Security update for SUSE Manager Server 3.0
| Announcement ID: | SUSE-SU-2017:2453-1 |
| Rating: | moderate |
| References: | #1009118 #1017513 #1022286 #1024058 #1026930 #1028098 #1030898 #1032350 #1033999 #1037609 #1039458 #1045152 #1045575 #1046218 #1047155 #1047656 #1048528 #1048762 #1048968 #1049170 #1049471 #1051518 #1053850 #1054225 |
| Affected Products: |
An update that solves one vulnerability and has 23 fixes is now available.
Description:
This update for the SUSE Manager Server 3.0 provides several fixes and
improvements.
The following security issue has been fixed:
spacewalk-java:
- CVE-2017-7538: Do not allow HTML code injection via Cross Site Scripting
(XSS) in the Organization Name. (bsc#1048968)
Additionally, the following non-security issues have been fixed:
salt-netapi-client:
- Fix date format for Schedule.
- Fix sending kwarg in payload in RunnerCall.
- Better error handling in Runner and Wheel calls.
- Increase the default SOCKET_TIMEOUT to 20 seconds
smdba:
- Do not set default_statistics_target. (bsc#1022286)
- Support postgresql96. (bsc#1045152)
- Prevent use of /var/lib/pgsql/data. (bsc#1024058)
- Remove copyright message every time shown.
- On systemd-enabled systems use it for start/stop PostgreSQL.
(bsc#1024058)
spacewalk-backend:
- Increase rpclib timeout to 10 minutes. (bsc#1026930)
- Adapt for the new gpgcheck flag for the channels.
spacewalk-branding:
- Fix overlapping text narrow window. (bsc#1009118)
spacewalk-config:
- Resolve comps.xml file for repositories. (bsc#1048528)
spacewalk-java:
- Delete and create new ServerNetAddress if it already exists on Hardware
refresh. (bsc#1054225)
- Fix enter key submit on ListTag filter input. (bsc#1048762)
- Create VirtpollerData object with JSON content instead null.
(bsc#1049170)
- Prevent malformed XML if 'arch' is set to NULL. (bsc#1045575)
- Resolve comps.xml file for repositories. (bsc#1048528)
- Don't add default channel if AK is not valid. (bsc#1047656)
- Add 'Enable GPG check' function for channels.
- Regenerate pillar for the minions using the channel being modified.
- Remove executable bit from service files. (bsc#1051518)
- Fix wrong openscap xid. (bsc#1030898)
- Fix overlapping text narrow window. (bsc#1009118)
- Fix broken link. (bsc#1033999)
- Fix alignment on the org details. (bsc#1017513)
- Update channels.xml with OpenStack Cloud Continuous Delivery 6.
(bsc#1039458)
- Handle possible wrong UUIDs on SLE 11 minions. (bsc#1046218)
- Allow blank key generation. (bsc#1032350)
spacewalk-search:
- Remove executable bit from service files. (bsc#1051518)
spacewalk-setup-jabberd:
- Change default backend for jabberd to sqlite. (bsc#1047155)
spacewalk-web:
- Fix enter key submit on ListTag filter input. (bsc#1048762)
susemanager:
- Do not use checkpoint_segments parameter during migrations.
- Enable migration from postgresql94 to postgresql96.
- Create bootstrap repository for SUSE Linux Enterprise Server for SAP 11
SP1. (bsc#1049471)
- Adjust the bootstrap repository with SUSE Linux Enterprise 12 SP3
repositories.
susemanager-docs_en:
- Update text and image files.
susemanager-schema:
- Adapt for the new gpgcheck flag for the channels.
susemanager-sync-data:
- Add SUSE Manager Proxy 3.0 channels for SUSE Linux Enterprise Server 12
SP3. (bsc#1053850)
- Support SUSE Enterprise Storage 5 and SUSE Linux Enterprise Server 12
SP3 for SAP Applications
on ppc64le. (bsc#1028098)
- Update channels.xml with OpenStack Cloud Continuous Delivery 6.
(bsc#1039458)
- Add SUSE Linux Enterprise 12 SP3 related products. (bsc#1037609)
virtual-host-gatherer:
- Implement kubernetes gatherer module.
