Security update for SUSE Manager Server 4.0
SUSE Security Update: Security update for SUSE Manager Server 4.0
cpu-mitigations-formula:
mgr-osad:
patterns-suse-manager:
pgjdbc-ng:
prometheus-exporters-formula:
py26-compat-salt:
python-susemanager-retail:
python-urlgrabber:
spacecmd:
spacewalk-admin:
spacewalk-backend:
spacewalk-branding:
spacewalk-certs-tools:
spacewalk-client-tools:
spacewalk-config:
spacewalk-java:
spacewalk-setup:
spacewalk-utils:
spacewalk-web:
susemanager:
susemanager-docs_en:
susemanager-schema:
susemanager-sls:
susemanager-sync-data:
tika-core:
virtual-host-gatherer:
| Announcement ID: | SUSE-SU-2019:2930-1 |
| Rating: | moderate |
| References: | #1133429 #1135442 #1136959 #1138358 #1138454 #1142309 #1142764 #1142774 #1143016 #1143562 #1143789 #1144300 #1144500 #1144510 #1144515 #1144889 #1145086 #1145119 #1145551 #1145587 #1145626 #1145744 #1145750 #1145753 #1145758 #1145769 #1145873 #1146416 #1146419 #1146683 #1146869 #1148169 #1149075 #1149210 #1149353 #1149409 #1149425 #1149633 #1150113 #1150154 #1150180 #1150314 #1150729 #1151097 #1151280 #1151399 #1151467 #1151481 #1151666 #1151875 #1152170 #1152290 #1152514 #1152735 #1153277 #1153578 #1154275 #1155656 #1155794 |
| Cross-References: | CVE-2019-10088 CVE-2019-10093 CVE-2019-10094 |
| Affected Products: |
|
An update that solves three vulnerabilities and has 56 fixes is now available.
Description:
This update fixes the following issues:
cobbler:
- Fix for install loop caused autoinstallation profiles (bsc#1151875)
- Update module config description to match new parameters
- Add config migration script and runs it in post-install script
- Fix for config backups in post install script (bsc#1149075)
- Move apache config file cobbler.conf to conf.d directory and remove the VirtualHost container as it overwrite rules already set in conf.d
- Realignment with Cobbler 3.0.0 release candidate.
- Fix for typo in settings for scm_track module.
- Optimization for settings loading in scm_track module.
cpu-mitigations-formula:
- Fix grub entry changed for sle12* so it matches sle15* (bsc#1145873)
mgr-osad:
- Obsolete all old python2-osa* packages to avoid conflicts (bsc#1152290)
patterns-suse-manager:
- Add recommends for cpu-mitigations-formula
pgjdbc-ng:
- Allow dots in database name (bsc#1146416)
prometheus-exporters-formula:
- Allow to configure arbitrary arguments when running exporters
- Add support for Debian/Ubuntu and Red Hat systems (RHEL/CentOS)
- Install the LICENSE together with the package
py26-compat-salt:
- Get tornado dependency from the system on SLE12 (bsc#1149409)
python-susemanager-retail:
- Update to version 0.1.1568808472.be9f236
- Parse parition type 82 as swap in SLEPOS migration (bsc#1136959)
- Allow kernel command line for branches to be set as an option to retail_branch_init CLI
- Automatically calculate dhcp dynamic range from branch ip if not set
python-urlgrabber:
- Allow non-integer values for URLGRABBER_DEBUG env variable (bsc#1152514)
- Fixes usage of log level lookup for Python3 (bsc#1146683)
spacecmd:
- Java api expects content as encoded string instead of encode bytes like before (bsc#1153277)
- Fix building and installing on CentOS8/RES8/RHEL8
- Check that a channel doesn't have clones before deleting it (bsc#1138454)
spacewalk-admin:
- Avoid a "Permission denied" salt error when publisher_acl is set (bsc#1150154)
spacewalk-backend:
- Fix re-registration with re-activation key (bsc#1154275)
- Change the default value of taskomatic maxmemory to 4GB
- Add basic support for importing modular repositories
- Import additional fields for Deb packages
- Add script to update additional fields in the DB for existing Deb packages
- Use active values for diskchecker mails
- Parse restart_suggested flag from patches and set it as keywords (bsc#1151467)
- Improve error message when deleting channel that's in a content lifecycle project (bsc#1145769)
- Prevent "reposync" crash when handling metadata on RPM repos (bsc#1138358)
- Do not show expected WARNING messages from "c_rehash"
- Fix misspelling in spacewalk-repo-sync (bsc#1149633)
- Remove credentials also from potential rhn.conf backup files in spacewalk-debug (bsc#1146419)
- Do not crash 'rhn-satellite-exporter' with ModuleNotFound error (bsc#1146869)
- Spacewalk-remove-channel check that channel doesn't have cloned channels before deleting it (bsc#1138454)
- Fix broken spacewalk-data-fsck utility
- Add '--latest' support for reposync on DEB based repositories
- Do not try to download RPMs from the unresolved mirrorlist URL
- Fix encoding issues with DB bytes values (bsc#1144300)
- Fix import of rhnAuthPAM to avoid issues when using rhnpush.
