpg-pubkey-3fa1d6ce-63c9481c.asc * Add new 4096 bit RSA reserve build key gpg-pubkey-d588dc46-63c939db.asc * Add 2022 2048 bit RSA PTF key suse_ptf_key-6F5DA62B.asc * Add new 4096 bit RSA PTF key suse_ptf_key_2023.asc uyuni-common-libs: * Version 4.2.10-1 * Allow default component for context manager. How to apply this update: 1. Log in as root user to the SUSE Manager Proxy or Retail Branch Server. 2. Stop the proxy service: `spacewalk-proxy stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-proxy start` ## Recommended update for jsr-305 ### Description: This update for jsr-305 provides the following fix: - Ship the correct versions of jsr-305 on SUSE Manager repositories (no source changes). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Proxy 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-1831=1 * SUSE Manager Server 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-1831=1 *openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1831=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-1831=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1831=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1831=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1831=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1831=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1831=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1831=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1831=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1831=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1831=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1831=1 ## Package List: * SUSE Manager Proxy 4.2 Module 4.2 (noarch) * spacewalk-proxy-salt-4.2.14-150300.3.27.6 * python3-spacewalk-client-tools-4.2.23-150300.4.33.7 * spacewalk-client-setup-4.2.23-150300.4.33.7 * spacewalk-base-minimal-4.2.34-150300.3.41.5 * python3-spacewalk-client-setup-4.2.23-150300.4.33.7 * susemanager-build-keys-15.3.6-150300.3.9.5 * spacewalk-client-tools-4.2.23-150300.4.33.7 * spacewalk-proxy-management-4.2.14-150300.3.27.6 * spacecmd-4.2.22-150300.4.36.7 * mgr-daemon-4.2.11-150300.2.12.5 * spacewalk-proxy-redirect-4.2.14-150300.3.27.6 * spacewalk-check-4.2.23-150300.4.33.7 * spacewalk-base-minimal-config-4.2.34-150300.3.41.5 *spacewalk-proxy-package-manager-4.2.14-150300.3.27.6 * susemanager-build-keys-web-15.3.6-150300.3.9.5 * spacewalk-proxy-common-4.2.14-150300.3.27.6 * python3-spacewalk-check-4.2.23-150300.4.33.7 * spacewalk-proxy-broker-4.2.14-150300.3.27.6 * spacewalk-backend-4.2.27-150300.4.38.7 * SUSE Manager Proxy 4.2 Module 4.2 (x86_64) * python3-uyuni-common-libs-4.2.10-150300.3.17.6 * SUSE Manager Server 4.2 Module 4.2 (noarch) * guava-30.1.1-150300.4.3.4 * virtual-host-gatherer-libcloud-1.0.25-150300.3.12.5 * virtual-host-gatherer-VMware-1.0.25-150300.3.12.5 * spacewalk-backend-package-push-server-4.2.27-150300.4.38.7 * spacewalk-backend-xmlrpc-4.2.27-150300.4.38.7 * spacewalk-java-lib-4.2.49-150300.3.63.3 * spacewalk-backend-app-4.2.27-150300.4.38.7 * spacewalk-java-4.2.49-150300.3.63.3 * spacewalk-base-minimal-config-4.2.34-150300.3.41.5 * susemanager-sls-4.2.32-150300.3.46.5 * susemanager-docs_en-pdf-4.2-150300.12.42.5 * susemanager-doc-indexes-4.2-150300.12.42.6 * subscription-matcher-0.29-150300.6.15.5 * virtual-host-gatherer-Nutanix-1.0.25-150300.3.12.5 * spacewalk-backend-4.2.27-150300.4.38.7 * spacewalk-search-4.2.10-150300.3.18.6 * spacewalk-base-minimal-4.2.34-150300.3.41.5 * spacewalk-backend-sql-postgresql-4.2.27-150300.4.38.7 * mgr-libmod-4.2.8-150300.3.9.6 * spacewalk-backend-iss-export-4.2.27-150300.4.38.7 * susemanager-docs_en-4.2-150300.12.42.5 * supportutils-plugin-susemanager-4.2.6-150300.3.12.5 * spacewalk-backend-applet-4.2.27-150300.4.38.7 * spacewalk-backend-config-files-common-4.2.27-150300.4.38.7 * spacewalk-html-4.2.34-150300.3.41.5 * spacewalk-backend-server-4.2.27-150300.4.38.7 * spacewalk-backend-config-files-tool-4.2.27-150300.4.38.7 * spacewalk-backend-config-files-4.2.27-150300.4.38.7 * cobbler-3.1.2-150300.5.22.5 * spacewalk-base-4.2.34-150300.3.41.5 * spacewalk-backend-xml-export-libs-4.2.27-150300.4.38.7 * virtual-host-gatherer-1.0.25-150300.3.12.5 * spacewalk-backend-iss-4.2.27-150300.4.38.7 * spacecmd-4.2.22-150300.4.36.7 *spacewalk-backend-tools-4.2.27-150300.4.38.7 * virtual-host-gatherer-Kubernetes-1.0.25-150300.3.12.5 * susemanager-build-keys-15.3.6-150300.3.9.5 * spacewalk-java-postgresql-4.2.49-150300.3.63.3 * jsr-305-3.0.2-150200.3.7.5 * python3-spacewalk-client-tools-4.2.23-150300.4.33.7 * uyuni-config-modules-4.2.32-150300.3.46.5 * spacewalk-client-tools-4.2.23-150300.4.33.7 * spacewalk-backend-sql-4.2.27-150300.4.38.7 * susemanager-build-keys-web-15.3.6-150300.3.9.5 * spacewalk-java-config-4.2.49-150300.3.63.3 * spacewalk-taskomatic-4.2.49-150300.3.63.3 * SUSE Manager Server 4.2 Module 4.2 (ppc64le s390x x86_64) * susemanager-tftpsync-4.2.4-150300.3.6.6 * python3-uyuni-common-libs-4.2.10-150300.3.17.6 * openSUSE Leap 15.4 (noarch) * jsr-305-3.0.2-150200.3.7.5 * jsr-305-javadoc-3.0.2-150200.3.7.5 * Development Tools Module 15-SP4 (noarch) * jsr-305-3.0.2-150200.3.7.5 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * jsr-305-3.0.2-150200.3.7.5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * jsr-305-3.0.2-150200.3.7.5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * jsr-305-3.0.2-150200.3.7.5 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * jsr-305-3.0.2-150200.3.7.5 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * jsr-305-3.0.2-150200.3.7.5 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * jsr-305-3.0.2-150200.3.7.5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * jsr-305-3.0.2-150200.3.7.5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * jsr-305-3.0.2-150200.3.7.5 * SUSE Enterprise Storage 7.1 (noarch) * jsr-305-3.0.2-150200.3.7.5 * SUSE Enterprise Storage 7 (noarch) * jsr-305-3.0.2-150200.3.7.5 ## References: * https://www.suse.com/security/cve/CVE-2020-8908.html * https://www.suse.com/security/cve/CVE-2022-0860.html * https://www.suse.com/security/cve/CVE-2023-22644.html * https://bugzilla.suse.com/show_bug.cgi?id=1179926 *https://bugzilla.suse.com/show_bug.cgi?id=1197027 * https://bugzilla.suse.com/show_bug.cgi?id=1206562 * https://bugzilla.suse.com/show_bug.cgi?id=1206973 * https://bugzilla.suse.com/show_bug.cgi?id=1207063 * https://bugzilla.suse.com/show_bug.cgi?id=1207308 * https://bugzilla.suse.com/show_bug.cgi?id=1207352 * https://bugzilla.suse.com/show_bug.cgi?id=1207490 * https://bugzilla.suse.com/show_bug.cgi?id=1207799 * https://bugzilla.suse.com/show_bug.cgi?id=1207829 * https://bugzilla.suse.com/show_bug.cgi?id=1207830 * https://bugzilla.suse.com/show_bug.cgi?id=1207838 * https://bugzilla.suse.com/show_bug.cgi?id=1207883 * https://bugzilla.suse.com/show_bug.cgi?id=1208288 * https://bugzilla.suse.com/show_bug.cgi?id=1208321 * https://bugzilla.suse.com/show_bug.cgi?id=1208325 * https://bugzilla.suse.com/show_bug.cgi?id=1208586 * https://bugzilla.suse.com/show_bug.cgi?id=1208687 * https://bugzilla.suse.com/show_bug.cgi?id=1208719 * https://bugzilla.suse.com/show_bug.cgi?id=1208772 * https://bugzilla.suse.com/show_bug.cgi?id=1208908 * https://bugzilla.suse.com/show_bug.cgi?id=1209369 * https://bugzilla.suse.com/show_bug.cgi?id=1209386 * https://bugzilla.suse.com/show_bug.cgi?id=1209434 * https://bugzilla.suse.com/show_bug.cgi?id=1209703 * . Uncover the essential upgrade for SUSE Manager 4.2 that addresses multiple software bugs and strengthens security enhancements.. SUSE Manager Update, Software Patch, Security Fixes, Maintenance Update. . Severity: Important. LinuxSecurity.com Team
