Recommended update for SUSE Manager Server 2.1
SUSE Recommended Update: Recommended update for SUSE Manager Server 2.1
This collective update for SUSE Manager Server 2.1 provides the following
new features:
* ISS: export/import information about cloned channels to support
Service Pack migration on ISS slaves. (FATE#317789)
* New API calls: system.scheduleSPMigration(),
system.scheduleDistUpgrade(). (FATE#314785, FATE#314340)
Additionally, several issues have been fixed:
cobbler:
* Fix re-installation on SLE with static network configuration.
(bsc#883487)
* Add RHEL 7 as a valid operating system version.
smdba:
* Archival of PosgreSQL transaction log does not recover in case of no
space left on device. (bsc#915140)
sm-ncc-sync-data:
* Add support for RES7 in SUSE Manager. (bsc#897723, bsc#893608)
spacewalk-backend:
* Convert mtime to localtime to prevent invalid times because of DST.
(bsc#914437)
* Do not exit with error if a vendor channel has no URL associated.
(bsc#914260)
* Copy all SUSE Manager logfiles into spacewalk-debug.
* Exclude old backup-logs from spacewalk-debug to reduce size.
* Fix ISS export with unset patch severity.
* Convert empty string to null for DMI values. (bsc#911272)
* Fixed double-counting of systems subscribed to more than one channel.
spacewalk-certs-tools:
* Do not allow registering a SUSE Manager server against itself.
(bsc#841731)
spacewalk-java:
* Fix auditlog config yaml syntax. (bsc#913221)
* Show Proxy tab if system is a proxy even when assigned to cloned
channels. (bsc#913939)
* Fixed uncaught error which prevent correct error handling.
(bsc#858971)
* Fix NPE by setting max_members to 0 instead of NULL. (bsc#912035)
* Fix more cross-site-scripting (XSS) issues. (CVE-2014-7811,
bsc#902915)
* Fix basic authentication for HTTP proxies. (bsc#912057)
* Accept repos with same SCC ID and different URLs. (bsc#911808)
* Avoid mgr-sync-refresh failure because clear_log_id was not called.
(bsc#911166)
* Fix cross-site-scripting (XSS) issue in system-group (CVE-2014-7812,
bsc#912886)
* Fix "Select All" buttons display on rhn:list and make it consistent
with new rl:list. (bsc#909724)
* Fix List tag missing submit parameter for "Select All" and others.
(bnc#909724)
* Sort filelist in configfile.compare event history alphabetically.
(bsc#910243)
* Allow parenthesis in system group description. (bsc#903064)
* Provide new API documentation in PDF format. (bsc#896029)
* Update the example scripts section. (bsc#896029)
* Fixed wording issues on package lock page. (bsc#880022)
* Make text more clear for package profile sync. (bsc#884350)
spacewalk-web:
* Show Proxy tab if system is a proxy even when assigned to cloned
channels. (bsc#913939)
supportutils-plugin-susemanager:
* Write current service and repository configuration into
supportconfig.
susemanager-jsp_en, susemanager-manuals_en:
* Update text and image files (bsc#910494).
* Firewall rules are incomplete - ssh-push and ssh-push-tunnel
settings missing. (bsc#904703).
* Document SP migration and ISS. (bsc#913215, partially).
* Fix "beta packages" mentioned in documentation. (bsc#886421).
* User guide: Snapshots: clarify snaphot usage. (bsc#906851).
* Document maximal supported configuration file limit. (bsc#910482).
susemanager-schema:
* Fix NPE by setting max_members to 0 instead of NULL. (bsc#912035)
* Fix old migration for future reference. (bsc#911180)
* Avoid NPE when migrating to SCC on Oracle migrated from 1.7.
(bsc#911180)
* Fixed double-counting systems subscribed to more than one channel.
susemanager:
* Ask for the authentication beforehand. (bsc#908317)
* Bring back the ability to save credentials to the configuration file.
* Bring back token verification availability.