- Avoid traceback on mgr-inter-sync when there are problems with cache of packages (bsc#1143016)
spacewalk-branding:
- Improve menu scrollbar style for firefox
- Add UI message when salt-formulas system folders are unreachable (bsc#1142309)
spacewalk-certs-tools:
- Require mgr-daemon (new name of spacewalksd) so we systems with spacewalksd get always the new package installed (bsc#1149353)
spacewalk-client-tools:
- Require mgr-daemon (new name of spacewalksd) so we systems with spacewalksd get always the new package installed (bsc#1149353)
- Enable spacewalk-update-service on package installation (bsc#1143789)
- Invalidate cache 5 minutes before actual expiration(bsc#1143562)
spacewalk-config:
- Change the default value of taskomatic maxmemory to 4GB
- Resolve modules.yaml file for modular repositories
spacewalk-java:
- Change the default value of taskomatic maxmemory to 4GB
- Silence cache strategy Hibernate warning
- Return result in compatible type to what defined in database procedure (bsc#1150729)
- Allow channels names to start with numbers
- Fix: handle special deb package names (bsc#1150113)
- Remove extra spaces in dependencies fields in Debian repo Packages file (bsc#1145551)
- Allow monitoring for managed systems running Ubuntu 18.04 and RedHat 6/7
- Improve performance for 'Manage Software Channels' view (bsc#1151399)
- Import additional fields for Deb packages
- Use value from systemd unit file if not set in /etc/rhn/rhn.conf
- Implement "keyword" filter for Content Lifecycle Management
- Add support for Azure, Amazon EC2, and Google Compute Engine as Virtual Host Manager.
- Allow ssl connections from Tomcat to Postgres (bsc#1149210)
- Use default in case taskomatic.java.maxmemory is unset
- Fix parsing of /etc/rhn/rhn.conf for taskomatic.java.maxmemory (bsc#1151097)
- Change form order and change project creation message (bsc#1145744)
- Use 'SCC organization credentials' instead of 'SCC credentials' in error message (bsc#1149425)
- Implement "regular expression" Filter for Content Lifecycle Management matching package names, patch name, patch synopsis and package names in patches
- Implement provisioning for salt clients
- Explicitly mention in API docs that to preserve LF/CR, user needs to encode the data(bsc#1135442)
- New Single Page Application engine for the UI. It can be enabled with the config 'web.spa.enable' set to true
- Check that a channel doesn't have clones before deleting it (bsc#1138454)
- Fix documentation of contentmanagement handler (bsc#1145753)
- Add new API endpoint to list available Filter Criteria
- Improve API documentation of Filter Criteria
- Implement "patch contains package" Filter for Content Lifecycle Management
- Implement Filter Patch "by type" Content Lifecycle Management
- Improve websocket authentication to prevent errors in logs (bsc#1138454)
- Implement filtering errata by synopsis in Content Lifecycle Management
- Normalize date formats for actions, notifications and clm (bsc#1142774)
- Implement ALLOW filters in Content Lifecycle Management
- Implement "by date" Filter for Content Lifecycle Management
- UI render without error if salt-formulas system folders are unreachable (bsc#1142309)
- Cloning Errata from a specific channel should not take packages from other channels (bsc#1142764)
- Add susemanager as prerequired for spacewalk-java
spacewalk-setup:
- Fix cobbler authentication module configuration required for new cobbler package
- Configure 150 Tomcat workers by default, matching httpds MaxClients
spacewalk-utils:
- Add FQDN resolver for spacewalk-manage-channel-lifecycle (bsc#1153578)
- Common-channels: Fix repo type assignment for type YUM
spacewalk-web:
- Redirect to project when canceling creating a filter (bsc#1145750)
- Better visualization of the filters attached to a CLM Project. Allow/deny are now split
- Fix ui issues with content lifecycle project list page (bsc#1145587)
- Implement "keyword" filter for Content Lifecycle Management
- Enable Azure, Amazon EC2 and Google Compute Engine as available Virtual host Managers
- Trim strings when creating/updating image stores/profiles (bsc#1133429)
- Show loading spin while loading salt keys data (bsc#1150180)