Feb 27, 2024
•Important
SuSE
100
security advisoryserverimportantSUSE: 2024:0485-1 Important: Proxy and Server Maintenance Update
* bsc#1170848 * bsc#1210911 * bsc#1211254 * bsc#1211560 * bsc#1211912 . # Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server Announcement ID: SUSE-SU-2024:0485-1 Rating: important References: * bsc#1170848 * bsc#1210911 * bsc#1211254 * bsc#1211560 * bsc#1211912 * bsc#1213079 * bsc#1213507 * bsc#1213738 * bsc#1213981 * bsc#1214077 * bsc#1214791 * bsc#1215166 * bsc#1215514 * bsc#1215769 * bsc#1215810 * bsc#1215813 * bsc#1215982 * bsc#1216114 * bsc#1216394 * bsc#1216437 * bsc#1216550 * bsc#1216609 * bsc#1216657 * bsc#1216753 * bsc#1216781 * bsc#1216988 * bsc#1217069 * bsc#1217209 * bsc#1217588 * bsc#1217784 * bsc#1217869 * bsc#1218019 * bsc#1218074 * bsc#1218075 * bsc#1218089 * bsc#1218094 * bsc#1218146 * bsc#1218490 * bsc#1218615 * bsc#1218669 * bsc#1218837 * bsc#1218849 * bsc#1219151 * bsc#1219449 * bsc#1219577 * bsc#1219850 * jsc#MSQA-719 Cross-References: * CVE-2023-31582 * CVE-2023-32189 CVSS scores: * CVE-2023-31582 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-31582 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 Module 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that solves two vulnerabilities, contains one feature and has 44 security fixes can now be installed. ## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.3 ### Description: This update fixes the following issues: mgr-daemon: * Version 4.3.8-1 * Update translation strings patterns-suse-manager: * Add liberate-formula to the required packages for the server to get it installed by default spacecmd: * Version 4.3.26-1 * Update translation strings spacewalk-backend: * Version 4.3.27-1 * Fix issue in "spacewalk-repo-sync" when RPM packages contains files with size greater than 4GB (bsc#1219151) * Version 4.3.26-1 * Fix decompressing and renamingbzip2 comps files in reposync * Update query to the new credentials structure * Remove normalize_orphan_vendor_packages and move it to taskomatic (bsc#1216781) * Skip syncing packages with incorrect metadata (bsc#1213738) * Update translation strings spacewalk-certs-tools: * version 4.3.22-1 * Skip deploying the CA into the Salt directory on proxies (bsc#1219850) * Version 4.3.21-1 * Deploy the CA certificate also into the Salt filesystem (bsc#1219577) * Version 4.3.20-1 * Handle server keys in PKCS8 format in mgr-ssl-cert-setup (bsc#1218615) * Include reboot info beacon in the bootstrap script for transactional systems (bsc#1217588) spacewalk-client-tools: * Version 4.3.18-1 * Update translation strings spacewalk-web: * Version 4.3.37-1 * Fix the use of page size preference in systems and packages lists (bsc#1217209) * Fix issue displaying Ansible playbook name (bsc#1216657) * Add support for `PaygNotCompliantWarning` notification * Bump web.version to 4.3.11 susemanager-build-keys: * Version 15.4.10 * Add new Almalinux 8 GPG Key (bsc#1218849) * Refresh extended Uyuni GPG public key How to apply this update: 1. Log in as root user to the SUSE Manager Proxy or Retail Branch Server. 2. Stop the proxy service: `spacewalk-proxy stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-proxy start` ## Security update for SUSE Manager Server 4.3 ### Description: This update fixes the following issues: cobbler: * Build the appendline correctly for RHEL-family = 8 * Do not strip if SUSE Linux Enterprise 15 SP3 * Build at least with with Go > = 1.18 on RHEL * Build with Go > = 1.20 elsewhere saltboot-formula: * Update to version 0.1.1701196218.b6b8ca1 * Remove f-formating to be compatible with python < 3.6 * Update packaging not to package salt directories * Update to version 0.1.1692188980.9aa0455 spacecmd: * Version 4.3.26-1 * Update translation strings spacewalk-backend: * Version 4.3.27-1 * Fixissue in "spacewalk-repo-sync" when RPM packages contains files with size greater than 4GB (bsc#1219151) * Version 4.3.26-1 * Fix decompressing and renaming bzip2 comps files in reposync * Update query to the new credentials structure * Remove normalize_orphan_vendor_packages and move it to taskomatic (bsc#1216781) * Skip syncing packages with incorrect metadata (bsc#1213738) * Update translation strings spacewalk-certs-tools: * version 4.3.22-1 * Skip deploying the CA into the Salt directory on proxies (bsc#1219850) * Version 4.3.21-1 * Deploy the CA certificate also into the Salt filesystem (bsc#1219577) * Version 4.3.20-1 * Handle server keys in PKCS8 format in mgr-ssl-cert-setup (bsc#1218615) * Include reboot info beacon in the bootstrap script for transactional systems (bsc#1217588) spacewalk-client-tools: * Version 4.3.18-1 * Update translation strings spacewalk-java: * Version 4.3.71-1 * Generate server SSH key also when bootstrapping regular Minions (bsc#1219449) * Version 4.3.70-1 * Fix the use of page size preference in systems and packages lists (bsc#1217209) * Fix issue with disabling token check not working (bsc#1218669) * Enforce snakeyaml version requirement (bsc#1215166) * Improve the performance of paginated queries when syncing the reporting database (bsc#1211912, bsc#1213079) * Do not require entitlement for Pay-as-you-go SUSE Linux Enterprise Server for SAP (bsc#1217069) * Use the base product file to show the correct SUSE Manager product in the subscription matching results page * Do not require entitlements if SUSE Manager is Pay-as-you-go * Exclude SUSE Manager from subscription matching if it's Pay-as-you-go * Refactor Credentials to a proper class hierarchy * Fix unit test about duplicated packages * Prevent installation of packages with same name in a single action (bsc#1214791) * When canceling an action which has prerequisites, return hints to get the first action id which can be canceled (bsc#1216988) * Fix exception when removing aDebian package (bsc#1216781) * Fix XSS in taskomatic XML RPC handler (bsc#1210911) * Improve logging for Product Migration (bsc#1218490) * Add only 1 IP for Cloud RMT Host in /etc/hosts * Change org for orphan vendor packages that an admin can delete (bsc#1216781) * Expose the monitoring data for the Salt queue handling the Salt results * Provide total number of CPUs for SUSE Linux Enterprise Micro systems to subscription matcher when it is not used as hypervisor to match vCore subscriptions correctly (bsc#1218074) * Try to download compressed Ubuntu USN database * Add user information to system organization transfer message (bsc#1216753) * CVE-2023-32189: Fix issue with Salt SSH keys for Salt SSH Minions (bsc#1170848) * Add notification in daily email in addition to in SUSE Manager home page when SUSE Manager Pay-as-you-go is not compliant * Fix apidoc link from #top to $call.name (bsc#1213507) * Add config option to disable remote commands from web UI (bsc#1217869) * Address high rating Sonar issues * Refactor SUSE Customer Center registration flow * Avoid blocking Taskomatic thread