* Never ask for user credentials when scheduling a refresh.
susemanager-sync-data:
* Added support for RES7 in SUSE Manager. (bsc#897723, bsc#893608)
tanukiwrapper:
* Allow more than 4G as -Xmx option. (bsc#914900)
How to apply this update:
1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk
service: spacewalk-service stop 3. Apply the patch using either zypper
patch or YaST Online Update. 4. Upgrade the database schema with
spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service
start
Security Issues:
* CVE-2014-7811
* CVE-2014-7812
| Announcement ID: | SUSE-RU-2015:0393-1 |
| Rating: | moderate |
| References: | #841731 #858971 #880022 #883487 #884350 #886421 #893608 #896029 #897723 #902915 #903064 #904703 #906851 #908317 #909724 #910243 #910482 #910494 #911166 #911180 #911272 #911808 #912035 #912057 #912886 #913215 #913221 #913939 #914260 #914437 #914900 #915140 |
| Affected Products: |
An update that solves two vulnerabilities and has 30 fixes is now available. It includes 30 new package versions.
Description:
This collective update for SUSE Manager Server 2.1 provides the following
new features:
* ISS: export/import information about cloned channels to support
Service Pack migration on ISS slaves. (FATE#317789)
* New API calls: system.scheduleSPMigration(),
system.scheduleDistUpgrade(). (FATE#314785, FATE#314340)
Additionally, several issues have been fixed:
cobbler:
* Fix re-installation on SLE with static network configuration.
(bsc#883487)
* Add RHEL 7 as a valid operating system version.
smdba:
* Archival of PosgreSQL transaction log does not recover in case of no
space left on device. (bsc#915140)
sm-ncc-sync-data:
* Add support for RES7 in SUSE Manager. (bsc#897723, bsc#893608)
spacewalk-backend:
* Convert mtime to localtime to prevent invalid times because of DST.
(bsc#914437)
* Do not exit with error if a vendor channel has no URL associated.
(bsc#914260)
* Copy all SUSE Manager logfiles into spacewalk-debug.
* Exclude old backup-logs from spacewalk-debug to reduce size.
* Fix ISS export with unset patch severity.
* Convert empty string to null for DMI values. (bsc#911272)
* Fixed double-counting of systems subscribed to more than one channel.
spacewalk-certs-tools:
* Do not allow registering a SUSE Manager server against itself.
(bsc#841731)
spacewalk-java:
* Fix auditlog config yaml syntax. (bsc#913221)
* Show Proxy tab if system is a proxy even when assigned to cloned
channels. (bsc#913939)
* Fixed uncaught error which prevent correct error handling.
(bsc#858971)
* Fix NPE by setting max_members to 0 instead of NULL. (bsc#912035)
* Fix more cross-site-scripting (XSS) issues. (CVE-2014-7811,
bsc#902915)
* Fix basic authentication for HTTP proxies. (bsc#912057)
* Accept repos with same SCC ID and different URLs. (bsc#911808)
* Avoid mgr-sync-refresh failure because clear_log_id was not called.
(bsc#911166)
* Fix cross-site-scripting (XSS) issue in system-group (CVE-2014-7812,
bsc#912886)
* Fix "Select All" buttons display on rhn:list and make it consistent
with new rl:list. (bsc#909724)
* Fix List tag missing submit parameter for "Select All" and others.
(bnc#909724)
* Sort filelist in configfile.compare event history alphabetically.
(bsc#910243)
* Allow parenthesis in system group description. (bsc#903064)
* Provide new API documentation in PDF format. (bsc#896029)
* Update the example scripts section. (bsc#896029)
* Fixed wording issues on package lock page. (bsc#880022)
* Make text more clear for package profile sync. (bsc#884350)
spacewalk-web:
* Show Proxy tab if system is a proxy even when assigned to cloned
channels. (bsc#913939)
supportutils-plugin-susemanager:
* Write current service and repository configuration into
supportconfig.
susemanager-jsp_en, susemanager-manuals_en:
* Update text and image files (bsc#910494).
* Firewall rules are incomplete - ssh-push and ssh-push-tunnel
settings missing. (bsc#904703).
* Document SP migration and ISS. (bsc#913215, partially).
* Fix "beta packages" mentioned in documentation. (bsc#886421).
* User guide: Snapshots: clarify snaphot usage. (bsc#906851).
* Document maximal supported configuration file limit. (bsc#910482).
susemanager-schema:
* Fix NPE by setting max_members to 0 instead of NULL. (bsc#912035)
* Fix old migration for future reference. (bsc#911180)
* Avoid NPE when migrating to SCC on Oracle migrated from 1.7.
(bsc#911180)
* Fixed double-counting systems subscribed to more than one channel.
susemanager:
* Ask for the authentication beforehand. (bsc#908317)
* Bring back the ability to save credentials to the configuration file.
* Bring back token verification availability.
* Never ask for user credentials when scheduling a refresh.
susemanager-sync-data:
* Added support for RES7 in SUSE Manager. (bsc#897723, bsc#893608)
tanukiwrapper:
* Allow more than 4G as -Xmx option. (bsc#914900)
How to apply this update:
1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk
service: spacewalk-service stop 3. Apply the patch using either zypper
patch or YaST Online Update. 4. Upgrade the database schema with
spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service
start
Security Issues:
* CVE-2014-7811
* CVE-2014-7812
Indications:
Everybody should update.
Patch Instructions:
To install this SUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Manager Server:
zypper in -t patch sleman21-suse-manager-21-201502=10309
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Manager Server (x86_64) [New Version: 1.10.2.2,1.5.1,2.1.17,2.1.33.10,2.1.55.15,2.5.69.6 and 5.0.14.6]:
- cobbler-2.2.2-0.54.2
- python-gzipstream-1.10.2.2-0.7.1
- rhnlib-2.5.69.6-0.7.1
- smdba-1.5.1-0.7.1
- spacewalk-backend-2.1.55.15-0.7.3
- spacewalk-backend-app-2.1.55.15-0.7.3
- spacewalk-backend-applet-2.1.55.15-0.7.3
- spacewalk-backend-config-files-2.1.55.15-0.7.3
- spacewalk-backend-config-files-common-2.1.55.15-0.7.3
- spacewalk-backend-config-files-tool-2.1.55.15-0.7.3
- spacewalk-backend-iss-2.1.55.15-0.7.3
- spacewalk-backend-iss-export-2.1.55.15-0.7.3
- spacewalk-backend-libs-2.1.55.15-0.7.3
- spacewalk-backend-package-push-server-2.1.55.15-0.7.3
- spacewalk-backend-server-2.1.55.15-0.7.3
- spacewalk-backend-sql-2.1.55.15-0.7.3
- spacewalk-backend-sql-oracle-2.1.55.15-0.7.3
- spacewalk-backend-sql-postgresql-2.1.55.15-0.7.3
- spacewalk-backend-tools-2.1.55.15-0.7.3
- spacewalk-backend-xml-export-libs-2.1.55.15-0.7.3
- spacewalk-backend-xmlrpc-2.1.55.15-0.7.3
- spacewalk-branding-2.1.33.10-0.7.4
- spacewalksd-5.0.14.6-0.7.3
- susemanager-2.1.17-0.7.1
- susemanager-tools-2.1.17-0.7.1
- tanukiwrapper-3.2.3-0.10.3
- SUSE Manager Server (noarch) [New Version: 1.0.3,1.0.4,1.20.2,1.26.13.2,2.1.0.2,2.1.14.6,2.1.14.8,2.1.14.9,2.1.16.6,2.1.165.14,2.1.2.3,2.1.2.4,2.1.27.12,2.1.5,2.1.5.4,2.1.50.11,2.1.6.5,2.1.60.12,2.1.9,5.11.33.7,5.3.18.4,5.4.22.6 and 5.5.71.7]:
- osa-dispatcher-5.11.33.7-0.7.3
- perl-NOCpulse-Object-1.26.13.2-0.7.4
- perl-Satcon-1.20.2-0.7.1
- rhn-custom-info-5.4.22.6-0.7.4
- rhnmd-5.3.18.4-0.7.3
- rhnpush-5.5.71.7-0.7.5
- sm-ncc-sync-data-2.1.9-0.7.1
- spacewalk-admin-2.1.2.4-0.7.1
- spacewalk-base-2.1.60.12-0.7.3
- spacewalk-base-minimal-2.1.60.12-0.7.3
- spacewalk-base-minimal-config-2.1.60.12-0.7.3
- spacewalk-certs-tools-2.1.6.5-0.7.2
- spacewalk-check-2.1.16.6-0.7.1
- spacewalk-client-setup-2.1.16.6-0.7.1
- spacewalk-client-tools-2.1.16.6-0.7.1
- spacewalk-config-2.1.5.4-0.7.5
- spacewalk-doc-indexes-2.1.2.3-0.7.5
- spacewalk-grail-2.1.60.12-0.7.3
- spacewalk-html-2.1.60.12-0.7.3
- spacewalk-java-2.1.165.14-0.7.4
- spacewalk-java-config-2.1.165.14-0.7.4
- spacewalk-java-lib-2.1.165.14-0.7.4
- spacewalk-java-oracle-2.1.165.14-0.7.4
- spacewalk-java-postgresql-2.1.165.14-0.7.4
- spacewalk-pxt-2.1.60.12-0.7.3
- spacewalk-reports-2.1.14.8-0.7.2
- spacewalk-search-2.1.14.6-0.7.4
- spacewalk-setup-2.1.14.9-0.7.1
- spacewalk-setup-jabberd-2.1.0.2-0.7.1
- spacewalk-sniglets-2.1.60.12-0.7.3
- spacewalk-taskomatic-2.1.165.14-0.7.4
- spacewalk-utils-2.1.27.12-0.7.9
- supportutils-plugin-susemanager-1.0.3-0.5.1
- supportutils-plugin-susemanager-client-1.0.4-0.5.1
- susemanager-client-config_en-pdf-2.1-0.15.6
- susemanager-install_en-pdf-2.1-0.15.6
- susemanager-jsp_en-2.1-0.15.5
- susemanager-manuals_en-2.1-0.15.6
- susemanager-proxy-quick_en-pdf-2.1-0.15.6
- susemanager-reference_en-pdf-2.1-0.15.6
- susemanager-schema-2.1.50.11-0.7.1
- susemanager-sync-data-2.1.5-0.7.1
- susemanager-user_en-pdf-2.1-0.15.6
References:
- http://support.novell.com/security/cve/CVE-2014-7811.html
- http://support.novell.com/security/cve/CVE-2014-7812.html
- https://bugzilla.suse.com/841731
- https://bugzilla.suse.com/858971
- https://bugzilla.suse.com/880022
- https://bugzilla.suse.com/883487
- https://bugzilla.suse.com/884350
- https://bugzilla.suse.com/886421
- https://bugzilla.suse.com/893608
- https://bugzilla.suse.com/896029
- https://bugzilla.suse.com/897723
- https://bugzilla.suse.com/902915
- https://bugzilla.suse.com/903064
- https://bugzilla.suse.com/904703
- https://bugzilla.suse.com/906851
- https://bugzilla.suse.com/908317
- https://bugzilla.suse.com/909724
- https://bugzilla.suse.com/910243
- https://bugzilla.suse.com/910482
- https://bugzilla.suse.com/910494
- https://bugzilla.suse.com/911166
- https://bugzilla.suse.com/911180
- https://bugzilla.suse.com/911272
- https://bugzilla.suse.com/911808
- https://bugzilla.suse.com/912035
- https://bugzilla.suse.com/912057
- https://bugzilla.suse.com/912886
- https://bugzilla.suse.com/913215
- https://bugzilla.suse.com/913221
- https://bugzilla.suse.com/913939
- https://bugzilla.suse.com/914260
- https://bugzilla.suse.com/914437
- https://bugzilla.suse.com/914900
- https://bugzilla.suse.com/915140
- http://download.suse.com/patch/finder/?keywords=633798fcf3e7e5578376389d347f6221