- CLM - Disable clones by default of the shown CLM Project sources
- Change form order and change project creation message (bsc#1145744)
- Add UI message when salt-formulas system folders are unreachable (bsc#1142309)
- Implement "regular expression" Filter for Content Lifecycle Management matching package names, patch name, patch synopsis and package names in patches
- New Single Page Application engine for the UI. It can be enabled with the config 'web.spa.enable' set to true
- Add environment label when deleting environment (bsc#1145758)
- Change color of disabled build button on clp page (bsc#1145626)
- Fix the 'include recommended' button on channels selection in SSM (bsc#1145086)
- Implement "patch contains package" Filter for Content Lifecycle Management
- Implement Filter Patch "by type" Content Lifecycle Management
- Implement filtering errata by synopsis in Content Lifecycle Management
- Normalize date formats for actions, notifications and clm (bsc#1142774)
- Implement ALLOW filters in Content Lifecycle Management
- Implement "by date" Filter for Content Lifecycle Management
susemanager:
- Require dmidecode only for SLE12 aarch64 and x86_64 (bsc#1152170)
- Require pmtools only for SLE11 i586 and x86_64 (bsc#1150314)
- Fix test for btrfs subvolume for new btrfs version (bsc#1151666)
- Ensure working directory is /root during setup (bsc#1148169)
- Dmidecode does not exist on s390x (bsc#1145119)
susemanager-docs_en:
- Update text and images (mu-4.0.3); many changes caused by Technical and Content Reviews.
- Added partition permissions to Install Guide (bsc#1152735)
- Move Disconnected Setup from Client Config to Admin Guide
- Updated references to documentation.suse.com (was: www.suse.com/documentation)
- Increase default value for taskomatic to 4GB
- Registering to proxy information in Install Guide
- Edits to Prometheus section in Admin Guide
- Update database migration section in Upgrade Guide
- Update server update, upgrade, and migration chapters in Upgrade Guide
- Update server installation and setup chapters
- Update proxy installation and setup chapters
- Add section about maintenance window in Admin Guide
- Update Kubernetes chapter
- Admin Guide: ISS: Adapt the CA path to correspond to SLES 15.1
- Update image management
- Update channel management screenshot in Reference
- Update CLM
- Provide basic documentation on foreign clients
- Update info on mgr-sync
- New images added to Retail Guide
- Minor edits in Salt Guide
- Improvements to Troubleshooting section in Admin Guide
- Removed reference to SLP in Install Guide
- Minor edits to SSM in Client Config Guide
susemanager-schema:
- Fix in schema migration script when recreating the 'suseUserRoleView' (bsc#1151280)
- Fix: handle special deb package names (bsc#1150113)
- Refactor in suseChannelUserRoleView for retrieving the parent_channel_id (bsc#1151399)
- Add tables rhnPackageExtraTag and rhnPackageExtraTagKey
- Allow monitoring for Ubuntu systems
- Add new types needed for Azure, Amazon EC2 and Google CE
- Enable provisioning for salt clients
- Allow package changelog entries with more than 3000 characters (bsc#1144889)
susemanager-sls:
- Require pmtools only for SLE11 i586 and x86_64 (bsc#1150314)
- Introduce dnf-susemanager-plugin for RHEL8 minions
- Provide custom grain to report "instance id" when running on Public Cloud instances
- Disable legacy startup events for new minions
- Implement provisioning for salt clients
- Dmidecode does not exist on ppc64le and s390x (bsc#1145119)
- Update susemanager.conf to use adler32 for computing the server_id for new minions
- Do not show errors when polling internal metadata API (bsc#1155794)
- Add missing "public_cloud" custom grain (bsc#1155656)
susemanager-sync-data:
- Ubuntu repositories released
tika-core:
- New upstream version 1.2.2. Fixes: * OOM from a crafted Zip File in Apache Tika's RecursiveParserWrapper (CVE-2019-10088) (bsc#1144500). * Denial of Service in Apache Tika's 2003ml and 2006ml Parsers (CVE-2019-10093) (bsc#1144510). * StackOverflow from Crafted Package/Compressed Files in Apache Tika's RecursiveParserWrapper (CVE-2019-10094) (bsc#1144515).