when waiting for queued action (bsc#1211560) * Fix modify kickstart profile when using "Always newest tree" option (bsc#1215813) * Configure reboot method for SUSE Linux Enterprise Micro when applying bootstrap state (bsc#1213981) * Handle not existing known_host file in permission check * Fix handling of proxy ssh public keys * Include reboot required indication for non-Suse distros spacewalk-setup: * Version 4.3.19-1 * Update query to the new credentials structure * Fix setting SUSE Customer Center password during setup spacewalk-utils: * Version 4.3.19-1 * Add SUSE Linux Enterprise Micro 5.4 and 5.5 to spacewalk-commons-channels spacewalk-web: * Version 4.3.37-1 * Fix the use of page size preference in systems and packages lists (bsc#1217209) * Fix issue displaying Ansible playbook name (bsc#1216657) * Add support for `PaygNotCompliantWarning` notification * Bump web.version to4.3.11 subscription-matcher: * Version 0.35 * Added missing part number * Version 0.34 * Enabled support for Long Term Service Pack Support subscriptions (bsc#1218075) * Added SUSE Linux Enterprise Micro vCore handling (bsc#1218074) * Added new SKUs and new bundles supportutils-plugin-susemanager: * Version 4.3.10-1 * Update query to the new credentials structure susemanager: * Version 4.3.34-1 * Rename Open Enterprise Server label to OES23.4 (bsc#1215514) * Verify in Yast FQDN with name returned via DNS reverse lookup * CVE-2023-32189: Fix issue with Salt SSH keys for Salt SSH Minions (bsc#1170848) susemanager-build-keys: * Version 15.4.10 * Add new Almalinux 8 GPG Key (bsc#1218849) * Refresh extended Uyuni GPG public key susemanager-docs_en: * Removed obsolete traditional to Salt migration documentation from the System Types section of the Client Configuration Guide and updated the Migrate traditional clients to Salt clients section * Fixed navigation bar of Client Configuration Guide (bsc#1218089) * Added openSUSE Leap to Supported Features navigation list in Client Configuration Guide (bsc#1218094) * Described new monitoring metrics for Salt queue in Administration Guide * Fixed xrefs for internal book references * Removed mentioning that CVE number for CVE auditing is optional (bsc#1218019) * Corrected channel names for CentOS 7 Updates and Extras in CentOS Client Configuration Guide * Documented bootstrap settings for SUSE Linux Enterprise Micro in Client Configuration Guide (bsc#1216394) * Corrected command mgr-push to mgrpush in Administration Guide (bsc#1215810) * Updated Red Hat OVAL data URL and file in CentOS Clients Registration in Client Configution Guide * Added Pay-as-you-go for Azure documentation to the Specialized Guides book * Added Pay-as-you-go limitations chapter to Pay-as-you-go Guide * Removed Ubuntu 18.04 from the list of supported clients * Fixed file location in Custom Salt Formulas section of Salt Guide * Documented usingVirtualization Host formula in Client Configuration susemanager-schema: * Version 4.3.24-1 * Refactor susecredentials to support the new hierarchy * Improve performance of System (bsc#1211254) * Change schedule of system-profile-refresh to run on the 2nd Saturday of a month to not collide with normal working times (bsc#1215769) susemanager-sls: * version 4.3.40-1 * Remove automatic reboot from transactional systems bootstrap (bsc#1218146) * Version 4.3.39-1 * Change certs/RHN-ORG-TRUSTED-SSL-CERT from symlink into a real file (bsc#1219577) * Version 4.3.38-1 * Improve Pay-as-you-go instance detection (bsc#1217784) * CVE-2023-32189: Fix issue with Salt SSH keys for Salt SSH Minions (bsc#1170848) * Configure reboot method for SUSE Linux Enterprise Micro