How to apply this update: 1. Log in as root user to the SUSE Manager
server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the
patch using either zypper patch or YaST Online Update. 4. Upgrade the
database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service:
spacewalk-service start
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Manager Server 3.0:
zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2017-1520=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Manager Server 3.0 (s390x x86_64):
- smdba-1.6.0-0.7.3.1
- spacewalk-branding-2.5.2.14-16.3.1
- susemanager-3.0.23-25.3.1
- susemanager-tools-3.0.23-25.3.1
- SUSE Manager Server 3.0 (noarch):
- salt-netapi-client-0.12.0-16.3.1
- spacewalk-backend-2.5.24.13-26.8.1
- spacewalk-backend-app-2.5.24.13-26.8.1
- spacewalk-backend-applet-2.5.24.13-26.8.1
- spacewalk-backend-config-files-2.5.24.13-26.8.1
- spacewalk-backend-config-files-common-2.5.24.13-26.8.1
- spacewalk-backend-config-files-tool-2.5.24.13-26.8.1
- spacewalk-backend-iss-2.5.24.13-26.8.1
- spacewalk-backend-iss-export-2.5.24.13-26.8.1
- spacewalk-backend-libs-2.5.24.13-26.8.1
- spacewalk-backend-package-push-server-2.5.24.13-26.8.1
- spacewalk-backend-server-2.5.24.13-26.8.1
- spacewalk-backend-sql-2.5.24.13-26.8.1
- spacewalk-backend-sql-oracle-2.5.24.13-26.8.1
- spacewalk-backend-sql-postgresql-2.5.24.13-26.8.1
- spacewalk-backend-tools-2.5.24.13-26.8.1
- spacewalk-backend-xml-export-libs-2.5.24.13-26.8.1
- spacewalk-backend-xmlrpc-2.5.24.13-26.8.1
- spacewalk-base-2.5.7.18-25.6.1
- spacewalk-base-minimal-2.5.7.18-25.6.1
- spacewalk-base-minimal-config-2.5.7.18-25.6.1
- spacewalk-config-2.5.2.8-13.3.1
- spacewalk-html-2.5.7.18-25.6.1
- spacewalk-java-2.5.59.17-27.6.1
- spacewalk-java-config-2.5.59.17-27.6.1
- spacewalk-java-lib-2.5.59.17-27.6.1
- spacewalk-java-oracle-2.5.59.17-27.6.1
- spacewalk-java-postgresql-2.5.59.17-27.6.1
- spacewalk-search-2.5.2.3-4.3.1
- spacewalk-setup-jabberd-2.5.0.3-2.3.1
- spacewalk-taskomatic-2.5.59.17-27.6.1
- susemanager-advanced-topics_en-pdf-3-25.3.1
- susemanager-best-practices_en-pdf-3-25.3.1
- susemanager-docs_en-3-25.3.1
- susemanager-getting-started_en-pdf-3-25.3.1
- susemanager-jsp_en-3-25.3.1
- susemanager-reference_en-pdf-3-25.3.1
- susemanager-schema-3.0.21-25.3.1
- susemanager-sync-data-3.0.18-28.3.1
- virtual-host-gatherer-1.0.14-7.3.1
- virtual-host-gatherer-VMware-1.0.14-7.3.1
References:
- https://www.suse.com/security/cve/CVE-2017-7538.html
- https://bugzilla.suse.com/1009118
- https://bugzilla.suse.com/1017513
- https://bugzilla.suse.com/1022286
- https://bugzilla.suse.com/1024058
- https://bugzilla.suse.com/1026930
- https://bugzilla.suse.com/1028098
- https://bugzilla.suse.com/1030898
- https://bugzilla.suse.com/1032350
- https://bugzilla.suse.com/1033999
- https://bugzilla.suse.com/1037609
- https://bugzilla.suse.com/1039458
- https://bugzilla.suse.com/1045152
- https://bugzilla.suse.com/1045575
- https://bugzilla.suse.com/1046218
- https://bugzilla.suse.com/1047155
- https://bugzilla.suse.com/1047656
- https://bugzilla.suse.com/1048528
- https://bugzilla.suse.com/1048762
- https://bugzilla.suse.com/1048968
- https://bugzilla.suse.com/1049170
- https://bugzilla.suse.com/1049471
- https://bugzilla.suse.com/1051518
- https://bugzilla.suse.com/1053850
- https://bugzilla.suse.com/1054225
SAP-Lösungen ausführen
SUSE for Public Cloud
Security