virtual-host-gatherer:
- Add new modules to deal with Amazon EC2, Azure and Google Compute
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.0:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2019-2930=1
Package List:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (ppc64le s390x x86_64):
- patterns-suma_retail-4.0-9.3.8
- patterns-suma_server-4.0-9.3.8
- spacewalk-branding-4.0.14-3.6.8
- susemanager-4.0.17-3.6.9
- susemanager-tools-4.0.17-3.6.9
- SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch):
- cobbler-3.0.0+git20190806.32c4bae0-7.3.7
- cpu-mitigations-formula-0.1-4.6.7
- mgr-osa-dispatcher-4.0.10-3.6.8
- pgjdbc-ng-0.7.1-3.3.8
- prometheus-exporters-formula-0.4-3.3.7
- pxe-default-image-sle15-4.0.0-20191106084601
- py26-compat-salt-2016.11.10-10.8.8
- python3-mgr-osa-common-4.0.10-3.6.8
- python3-mgr-osa-dispatcher-4.0.10-3.6.8
- python3-spacewalk-backend-libs-4.0.27-3.13.9
- python3-spacewalk-certs-tools-4.0.12-3.6.8
- python3-spacewalk-client-tools-4.0.10-3.6.8
- python3-susemanager-retail-1.0.1568808472.be9f236-3.6.7
- python3-urlgrabber-3.10.2.1py2_3-6.22.6
- spacecmd-4.0.16-3.6.7
- spacewalk-admin-4.0.8-3.3.8
- spacewalk-backend-4.0.27-3.13.9
- spacewalk-backend-app-4.0.27-3.13.9
- spacewalk-backend-applet-4.0.27-3.13.9
- spacewalk-backend-config-files-4.0.27-3.13.9
- spacewalk-backend-config-files-common-4.0.27-3.13.9
- spacewalk-backend-config-files-tool-4.0.27-3.13.9
- spacewalk-backend-iss-4.0.27-3.13.9
- spacewalk-backend-iss-export-4.0.27-3.13.9
- spacewalk-backend-package-push-server-4.0.27-3.13.9
- spacewalk-backend-server-4.0.27-3.13.9
- spacewalk-backend-sql-4.0.27-3.13.9
- spacewalk-backend-sql-postgresql-4.0.27-3.13.9
- spacewalk-backend-tools-4.0.27-3.13.9
- spacewalk-backend-xml-export-libs-4.0.27-3.13.9
- spacewalk-backend-xmlrpc-4.0.27-3.13.9
- spacewalk-base-4.0.16-3.9.8
- spacewalk-base-minimal-4.0.16-3.9.8
- spacewalk-base-minimal-config-4.0.16-3.9.8
- spacewalk-certs-tools-4.0.12-3.6.8
- spacewalk-client-tools-4.0.10-3.6.8
- spacewalk-config-4.0.13-3.3.7
- spacewalk-html-4.0.16-3.9.8
- spacewalk-java-4.0.25-3.10.5
- spacewalk-java-config-4.0.25-3.10.5
- spacewalk-java-lib-4.0.25-3.10.5
- spacewalk-java-postgresql-4.0.25-3.10.5
- spacewalk-setup-4.0.11-3.6.7
- spacewalk-taskomatic-4.0.25-3.10.5
- spacewalk-utils-4.0.13-3.6.8
- susemanager-doc-indexes-4.0-10.9.8
- susemanager-docs_en-4.0-10.9.7
- susemanager-docs_en-pdf-4.0-10.9.7
- susemanager-retail-tools-1.0.1568808472.be9f236-3.6.7
- susemanager-schema-4.0.16-3.8.5
- susemanager-sls-4.0.22-3.10.4
- susemanager-sync-data-4.0.13-3.6.7