when applying bootstrap state (bsc#1213981) * Include reboot required indication for non SUSE distros susemanager-sync-data: * Version 4.3.16-1 * Fix OES 23.4 internal name (bsc#1218837) * Version 4.3.15-1 * Update release status and repository description of Open Enterprise Server 23.4 (bsc#1215514) * Add new SUSE Liberty Linux 7 Long Term Service Pack Support channel families * Rename Red Hat Enterprise Linux and Liberty 8 Base product to remove EOL CentOS 8 from the name uyuni-reportdb-schema: * Version 4.3.9-1 * Provide reportdb upgrade schema path structure How to apply this update: 1. Log in as root user to the SUSE Manager Server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Proxy 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2024-485=1 * SUSE Manager Server 4.3 Module 4.3 zypper in -t patchSUSE-SLE-Module-SUSE-Manager-Server-4.3-2024-485=1 ## Package List: * SUSE Manager Proxy 4.3 Module 4.3 (noarch) * spacewalk-base-minimal-4.3.37-150400.3.39.7 * mgr-daemon-4.3.8-150400.3.12.5 * susemanager-build-keys-15.4.10-150400.3.23.5 * spacewalk-client-tools-4.3.18-150400.3.24.7 * susemanager-build-keys-web-15.4.10-150400.3.23.5 * spacewalk-check-4.3.18-150400.3.24.7 * python3-spacewalk-check-4.3.18-150400.3.24.7 * python3-spacewalk-client-setup-4.3.18-150400.3.24.7 * spacecmd-4.3.26-150400.3.33.5 * spacewalk-client-setup-4.3.18-150400.3.24.7 * spacewalk-base-minimal-config-4.3.37-150400.3.39.7 * spacewalk-backend-4.3.27-150400.3.38.2 * python3-spacewalk-certs-tools-4.3.22-150400.3.25.1 * spacewalk-certs-tools-4.3.22-150400.3.25.1 * python3-spacewalk-client-tools-4.3.18-150400.3.24.7 * SUSE Manager Proxy 4.3 Module 4.3 (x86_64) * patterns-suma_proxy-4.3-150400.5.9.5 * SUSE Manager Server 4.3 Module 4.3 (noarch) * spacewalk-java-config-4.3.71-150400.3.74.2 * spacewalk-base-minimal-4.3.37-150400.3.39.7 * spacewalk-backend-iss-4.3.27-150400.3.38.2 * spacewalk-backend-tools-4.3.27-150400.3.38.2 * susemanager-build-keys-15.4.10-150400.3.23.5 * susemanager-sls-4.3.40-150400.3.44.1 * susemanager-build-keys-web-15.4.10-150400.3.23.5 * uyuni-config-modules-4.3.40-150400.3.44.1 * spacewalk-backend-applet-4.3.27-150400.3.38.2 * spacewalk-base-minimal-config-4.3.37-150400.3.39.7 * spacewalk-backend-4.3.27-150400.3.38.2 * spacewalk-backend-app-4.3.27-150400.3.38.2 * spacewalk-utils-4.3.19-150400.3.21.5 * susemanager-sync-data-4.3.16-150400.3.22.2 * spacewalk-backend-config-files-4.3.27-150400.3.38.2 * spacewalk-java-lib-4.3.71-150400.3.74.2 * cobbler-3.3.3-150400.5.39.5 * spacewalk-setup-4.3.19-150400.3.30.5 * spacewalk-utils-extras-4.3.19-150400.3.21.5 * spacewalk-backend-config-files-common-4.3.27-150400.3.38.2 * uyuni-reportdb-schema-4.3.9-150400.3.12.7 * spacecmd-4.3.26-150400.3.33.5 * susemanager-docs_en-4.3-150400.9.53.5 * susemanager-schema-4.3.24-150400.3.36.7 *spacewalk-java-4.3.71-150400.3.74.2 * spacewalk-html-4.3.37-150400.3.39.7 * spacewalk-base-4.3.37-150400.3.39.7 * spacewalk-certs-tools-4.3.22-150400.3.25.1 * grafana-formula-0.10.0-150400.3.15.5 * spacewalk-java-postgresql-4.3.71-150400.3.74.2 * supportutils-plugin-susemanager-4.3.10-150400.3.18.5 * spacewalk-backend-config-files-tool-4.3.27-150400.3.38.2 * spacewalk-backend-sql-postgresql-4.3.27-150400.3.38.2 * spacewalk-backend-xml-export-libs-4.3.27-150400.3.38.2 * subscription-matcher-0.35-150400.3.19.5 * spacewalk-backend-iss-export-4.3.27-150400.3.38.2 * jose4j-0.5.1-150400.3.6.2 * python3-spacewalk-certs-tools-4.3.22-150400.3.25.1 * liberate-formula-0.1.0-150400.10.3.3 * python3-spacewalk-client-tools-4.3.18-150400.3.24.7 * spacewalk-backend-xmlrpc-4.3.27-150400.3.38.2 * spacewalk-client-tools-4.3.18-150400.3.24.7 * susemanager-schema-utility-4.3.24-150400.3.36.7 * susemanager-docs_en-pdf-4.3-150400.9.53.5 * spacewalk-backend-sql-4.3.27-150400.3.38.2 * prometheus-formula-0.8.0-150400.3.6.5 * spacewalk-backend-server-4.3.27-150400.3.38.2 * saltboot-formula-0.1.1701196218.b6b8ca1-150400.3.15.3 * spacewalk-backend-package-push-server-4.3.27-150400.3.38.2 * spacewalk-taskomatic-4.3.71-150400.3.74.2 * SUSE Manager Server 4.3 Module 4.3 (ppc64le s390x x86_64) * patterns-suma_retail-4.3-150400.5.9.5 * inter-server-sync-0.3.2-150400.3.27.5 * prometheus-postgres_exporter-0.10.1-150400.3.9.5 * susemanager-4.3.34-150400.3.45.5 * patterns-suma_server-4.3-150400.5.9.5 * inter-server-sync-debuginfo-0.3.2-150400.3.27.5 * susemanager-tools-4.3.34-150400.3.45.5 ## References: * https://www.suse.com/security/cve/CVE-2023-31582.html * https://www.suse.com/security/cve/CVE-2023-32189.html * https://bugzilla.suse.com/show_bug.cgi?id=1170848 * https://bugzilla.suse.com/show_bug.cgi?id=1210911 * https://bugzilla.suse.com/show_bug.cgi?id=1211254 * https://bugzilla.suse.com/show_bug.cgi?id=1211560 * https://bugzilla.suse.com/show_bug.cgi?id=1211912 *https://bugzilla.suse.com/show_bug.cgi?id=1213079 * https://bugzilla.suse.com/show_bug.cgi?id=1213507 * https://bugzilla.suse.com/show_bug.cgi?id=1213738 * https://bugzilla.suse.com/show_bug.cgi?id=1213981 * https://bugzilla.suse.com/show_bug.cgi?id=1214077 * https://bugzilla.suse.com/show_bug.cgi?id=1214791 * https://bugzilla.suse.com/show_bug.cgi?id=1215166 * https://bugzilla.suse.com/show_bug.cgi?id=1215514 * https://bugzilla.suse.com/show_bug.cgi?id=1215769 * https://bugzilla.suse.com/show_bug.cgi?id=1215810 * https://bugzilla.suse.com/show_bug.cgi?id=1215813 * https://bugzilla.suse.com/show_bug.cgi?id=1215982 * https://bugzilla.suse.com/show_bug.cgi?id=1216114 * https://bugzilla.suse.com/show_bug.cgi?id=1216394 * https://bugzilla.suse.com/show_bug.cgi?id=1216437 * https://bugzilla.suse.com/show_bug.cgi?id=1216550 * https://bugzilla.suse.com/show_bug.cgi?id=1216609 * https://bugzilla.suse.com/show_bug.cgi?id=1216657 * https://bugzilla.suse.com/show_bug.cgi?id=1216753 * https://bugzilla.suse.com/show_bug.cgi?id=1216781 * https://bugzilla.suse.com/show_bug.cgi?id=1216988 * https://bugzilla.suse.com/show_bug.cgi?id=1217069 * https://bugzilla.suse.com/show_bug.cgi?id=1217209 * https://bugzilla.suse.com/show_bug.cgi?id=1217588 * https://bugzilla.suse.com/show_bug.cgi?id=1217784 * https://bugzilla.suse.com/show_bug.cgi?id=1217869 * https://bugzilla.suse.com/show_bug.cgi?id=1218019 * https://bugzilla.suse.com/show_bug.cgi?id=1218074 * https://bugzilla.suse.com/show_bug.cgi?id=1218075 * https://bugzilla.suse.com/show_bug.cgi?id=1218089 * https://bugzilla.suse.com/show_bug.cgi?id=1218094 * https://bugzilla.suse.com/show_bug.cgi?id=1218146 * https://bugzilla.suse.com/show_bug.cgi?id=1218490 * https://bugzilla.suse.com/show_bug.cgi?id=1218615 * https://bugzilla.suse.com/show_bug.cgi?id=1218669 * https://bugzilla.suse.com/show_bug.cgi?id=1218837 * https://bugzilla.suse.com/show_bug.cgi?id=1218849 * https://bugzilla.suse.com/show_bug.cgi?id=1219151 *https://bugzilla.suse.com/show_bug.cgi?id=1219449 * https://bugzilla.suse.com/show_bug.cgi?id=1219577 * https://bugzilla.suse.com/show_bug.cgi?id=1219850 * . The latest release addresses key vulnerabilities in SUSE Manager 4.3, introducing enhanced functionalities and corrections aimed at bolstering security.. SUSE Manager Update, Server Security Fixes, Proxy Configuration Issues, Maintenance Release. . Severity: Important. LinuxSecurity.com Team
Feb 15, 2024
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!