Security update for SUSE Manager Server 3.2

SUSE Security Update: Security update for SUSE Manager Server 3.2

---

Announcement ID:	SUSE-SU-2019:0341-1
Rating:	moderate
References:	#1089121 #1098826 #1099988 #1104680 #1105720 #1105791 #1110427 #1110757 #1110772 #1111191 #1111686 #1111910 #1111963 #1112121 #1114029 #1114059 #1114115 #1114268 #1114877 #1115029 #1115978 #1116365 #1116566 #1116610 #1116826 #1117759 #1118112 #1118478 #1118917 #1119233 #1119271 #1119320 #1119727 #1119807 #1121038 #1121424 #1122565 #1123902 #1123983 #1124794 #1125097 #987798
Cross-References:	CVE-2018-17197
Affected Products:	SUSE Manager Server 3.2 SUSE Manager Proxy 3.2

---

An update that solves one vulnerability and has 41 fixes is now available.

Description:

This update fixes the following issues:
branch-network-formula:

• Netconfig update requires bind directory to exists for bind forward, ensure it (bsc#1116365)
• Rework network update in branch-network formula (bsc#1116365)

py26-compat-salt:

• Remove arch from name when pkg.list_pkgs is called with 'attr' (bsc#1114029)

python-susemanager-retail:

• Force one python version for SLE12 (python2) and SLE15 (python3)
• Add disklabel: none to migrated RAID

saltboot-formula:

• Use FTP active mode for image download
• Always deploy image when image is specified in partitioning pillar (bsc#1119807)
• Call blockdev.formatted with force=True
• Allow RAID images to be defined by saltboot formula - image information can be provided directly for disk - allow "none" disk label in formula and in that case hide partitioning information

smdba:

• Tuning: add cpu_tuple_cost (bsc#1105791)

spacecmd:

• Fix importing state channels using configchannel_import
• Fix getting file info for latest revision (via configchannel_filedetails)
• Add functions to merge errata (softwarechannel_errata_merge) and packages (softwarechannel_mergepackages) through spacecmd (bsc#987798)

spacewalk-admin:

• Use a Salt engine to process return results (bsc#1099988)

spacewalk-backend:

• Move channel update close to commit to avoid long lock (bsc#1121424)
• Adapt Inter Server Sync code to new SCC sync backend
• Fix issue raising exceptions 'with_traceback' on Python 2
• Hide Python traceback and show only error message (bsc#1110427)
• Honor renamed postgresql10 log directory for supportconfig

spacewalk-branding:

• Better label visualization when the input is disabled. (bsc#1110772)

spacewalk-client-tools:

• Fix XML-RPC type serialization (bsc#1116610)

spacewalk-java:

• Improve salt events processing performance (bsc#1125097)
• Prevent an error when onboarding a RES 6 minion (bsc#1124794)
• Support products with multiple base channels
• Fix ordering of base channels to prevent synchronization errors (bsc#1123902)
• Support products with multiple base channels
• Avoid a NullPointerException error in Taskomatic (bsc#1119271)
• Reset channel assignments when base channel changes on registration (bsc#1118917)
• Allow bootstrapping minions with a pending minion key being present (bsc#1119727)
• Hide 'unknown virtual host manager' when virtual host manager of all hosts is known (bsc#1119320)
• Disable notification types with 'java.notifications_type_disabled' in rhn.conf (bsc#1111910)
• Change SCC sync backend to adapt quicker to SCC changes and improve speed of syncing metadata and checking for channel dependencies (bsc#1089121)
• Read OEM Orderitems from DB instead of create always new items (bsc#1098826)
• Fix mgr-sync refresh when subscription was removed (bsc#1105720)
• XMLRPC API: Include init.sls in channel file list (bsc#1111191)
• Fix the config channels assignment via SSM (bsc#1117759)
• Install product packages during bootstrapping minions (bsc#1104680)
• Fix cloning channels when managing the same errata for both vendor and private orgs (bsc#1111686)
• Introduce Loggerhead-module.js to store logs from the frontend
• Removed 'Manage Channels' shortcut for vendor channels (bsc#1115978)
• Hide already applied errata and channel entries from the output list in audit.listSystemsByPatchStatus (bsc#1111963)
• Prevent failing KickstartCommand when customPosition is null (bsc#1112121)
• Automatically schedule an Action to refresh minion repos after deletion of an assigned channel (bsc#1115029)
• Performance improvements in channel management functionalities (bsc#1114877)
• Handle with an error message if state file fails to render (bsc#1110757)
• When changing basechannel the compatible old childchannels are now selected by default. (bsc#1110772)
• Add check for yast autoinstall profiles when setting kickstartTree (bsc#1114115)
• Use a Salt engine to process return results (bsc#1099988)
• Fix handling of CVEs including multiple patches in CVE audit (bsc#1111963)
• Fix synchronizing Expanded Support Channel with missing architecture (bsc#1122565)

spacewalk-setup:

