Security update for SUSE Manager Proxy 3.1

SUSE Security Update: Security update for SUSE Manager Proxy 3.1
Announcement ID: SUSE-SU-2017:2266-1
Rating: moderate
References: #1031143 #1032324 #1036260 #1038321 #1039913 #1043831 #1047282 #1047513 #1049936 #1052039
Affected Products:
  • SUSE Manager Proxy 3.1

  • An update that solves one vulnerability and has 9 fixes is now available.


    This update for SUSE Manager Proxy 3.1 provides several fixes and

    The following security issues have been fixed:


    - Fix offered SASL mechanism check. (bsc#1047282, CVE-2017-10807)

    Additionally, the following non-security issues have been fixed:


    - Fix memory leak in pgsql storage driver.
    - Fix two double-frees caused by dangling pointers.
    - wss:// (WebSocket over SSL) support in c2s.
    - Allow BareJID S10N packets.
    - SQLite postconnect SQL support.
    - Support WebSocket fragmented packets.
    - Module to verify users using e-mail.
    - Use OpenSSL functions for base64 en/decoding when available.
    - Option to dump packet-filter matched packets to file.
    - bcrypt support for PostgreSQL and MySQL storage.
    - Option to set authreg module per realm.
    - WebSocket C2S SX plugin.
    - Support for RSA/DH/ECDH key agreement.
    - For a detailed description of all fixes, please refer to the changelog.


    - Reduce maximal size of osad log before rotating.
    - Perform osad restart in posttrans. (bsc#1039913)


    - Make master_label static to keep its value when retrying. (bsc#1038321)
    - Adapt for the new gpgcheck flag for the channels.


    - Improve text for bootstrap. (bsc#1032324)


    - Use query string in upstream HEAD requests. (bsc#1036260)


    - Fix overlapping of elements. (bsc#1031143)
    - Fix formulas action buttons position. (bsc#1047513)
    - Do not show old messages. (bsc#1043831)
    - Add a dynamic counter of the remaining textarea length.
    - Confirm if navigating away while bootstrapping.


    - Fix permissions of PID files in spacewalksd. (bsc#1049936)


    - Fix setting pkg_gpgcheck.
    - Make pkg_gpgcheck configurable.

    How to apply this update: 1. Log in as root user to the SUSE Manager
    proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch
    using either zypper patch or YaST Online Update. 4. Start the Spacewalk
    service: spacewalk-proxy start

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Manager Proxy 3.1:
      zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2017-1387=1

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Manager Proxy 3.1 (ppc64le x86_64):
      • jabberd-2.6.1-3.3.1
      • jabberd-db-2.6.1-3.3.1
      • jabberd-db-debuginfo-2.6.1-3.3.1
      • jabberd-debuginfo-2.6.1-3.3.1
      • jabberd-debugsource-2.6.1-3.3.1
      • jabberd-sqlite-2.6.1-3.3.1
      • jabberd-sqlite-debuginfo-2.6.1-3.3.1
      • spacewalksd-
      • spacewalksd-debuginfo-
      • spacewalksd-debugsource-
      • zypp-plugin-spacewalk-0.9.16-2.3.1
    • SUSE Manager Proxy 3.1 (noarch):
      • osa-common-
      • osad-
      • rhnpush-
      • spacewalk-backend-
      • spacewalk-backend-libs-
      • spacewalk-base-minimal-
      • spacewalk-base-minimal-config-
      • spacewalk-certs-tools-
      • spacewalk-proxy-broker-
      • spacewalk-proxy-common-
      • spacewalk-proxy-management-
      • spacewalk-proxy-package-manager-
      • spacewalk-proxy-redirect-
      • spacewalk-proxy-salt-
      • supportutils-plugin-susemanager-client-3.1.2-2.3.1