Security update for SUSE Manager Server 3.1

SUSE Security Update: Security update for SUSE Manager Server 3.1
Announcement ID: SUSE-SU-2017:2257-1
Rating: moderate
References: #1009118 #1017513 #1019759 #1028098 #1030898 #1031143 #1031602 #1032324 #1032350 #1033999 #1035728 #1037609 #1038321 #1039458 #1039579 #1039913 #1042199 #1042552 #1042846 #1042975 #1043143 #1043430 #1043795 #1043831 #1044719 #1045152 #1045266 #1045981 #1046176 #1046218 #1046314 #1046865 #1047282 #1047352 #1047513 #1047641 #1047656 #1047680 #1047707 #1048183 #1048968 #1049162 #1049425 #1049471 #1049575 #1049664 #1049665 #1050385 #1051518 #1051719
Affected Products:
  • SUSE Manager Server 3.1

  • An update that solves two vulnerabilities and has 48 fixes is now available.

    Description:

    This update for the SUSE Manager Server 3.1 provides several fixes and
    improvements.

    The following security issues have been fixed:

    jabberd:

    - Fix offered SASL mechanism check. (bsc#1047282, CVE-2017-10807)

    spacewalk-java:

    - Do not allow XSS as Organization name. (bsc#1048968, CVE-2017-7538)

    Additionally, the following non-security issues have been fixed:

    cobbler:

    - Fix missing arguments and location for Xen. (bsc#1048183)

    jabberd:

    - Fix memory leak in pgsql storage driver.
    - Fix two double-frees caused by dangling pointers.
    - wss:// (WebSocket over SSL) support in c2s.
    - Allow BareJID S10N packets.
    - SQLite postconnect SQL support.
    - Support WebSocket fragmented packets.
    - Module to verify users using e-mail.
    - Use OpenSSL functions for base64 en/decoding when available.
    - Option to dump packet-filter matched packets to file.
    - bcrypt support for PostgreSQL and MySQL storage.
    - Option to set authreg module per realm.
    - WebSocket C2S SX plugin.
    - Support for RSA/DH/ECDH key agreement.
    - For a detailed description of all fixes, please refer to the changelog.

    osad:

    - Reduce maximal size of osad log before rotating.
    - Perform osad restart in posttrans. (bsc#1039913)

    salt-netapi-client:

    - Fix date format for Schedule.
    - Fix sending kwarg in payload in RunnerCall.
    - Better error handling in Runner and Wheel calls.
    - Increase the default SOCKET_TIMEOUT to 20 seconds.

    smdba:

    - Add support for postgresql96. (bsc#1045152)

    spacecmd:

    - Configchannel export binary flag to json. (bsc#1044719)

    spacewalk-backend:

    - Make master_label static to keep its value when retrying. (bsc#1038321)
    - Adapt for the new gpgcheck flag for the channels.

    spacewalk-branding:

    - Fix overlapping of elements. (bsc#1031143)
    - Fix overlapping text narrow window. (bsc#1009118)
    - Fix formulas action buttons position. (bsc#1047513)
    - Fix broken link. (bsc#1033999)
    - Alphabar: Change title to 'Select first character'. (bsc#1042199)

    spacewalk-certs-tools:

    - Improve text for bootstrap. (bsc#1032324)

    spacewalk-java:

    - Don't add default channel if AK is not valid. (bsc#1047656)
    - Add 'Enable GPG check' function for channels.
    - No legend icon for Activity Ocurring. (bsc#1051719)
    - Implement API call for bootstrapping systems.
    - Fix product ids reported for SUSE Manager Server to the subscription
    matcher.
    - Fix adding products when assigning channels. (bsc#1049664)
    - Set default memory size for SLES 12 installations to 1024MB.
    (bsc#1047707)
    - Enable remote-command for Salt clients in SSM. (bsc#1050385)
    - Add missing help icons/links. (bsc#1049425)
    - Fix invalid help links. (bsc#1049425)
    - Fix wrong openscap xid. (bsc#1030898)
    - Fix overlapping text narrow window. (bsc#1009118)
    - Fixes alignment on the orgdetails. (bsc#1017513)
    - Fix text for activation key buttons. (bsc#1042975)
    - Correctly set, check and cut textarea maxlength. (bsc#1043430)
    - MinionActionExecutor: Raise skip timeout. (bsc#1046865)
    - Update channels.xml with OpenStack Cloud Continuous Delivery 6.
    (bsc#1039458)
    - Do not create VirtualInstance duplicates for the same 'uuid'.
    - Add taskomatic task to cleanup duplicated uuids for same system id.
    - Handle possible wrong UUIDs on SLE11 minions. (bsc#1046218)
    - Removed duplicate overview menu item. (bsc#1045981)
    - Enable act-key name empty on creation. (bsc#1032350)
    - Fix NPE when there's not udev results. (bsc#1042552)
    - Alphabar: Change title to 'Select first character'. (bsc#1042199)
    - Duplicate Systems: Correct language not to mention 'profiles'.
    (bsc#1035728)
    - Fix list filters to work with URL special characters. (bsc#1042846)
    - Use getActive() instead of isActive() for JavaBeans compliance.
    (bsc#1043143)
    - Fix hide non-org event details. (bsc#1039579)

    spacewalk-search:

    - Remove executable bit from service files. (bsc#1051518)

    spacewalk-utils:

    - Don't show password on input in spacewalk-manage-channel-lifecycle.
    (bsc#1043795)

    spacewalk-web:

