Security update for Spacewalk stack
SUSE Security Update: Security update for Spacewalk stack
This SUSE Manager Proxy update fixes the following security
issue and bugs:
spacewalk-backend:
* Check for empty result before printing software
entitlement. (bnc#853913)
* Added extra log folder to spacewalk-debug.
(bnc#854090)
* Better detection for SUSE KVM and Cloud systems.
spacewalk-certs-tools:
* Older versions of ssh-copy-id do not support the -o
switch.
* ssh-keygen fails with an error when known_hosts
doesn't exist.
* Call the new script from the old one and print
deprecation warning.
* New ssh-push client initialization script.
spacewalk-proxy:
* Fixed client registration via proxy. (bnc#855610)
spacewalk-web:
* CVE-2013-4415: PAGE_SIZE_LABEL_SELECTED cross-site
scripting. (bnc#850925)
* Put the given year in the valid range. (bnc#846356)
* Paste event handler parsing CVE identifiers with
Javascript. (bnc#846356)
How to apply this update:
1. Log in as root user to the SUSE Manager proxy. 2. Stop
the proxy service: spacewalk-proxy stop 3. Apply the patch
using either zypper patch or YaST Online Update. 4. Start
the Spacewalk service: spacewalk-proxy start
Security Issues:
* CVE-2013-4415
>
Announcement ID: | SUSE-SU-2014:0223-1 |
Rating: | moderate |
References: | #846356 #850925 #853913 #854090 #855610 |
Affected Products: |
An update that solves one vulnerability and has four fixes is now available. It includes four new package versions.
Description:
This SUSE Manager Proxy update fixes the following security
issue and bugs:
spacewalk-backend:
* Check for empty result before printing software
entitlement. (bnc#853913)
* Added extra log folder to spacewalk-debug.
(bnc#854090)
* Better detection for SUSE KVM and Cloud systems.
spacewalk-certs-tools:
* Older versions of ssh-copy-id do not support the -o
switch.
* ssh-keygen fails with an error when known_hosts
doesn't exist.
* Call the new script from the old one and print
deprecation warning.
* New ssh-push client initialization script.
spacewalk-proxy:
* Fixed client registration via proxy. (bnc#855610)
spacewalk-web:
* CVE-2013-4415: PAGE_SIZE_LABEL_SELECTED cross-site
scripting. (bnc#850925)
* Put the given year in the valid range. (bnc#846356)
* Paste event handler parsing CVE identifiers with
Javascript. (bnc#846356)
How to apply this update:
1. Log in as root user to the SUSE Manager proxy. 2. Stop
the proxy service: spacewalk-proxy stop 3. Apply the patch
using either zypper patch or YaST Online Update. 4. Start
the Spacewalk service: spacewalk-proxy start
Security Issues:
* CVE-2013-4415
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Manager Proxy 1.7 for SLE 11 SP2:
zypper in -t patch slemap17sp2-suse-manager-proxy-201401-8818
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Manager Proxy 1.7 for SLE 11 SP2 (x86_64) [New Version: 1.7.38.31]:
- spacewalk-backend-1.7.38.31-0.5.1
- spacewalk-backend-libs-1.7.38.31-0.5.1
- SUSE Manager Proxy 1.7 for SLE 11 SP2 (noarch) [New Version: 1.7.12.14,1.7.28.20 and 1.7.3.11]:
- spacewalk-base-minimal-1.7.28.20-0.5.1
- spacewalk-certs-tools-1.7.3.11-0.5.1
- spacewalk-proxy-broker-1.7.12.14-0.5.1
- spacewalk-proxy-common-1.7.12.14-0.5.1
- spacewalk-proxy-management-1.7.12.14-0.5.1
- spacewalk-proxy-package-manager-1.7.12.14-0.5.1
- spacewalk-proxy-redirect-1.7.12.14-0.5.1
References:
- http://support.novell.com/security/cve/CVE-2013-4415.html
- https://bugzilla.novell.com/846356
- https://bugzilla.novell.com/850925
- https://bugzilla.novell.com/853913
- https://bugzilla.novell.com/854090
- https://bugzilla.novell.com/855610
- http://download.novell.com/patch/finder/?keywords=1dc3b35801903770f664389364a3d72e