• Use a Salt engine to process return results (bsc#1099988)

spacewalk-utils:

• Exit with an error if spacewalk-common-channels does not match any channel

spacewalk-web:

• Show feedback messages after using the retry option on the notification messages page
• Change SCC sync backend to adapt quicker to SCC changes and improve speed of syncing metadata and checking for channel dependencies
• Fix wording for taskotop (cosmetical only)(bsc#1118112)
• When changing basechannel the compatible old childchannels are now selected by default. (bsc#1110772)

subscription-matcher:

• Old style hard bundle merging fix (bsc#1114059)

susemanager:

• Add bootstrap repo definition for OES 2018 SP1 (bsc#1116826)
• Rhnlib was renamed to python2-rhnlib. Change bootstrap data accordingly.
• Change SCC sync backend to adapt quicker to SCC changes and improve speed of syncing metadata and checking for channel dependencies
• Adapt mgr-create-bootstrap-repo for Uyuni and let it create bootstrap repos for openSUSE and CentOS
• Fetch packages from correct channel when creating a bootstrap repository
• Fix not found package on mgr-create-bootstrap-repo for SLE-15-s390x (bsc#1116566)
• Add python3-six to bootstrap repo for SLES15 (bsc#1118478)

susemanager-docs_en:

• Update text and image files.
• Enhance forms documentation (more attributes).
• Proxy: for example, migration from traditional to Salt not supported.
• RAM requirements for host running kiwi OS images.
• Notification properties.
• Update scalability documentation.

susemanager-schema:

• Change SCC sync backend to adapt quicker to SCC changes and improve speed of syncing metadata and checking for channel dependencies
• Performance improvements in channel management functionalities (bsc#1114877)
• Use a Salt engine to process return results (bsc#1099988)

susemanager-sls:

• Improve salt events processing performance (bsc#1125097)
• Allow bootstrapping minions with a pending minion key being present (bsc#1119727)
• Use a Salt engine to process return results (bsc#1099988)

susemanager-sync-data:

• Make SUSE Manager Tools channel mandatory (bsc#1123983)
• Add sle-module-web-scripting for OES2018 (bsc#1119233)
• Add new set of data for the new SCC sync backend
• Enable SLE15 SP1 family (bsc#1114268)
• Enable OES2018 SP1 (bsc#1116826)

tika-core:

• CVE-2018-17197: Fixed an infinite loop in the SQLite3Parser of Apache Tika (bsc#1121038)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Manager Server 3.2:
  zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-341=1
• SUSE Manager Proxy 3.2:
  zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-341=1

Package List:

• SUSE Manager Server 3.2 (ppc64le s390x x86_64):
  • smdba-1.6.3-0.3.6.13
  • spacewalk-branding-2.8.5.13-3.13.14
  • susemanager-3.2.15-3.16.13
  • susemanager-tools-3.2.15-3.16.13
• SUSE Manager Server 3.2 (noarch):
  • branch-network-formula-0.1.1545038754.c983fa6-3.6.13
  • netty-4.1.8.Final-2.7.4
  • py26-compat-salt-2016.11.10-6.18.14
  • python-susemanager-retail-1.0.1544459934.07229ad-2.9.13
  • python2-spacewalk-client-tools-2.8.22.4-3.3.13
  • saltboot-formula-0.1.1546527519.591e925-3.9.13
  • spacecmd-2.8.25.8-3.12.13
  • spacewalk-admin-2.8.4.3-3.3.13
  • spacewalk-backend-2.8.57.8-3.10.14
  • spacewalk-backend-app-2.8.57.8-3.10.14
  • spacewalk-backend-applet-2.8.57.8-3.10.14
  • spacewalk-backend-config-files-2.8.57.8-3.10.14
  • spacewalk-backend-config-files-common-2.8.57.8-3.10.14
  • spacewalk-backend-config-files-tool-2.8.57.8-3.10.14
  • spacewalk-backend-iss-2.8.57.8-3.10.14
  • spacewalk-backend-iss-export-2.8.57.8-3.10.14
  • spacewalk-backend-libs-2.8.57.8-3.10.14
  • spacewalk-backend-package-push-server-2.8.57.8-3.10.14
  • spacewalk-backend-server-2.8.57.8-3.10.14
  • spacewalk-backend-sql-2.8.57.8-3.10.14
  • spacewalk-backend-sql-oracle-2.8.57.8-3.10.14
  • spacewalk-backend-sql-postgresql-2.8.57.8-3.10.14
  • spacewalk-backend-tools-2.8.57.8-3.10.14
  • spacewalk-backend-xml-export-libs-2.8.57.8-3.10.14
  • spacewalk-backend-xmlrpc-2.8.57.8-3.10.14
  • spacewalk-base-2.8.7.12-3.16.12
  • spacewalk-base-minimal-2.8.7.12-3.16.12
  • spacewalk-base-minimal-config-2.8.7.12-3.16.12
  • spacewalk-client-tools-2.8.22.4-3.3.13
  • spacewalk-html-2.8.7.12-3.16.12
  • spacewalk-java-2.8.78.18-3.21.1
  • spacewalk-java-config-2.8.78.18-3.21.1
  • spacewalk-java-lib-2.8.78.18-3.21.1
  • spacewalk-java-oracle-2.8.78.18-3.21.1
  • spacewalk-java-postgresql-2.8.78.18-3.21.1
  • spacewalk-setup-2.8.7.6-3.13.13
  • spacewalk-taskomatic-2.8.78.18-3.21.1
  • spacewalk-utils-2.8.18.4-3.6.13
  • subscription-matcher-0.22-4.9.13
  • susemanager-advanced-topics_en-pdf-3.2-11.15.12
  • susemanager-best-practices_en-pdf-3.2-11.15.12
  • susemanager-docs_en-3.2-11.15.12
  • susemanager-getting-started_en-pdf-3.2-11.15.12
  • susemanager-jsp_en-3.2-11.15.12
  • susemanager-reference_en-pdf-3.2-11.15.12
  • susemanager-retail-tools-1.0.1544459934.07229ad-2.9.13
  • susemanager-schema-3.2.16-3.16.13
  • susemanager-sls-3.2.20-3.18.1
  • susemanager-sync-data-3.2.12-3.14.2
  • susemanager-web-libs-2.8.7.12-3.16.12
  • tika-core-1.20-3.6.13
• SUSE Manager Proxy 3.2 (noarch):
  • python2-spacewalk-check-2.8.22.4-3.3.13
  • python2-spacewalk-client-setup-2.8.22.4-3.3.13
  • python2-spacewalk-client-tools-2.8.22.4-3.3.13
  • spacewalk-backend-2.8.57.8-3.10.14
  • spacewalk-backend-libs-2.8.57.8-3.10.14
  • spacewalk-base-minimal-2.8.7.12-3.16.12
  • spacewalk-base-minimal-config-2.8.7.12-3.16.12
  • spacewalk-check-2.8.22.4-3.3.13
  • spacewalk-client-setup-2.8.22.4-3.3.13
  • spacewalk-client-tools-2.8.22.4-3.3.13
  • spacewalk-proxy-installer-2.8.6.4-3.6.13
  • susemanager-web-libs-2.8.7.12-3.16.12

References:

• https://www.suse.com/security/cve/CVE-2018-17197.html
• https://bugzilla.suse.com/1089121
• https://bugzilla.suse.com/1098826
• https://bugzilla.suse.com/1099988
• https://bugzilla.suse.com/1104680
• https://bugzilla.suse.com/1105720
• https://bugzilla.suse.com/1105791
• https://bugzilla.suse.com/1110427
• https://bugzilla.suse.com/1110757
• https://bugzilla.suse.com/1110772
• https://bugzilla.suse.com/1111191
• https://bugzilla.suse.com/1111686
• https://bugzilla.suse.com/1111910
• https://bugzilla.suse.com/1111963
• https://bugzilla.suse.com/1112121
• https://bugzilla.suse.com/1114029
• https://bugzilla.suse.com/1114059
• https://bugzilla.suse.com/1114115
• https://bugzilla.suse.com/1114268
• https://bugzilla.suse.com/1114877
• https://bugzilla.suse.com/1115029
• https://bugzilla.suse.com/1115978
• https://bugzilla.suse.com/1116365
• https://bugzilla.suse.com/1116566
• https://bugzilla.suse.com/1116610
• https://bugzilla.suse.com/1116826
• https://bugzilla.suse.com/1117759
• https://bugzilla.suse.com/1118112
• https://bugzilla.suse.com/1118478
• https://bugzilla.suse.com/1118917
• https://bugzilla.suse.com/1119233
• https://bugzilla.suse.com/1119271
• https://bugzilla.suse.com/1119320
• https://bugzilla.suse.com/1119727
• https://bugzilla.suse.com/1119807
• https://bugzilla.suse.com/1121038
• https://bugzilla.suse.com/1121424
• https://bugzilla.suse.com/1122565
• https://bugzilla.suse.com/1123902
• https://bugzilla.suse.com/1123983
• https://bugzilla.suse.com/1124794
• https://bugzilla.suse.com/1125097
• https://bugzilla.suse.com/987798