    - Fix overlapping of elements. (bsc#1031143)
    - Fix formulas action buttons position. (bsc#1047513)
    - Do not show old messages. (bsc#1043831)
    - Add a dynamic counter of the remaining textarea length.
    - Confirm if navigating away while bootstrapping.

    susemanager:

    - Assert correct java version. (bsc#1049575)
    - Create bootstrap repository for SLES for SAP 11 SP1. (bsc#1049471)
    - Adjust the bootstrap repository with SLE 12 SP3 repositories.

    susemanager-docs_en:

    - Improve Icinga services example. (bsc#1019759)
    - Make Section reference Configuration Management more clear. (bsc#1047352)
    - Add missing "host_name" in service definition example for Icinga.
    (bsc#1049162)
    - Fix documentation on moving database. (bsc#1031602)
    - Add missing Autoinstallation page in Advanced Topics guide. (bsc#1047680)
    - Make API documentation available online. (bsc#1047641)
    - Fix Reference Guide Documentation issues. (bsc#1045266)
    - Update online documentation components. (bsc#1046314)
    - Update online documentation. (bsc#1046176)

    susemanager-schema:

    - Adapt for the new gpgcheck flag for the channels.

    susemanager-sync-data:

    - Add support for SLE 12 SP3 product family, SUSE Enterprise Storage 5,
    OpenStack Cloud 6 Continuous Delivery and Public Cloud for ppc64le.
    (bsc#1028098, bsc#1039458, bsc#1037609, bsc#1049665)

    How to apply this update: 1. Log in as root user to the SUSE Manager
    server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the
    patch using either zypper patch or YaST Online Update. 4. Upgrade the
    database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service:
    spacewalk-service start

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Manager Server 3.1:
      zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2017-1387=1

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Manager Server 3.1 (ppc64le s390x x86_64):
      • jabberd-2.6.1-3.3.1
      • jabberd-db-2.6.1-3.3.1
      • jabberd-db-debuginfo-2.6.1-3.3.1
      • jabberd-debuginfo-2.6.1-3.3.1
      • jabberd-debugsource-2.6.1-3.3.1
      • jabberd-sqlite-2.6.1-3.3.1
      • jabberd-sqlite-debuginfo-2.6.1-3.3.1
      • smdba-1.5.8-0.2.3.1
      • spacewalk-branding-2.7.2.7-2.3.1
      • susemanager-3.1.8-2.3.1
      • susemanager-tools-3.1.8-2.3.1
    • SUSE Manager Server 3.1 (noarch):
      • cobbler-2.6.6-5.3.1
      • osa-common-5.11.80.3-2.3.1
      • osa-dispatcher-5.11.80.3-2.3.1
      • rhnpush-5.5.104.3-2.3.2
      • salt-netapi-client-0.12.0-3.3.1
      • spacecmd-2.7.8.6-2.3.1
      • spacewalk-backend-2.7.73.7-2.3.1
      • spacewalk-backend-app-2.7.73.7-2.3.1
      • spacewalk-backend-applet-2.7.73.7-2.3.1
      • spacewalk-backend-config-files-2.7.73.7-2.3.1
      • spacewalk-backend-config-files-common-2.7.73.7-2.3.1
      • spacewalk-backend-config-files-tool-2.7.73.7-2.3.1
      • spacewalk-backend-iss-2.7.73.7-2.3.1
      • spacewalk-backend-iss-export-2.7.73.7-2.3.1
      • spacewalk-backend-libs-2.7.73.7-2.3.1
      • spacewalk-backend-package-push-server-2.7.73.7-2.3.1
      • spacewalk-backend-server-2.7.73.7-2.3.1
      • spacewalk-backend-sql-2.7.73.7-2.3.1
      • spacewalk-backend-sql-oracle-2.7.73.7-2.3.1
      • spacewalk-backend-sql-postgresql-2.7.73.7-2.3.1
      • spacewalk-backend-tools-2.7.73.7-2.3.1
      • spacewalk-backend-xml-export-libs-2.7.73.7-2.3.1
      • spacewalk-backend-xmlrpc-2.7.73.7-2.3.1
      • spacewalk-base-2.7.1.10-2.3.1
      • spacewalk-base-minimal-2.7.1.10-2.3.1
      • spacewalk-base-minimal-config-2.7.1.10-2.3.1
      • spacewalk-certs-tools-2.7.0.7-2.3.1
      • spacewalk-html-2.7.1.10-2.3.1
      • spacewalk-java-2.7.46.5-2.3.1
      • spacewalk-java-config-2.7.46.5-2.3.1
      • spacewalk-java-lib-2.7.46.5-2.3.1
      • spacewalk-java-oracle-2.7.46.5-2.3.1
      • spacewalk-java-postgresql-2.7.46.5-2.3.1
      • spacewalk-search-2.7.3.2-2.3.4
      • spacewalk-taskomatic-2.7.46.5-2.3.1
      • spacewalk-utils-2.7.10.5-2.3.1
      • susemanager-advanced-topics_en-pdf-3-10.3.1
      • susemanager-best-practices_en-pdf-3-10.3.1
      • susemanager-docs_en-3-10.3.1
      • susemanager-getting-started_en-pdf-3-10.3.1
      • susemanager-jsp_en-3-10.3.1
      • susemanager-reference_en-pdf-3-10.3.1
      • susemanager-schema-3.1.9-2.3.1
      • susemanager-sync-data-3.1.6-2.3.1

    References: