Security update for POS_Image3, POS_Server3

Announcement ID:	SUSE-SU-2016:2627-1
Rating:	moderate
References:	bsc#1003374 bsc#1003376 bsc#1003383 bsc#840279 bsc#883017 bsc#887607 bsc#889665 bsc#890002 bsc#927232 bsc#944292 bsc#946740 bsc#979925 bsc#985979 bsc#989247
Affected Products:	SUSE Linux Enterprise Point of Service 11 SP3

An update that has 14 security fixes can now be installed.

Description:

This update provides POS_Image3 and POS_Server3 version 3.5.5, which bring many fixes and enhancements:

• Fixed potential security issues (bsc#946740)
• use three argument perl open function consistently
• use array in perl system call everywhere
• use preferably perl built-in functions instead of external shell commands
• improved validation of uploaded files from terminals to BS
• improved runcmd code used for calling external commands
• Auto-registration should not start before dhcpd is ready (bsc#1003383)
• Fixed handling of HTTP redirects in registerImages (bsc#1003376)
• Fixed handling x86_64 images (bsc#1003374)
• Do not limit number of entries for BS LDAP (bsc#985979)
• Increase max wait time to 10mins (bsc#989247)
• Infer service IP when only one BS NIC is specified in LDAP (bsc#927232)
• Fixed regression in directly referenced image in scWorkstation object (bsc#979925)
• Fixed handling deltas of compressed images in registerImages (bsc#887607)
• Fixed posleases to handle stop event correctly (bsc#883017)
• Fixed save_poslogs utility to dump LDAP content on BS (bsc#890002)
• Do not configure authoritative DNS outside netmask (bsc#889665)
• Add ipHostNumber field to services in posAdmin-GUI (bsc#944292)
• Fixed multival modification in posAdmin (bsc#840279)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Point of Service 11 SP3
  zypper in -t patch sleposp3-POS_Image3-12817=1

Package List:

• SUSE Linux Enterprise Point of Service 11 SP3 (noarch)
  • POS_Image3-3.5.5-18.1
  • POS_Image-Netboot-hooks-3.4.0-18.1
  • POS_Image-Tools-3.4.0-18.1
  • POS_Image-Minimal3-3.4.0-18.1
• SUSE Linux Enterprise Point of Service 11 SP3 (x86_64 i586)
  • POS_Server-AdminTools3-3.5.5-18.1
  • POS_Migration-3.5.5-18.1
  • POS_Server-AdminGUI-3.5.5-18.1
  • admind-1.9-18.1
  • POS_Server3-3.5.5-18.1
  • POS_Server-Admin3-3.5.5-18.1
  • posbios-1.0-18.1
  • POS_Server-Modules3-3.5.5-18.1
  • admind-client-1.9-18.1
  • POS_Server-BranchTools3-3.5.5-18.1

References:

• https://bugzilla.suse.com/show_bug.cgi?id=1003374
• https://bugzilla.suse.com/show_bug.cgi?id=1003376
• https://bugzilla.suse.com/show_bug.cgi?id=1003383
• https://bugzilla.suse.com/show_bug.cgi?id=840279
• https://bugzilla.suse.com/show_bug.cgi?id=883017
• https://bugzilla.suse.com/show_bug.cgi?id=887607
• https://bugzilla.suse.com/show_bug.cgi?id=889665
• https://bugzilla.suse.com/show_bug.cgi?id=890002
• https://bugzilla.suse.com/show_bug.cgi?id=927232
• https://bugzilla.suse.com/show_bug.cgi?id=944292
• https://bugzilla.suse.com/show_bug.cgi?id=946740
• https://bugzilla.suse.com/show_bug.cgi?id=979925
• https://bugzilla.suse.com/show_bug.cgi?id=985979
• https://bugzilla.suse.com/show_bug.cgi?id=989247