Security update for SUSE Manager Server 3.1

SUSE Security Update: Security update for SUSE Manager Server 3.1
Announcement ID: SUSE-SU-2018:1751-1
Rating: moderate
References: #1073267 #1074594 #1075466 #1080474 #1081714 #1082796 #1083278 #1083513 #1084679 #1085044 #1085471 #1085650 #1085838 #1087055 #1087071 #1087840 #1088667 #1088861 #1089103 #1089396 #1089401 #1089468 #1090040 #1090059 #1090205 #1090221 #1090395 #1090400 #1090401 #1090585 #1091052 #1091091 #1091667 #1091840 #1091855 #1092161 #1092194 #1092275 #1092383 #1092492 #1095231 #1095569 #1096714
Affected Products:
  • SUSE Manager Server 3.1

  • An update that solves two vulnerabilities and has 41 fixes is now available.


    This update provides the following fixes and improvements for SUSE Manager
    Server 3.1:

    The following new package has been added:


    This package provides compatibility with Python 2.6 for salt.

    This update includes the following new features:


    Additonally, the following issues have been fixed:


    - Detect if there is already another instance of "cobbler sync" running
    and exit with failure if so. (bsc#1081714)
    - CVE-2017-1000469: Escape shell parameters provided by the user for the
    reposync action. (bsc#1074594)
    - Add sles15 distro profile. (bsc#1090205)


    - Update to version 2.8.2. (bsc#1091091)


    - Require py26-compat-salt and python3-salt to be able to connect with
    salt-ssh to a system which has python2.6 or python3 installed.


    - See


    - Do not fail boostrap if no ip6addr interface. (bsc#1090395)
    - Allow again to use a higher version of spacewalk-backend-libs with
    spacewalk-backend. (bsc#1092383)
    - SLE15 support: recommended/required flag for products and channels.


    - Fix URL for new products page. (bsc#1092492)
    - SLE15 support: recommended/required flag for products and channels.
    - Show channel label when listing config channels. (bsc#1083278)


    - Fix bootstrap script for python3. (bsc#1091840)
    - Support SLE15 product family.


    - Do not create new product if product_id exists, update it instead
    - Fix deletion of Taskomatic schedules via the GUI (bsc#1095569)
    - Fix unknown installed products when using salt-ssh. (bsc#1088861)
    - Prevent NPE when no image build history details are available.
    - Uniform the notification message when scheduling HW refresh.
    - Add SLES12 SP2 LTSS family. (bsc#1092194)
    - Fix token cleanup task crashing. (bsc#1090585)
    - HW refresh fails on SLE15 Salt client. (bsc#1090221)
    - Only show the most relevant (least effort) solutions. (bsc#1087071)
    - Add support for autoinstallation of SLE15. (bsc#1090205)
    - Update sles_register cobbler snippets to work with SLE15. (bsc#1090205)
    - Support SLE15 product family.
    - Show channel label when listing config channels. (bsc#1083278)
    - Fix equals to display channels with same name but different label.
    - Avoid init.sls files with no revision on Config State Channels.
    - Fix taskomatic deadlock in failure case. (bsc#1085471)
    - Render configuration files with UTF-8. (bsc#1088667)
    - Update google-gson to version 2.8.2. (bsc#1091091)
    - Fix updating Subscription cache. (bsc#1075466)
    - Fix NPE in websocket session configurator. (bsc#1080474)
    - Wait until minion is back to set RebootAction as COMPLETED. (bsc#1089401)
    - Add support for Prometheus monitoring.
    - Fix constraint violation errors when onboarding. (bsc#1089468)
    - Fix Advanced search for systems with installed packages. (bsc#1085838)


    - Clone-by-date removes packages only if the list is not empty.


    - Fix misleading message when syncing channels. (bsc#1089103)
    - Automatically select mandatory channels when selecting a base channel.
    - Fix ace.js editor config to use soft tabs. (bsc#1090040)
    - Display always config channel name and label. (bsc#1083278)


    - Add missing python3 packages to bootstrap JeOS image. (bsc#1085044)
    - Support SLE15 product family.
    - Fix crash on not properly configured environment. (bsc#1092275)
    - Provide full traditional stack in RES bootstrap repo. (bsc#1091667)
    - Fix bootstrap script for python3. (bsc#1091840)
    - Fix unknown installed products when using salt-ssh. (bsc#1088861)
    - Add python2-salt to RES7 and SLES12 bootstrap repository.
    - Fix bootstrapping RHEL 7 salt client (missing python-ipaddress).