- susemanager-web-libs-4.0.16-3.9.8
- tika-core-1.22-3.3.7
- virtual-host-gatherer-1.0.19-3.3.8
- virtual-host-gatherer-Kubernetes-1.0.19-3.3.8
- virtual-host-gatherer-VMware-1.0.19-3.3.8
- virtual-host-gatherer-libcloud-1.0.19-3.3.8
References:
- https://www.suse.com/security/cve/CVE-2019-10088.html
- https://www.suse.com/security/cve/CVE-2019-10093.html
- https://www.suse.com/security/cve/CVE-2019-10094.html
- https://bugzilla.suse.com/1133429
- https://bugzilla.suse.com/1135442
- https://bugzilla.suse.com/1136959
- https://bugzilla.suse.com/1138358
- https://bugzilla.suse.com/1138454
- https://bugzilla.suse.com/1142309
- https://bugzilla.suse.com/1142764
- https://bugzilla.suse.com/1142774
- https://bugzilla.suse.com/1143016
- https://bugzilla.suse.com/1143562
- https://bugzilla.suse.com/1143789
- https://bugzilla.suse.com/1144300
- https://bugzilla.suse.com/1144500
- https://bugzilla.suse.com/1144510
- https://bugzilla.suse.com/1144515
- https://bugzilla.suse.com/1144889
- https://bugzilla.suse.com/1145086
- https://bugzilla.suse.com/1145119
- https://bugzilla.suse.com/1145551
- https://bugzilla.suse.com/1145587
- https://bugzilla.suse.com/1145626
- https://bugzilla.suse.com/1145744
- https://bugzilla.suse.com/1145750
- https://bugzilla.suse.com/1145753
- https://bugzilla.suse.com/1145758
- https://bugzilla.suse.com/1145769
- https://bugzilla.suse.com/1145873
- https://bugzilla.suse.com/1146416
- https://bugzilla.suse.com/1146419
- https://bugzilla.suse.com/1146683
- https://bugzilla.suse.com/1146869
- https://bugzilla.suse.com/1148169
- https://bugzilla.suse.com/1149075
- https://bugzilla.suse.com/1149210
- https://bugzilla.suse.com/1149353
- https://bugzilla.suse.com/1149409
- https://bugzilla.suse.com/1149425
- https://bugzilla.suse.com/1149633
- https://bugzilla.suse.com/1150113
- https://bugzilla.suse.com/1150154
- https://bugzilla.suse.com/1150180
- https://bugzilla.suse.com/1150314
- https://bugzilla.suse.com/1150729
- https://bugzilla.suse.com/1151097
- https://bugzilla.suse.com/1151280
- https://bugzilla.suse.com/1151399
- https://bugzilla.suse.com/1151467
- https://bugzilla.suse.com/1151481
- https://bugzilla.suse.com/1151666
- https://bugzilla.suse.com/1151875
- https://bugzilla.suse.com/1152170
- https://bugzilla.suse.com/1152290
- https://bugzilla.suse.com/1152514
- https://bugzilla.suse.com/1152735
- https://bugzilla.suse.com/1153277
- https://bugzilla.suse.com/1153578
- https://bugzilla.suse.com/1154275
- https://bugzilla.suse.com/1155656
- https://bugzilla.suse.com/1155794
SAP-Lösungen ausführen
SUSE for Public Cloud
Security