    - Enforce susemanager-nodejs-sdk-devel dependency version. (bsc#1095231)


    - Documentation: mgr-create-bootstrap-repo documented flag is not correct.
    - Remove LTSS from SUSE Linux Enterprise 11 SP4 in gs. (bsc#1090401)
    - Configuration Macros do not work. (bsc#1084679)
    - Updated spacecmd with new functions.
    - Update bootstrap warning for sles 15 clients and python 3 - in reference
    and gs.


    - Add SLE15 distribution. (bsc#1090205)
    - SLE15 support: recommended/required flag for products and channels.
    - Support SLE15 product family.
    - Fix a race condition on lookup_evr. (bsc#1090059)


    - Install python2/3 salt flavours on buildhosts to generate a compatible
    thin for the dockerimage beeing build. (bsc#1092161)
    - Docker.login requires a list as input. (bsc#1092161)
    - Fix profileupdate sls to execute retrieval of kernel live patching info.
    - Support SLE15 product family.
    - Fix hardware refresh when FQDN changes. (bsc#1073267)
    - Create bootstrap repo only if it exist in the server. (bsc#1087840)
    - Fix master tops merging when running salt>=2018.
    - Use dockermod with new salt and user repository/tag option for build.


    - Set SLE15 channel update tags to final version.
    - Add SLES12 SP2 LTSS family. (bsc#1092194)
    - Add SLES12-SP2-LTSS product classes. (bsc#1092194)
    - Add debuginfo channels for SLE15 products.
    - Add PackageHub 15 Products.
    - Add product sle-module-live-patching 15.
    - Add new HPC 15 Product.
    - Add missing channel to sle-module-basesystem 15.
    - Support SLE15 product family.


    - Detect if there is already another instance of "cobbler sync" running
    and exit with failure if so. (bsc#1081714)

    Patch Instructions:

    To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
    Alternatively you can run the command listed for your product:

    • SUSE Manager Server 3.1:
      zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-1174=1

    Package List:

    • SUSE Manager Server 3.1 (ppc64le s390x x86_64):
      • patterns-suma_server-3.1-3.3.2
      • spacewalk-branding-
      • susemanager-3.1.14-2.19.5
      • susemanager-tftpsync-3.1.3-3.6.2
      • susemanager-tools-3.1.14-2.19.5
    • SUSE Manager Server 3.1 (noarch):
      • cobbler-2.6.6-5.10.4
      • google-gson-2.8.2-3.3.6
      • prometheus-client-java-0.3.0-1.3.5
      • py26-compat-salt-2016.11.4-1.7.2
      • salt-netapi-client-0.14.0-3.9.5
      • spacewalk-backend-
      • spacewalk-backend-app-
      • spacewalk-backend-applet-
      • spacewalk-backend-config-files-
      • spacewalk-backend-config-files-common-
      • spacewalk-backend-config-files-tool-
      • spacewalk-backend-iss-
      • spacewalk-backend-iss-export-
      • spacewalk-backend-libs-
      • spacewalk-backend-package-push-server-
      • spacewalk-backend-server-
      • spacewalk-backend-sql-
      • spacewalk-backend-sql-oracle-
      • spacewalk-backend-sql-postgresql-
      • spacewalk-backend-tools-
      • spacewalk-backend-xml-export-libs-
      • spacewalk-backend-xmlrpc-
      • spacewalk-base-
      • spacewalk-base-minimal-
      • spacewalk-base-minimal-config-
      • spacewalk-certs-tools-
      • spacewalk-html-
      • spacewalk-java-
      • spacewalk-java-config-
      • spacewalk-java-lib-
      • spacewalk-java-oracle-
      • spacewalk-java-postgresql-
      • spacewalk-taskomatic-
      • spacewalk-utils-
      • susemanager-advanced-topics_en-pdf-3.1-10.20.7
      • susemanager-best-practices_en-pdf-3.1-10.20.7
      • susemanager-docs_en-3.1-10.20.7
      • susemanager-frontend-libs-3.1.1-3.3.2
      • susemanager-getting-started_en-pdf-3.1-10.20.7
      • susemanager-jsp_en-3.1-10.20.7
      • susemanager-reference_en-pdf-3.1-10.20.7
      • susemanager-schema-3.1.17-2.23.3
      • susemanager-sls-3.1.17-2.23.2
      • susemanager-sync-data-3.1.14-2.23.2