Security update for SUSE Manager Server 3.2

SUSE Security Update: Security update for SUSE Manager Server 3.2
Announcement ID: SUSE-SU-2018:4011-1
Rating: moderate
References: #1041999 #1080474 #1083094 #1104487 #1105359 #1105724 #1106430 #1106626 #1107869 #1109235 #1110361 #1110625 #1111247 #1111249 #1111387 #1111497 #1111542 #1111810 #1111966 #1112163 #1112445 #1112754 #1113557 #1113747 #1114181 #1114362 #1114814 #1114991 #1115449 #1116517
Cross-References: CVE-2018-11761
Affected Products:
  • SUSE Manager Server 3.2
  • SUSE Manager Proxy 3.2

An update that solves one vulnerability and has 29 fixes is now available.

Description:


This update fixes the following issues:
apache-mybatis:

  • Install missing LICENSE.txt file (bsc#1114814)

cobbler:
  • Fix service restart after logrotate for cobblerd (bsc#1113747)
  • Rotate cobbler logs at higher frequency to prevent disk fillup (bsc#1113747)

hadoop:
  • Install missing LICENSE.txt file (bsc#1114814)

image-sync-formula:
  • Handle empty images pillar (bsc#1105359)

lucene:
  • Install missing LICENSE.txt file (bsc#1114814)

nekohtml:
  • Install missing LICENSE.txt file (bsc#1114814)

nutch-core:
  • Install missing LICENSE.txt file (bsc#1114814)
  • Add conditional requirement for java 1.8
  • Use java >= 1.8 - required by tika 0.19.1 to /var/log/nutch (bsc#1107869)
  • Add new tarball file for v1.0.1
  • Bump up version to 1.0.1 and fix paths
  • Adjustments after upgrade of tika-core to v1.19

picocontainer:
  • Install missing LICENSE.txt file (bsc#1114814)

python-susemanager-retail:
  • Improve error reporting on duplicate systems
  • Output partition size as int (bsc#1116517)
  • Start partition numbers from 1
  • Warn on long group names
  • Improved logging support
  • Add retail_yaml --only-new option
  • Print import summary (bsc#1112754)
  • Add retail_migration tool
  • Check for duplicate addresses in yaml (bsc#1111497)

salt-netapi-client:
  • Version 0.15.0 See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.15.0

saltboot-formula:
  • Send pxe_update by external command to make sure it is finished (bsc#1111387)
  • Better error message on missing partitioning pillar (bsc#1110625)

spacecmd:
  • Show group id on group_details (bsc#1111542)
  • State channels handling: Existing commands configchannel_create and configchannel_import were updated while system_scheduleapplyconfigchannels and configchannel_updateinitsls were added.

spacewalk-branding:
  • Automatic cleanup of notification messages after a configurable lifetime
  • ActivationKey base and child channel in a reactjs component
  • New messages are added for XMLRPC API for state channels

spacewalk-config:
  • Add permissions for tomcat & apache to check bootstrap ssh file (bsc#1114181)

spacewalk-java:
  • Improve return value and errors thrown for system.createEmptyProfile XMLRPC endpoint
  • Fix scheduling jobs to prevent forever pending events (bsc#1114991)
  • Performance improvements for group listings and detail page (bsc#1111810)
  • Fix wrong counts of systems currency reports when a system belongs to more than one group (bsc#1114362)
  • Add check if ssh-file permissions are correct (bsc#1114181)
  • Increase maximum number of threads and open files for taskomatic (bsc#1111966)
  • When removing cobbler system record, lookup by mac address as well if lookup by id fails(bsc#1110361)
  • Allow listing empty system profiles via XMLRPC
  • Automatic cleanup of notification messages after a configurable lifetime
  • Different methods have been refactored in tomcat/taskomatic for better performance(bsc#1106430)
  • Do not try cleanup when deleting empty system profiles (bsc#1111247)
  • Better error handling when a websocket connection is aborted (bsc#1080474)
  • Change Requires to allow installing with both Tomcat 8 (SLE-12SP3) and 9 (SLE12-SP4)
  • ActivationKey base and child channel in a reactjs component
  • Fix typo in messages (bsc#1111249)
  • Cleanup formula data and assignment when migrating formulas or when removing system
  • Remove restrictions on SUSE Manager Channel subscriptions (bsc#1105724)
  • Added shortcut for editing Software Channel
  • Fix permissions check on formula list api call (bsc#1106626)
  • Add sp migration dry runs to the daily status report (bsc#1083094)

spacewalk-search:
  • Fix nutch-core path (bsc#1112445)

spacewalk-setup:
  • Increase maximum number of threads and open files for taskomatic (bsc#1111966)

spacewalk-utils:
  • Fix typo at --phases option help

spacewalk-web:
  • Make datetimepicker update displayed time (bsc#1041999)
  • Show human-readable system cleanup error messages
  • ActivationKey base and child channel in a reactjs component
  • Fix typo in messages (bsc#1111249)

susemanager:
  • Add new option --with-parent-channel to mgr-create-bootrap-repo to specify parent channel to use if multiple options are available (bsc#1104487)

susemanager-docs_en:
  • Update text and image files.
  • Add information about SLE12 SP4 as base OS for Server and Proxy

susemanager-frontend-libs:
  • Fix package version (bsc#1115449)

susemanager-schema:
  • Automatic cleanup of notification messages after a configurable lifetime
  • Add missing minion-action-chain-cleanup to db init scripts

susemanager-sls:
  • Deploy SSL certificate during onboarding of openSUSE Leap 15.0 (bsc#1112163)

susemanager-sync-data:
  • SUSE OpenStack Cloud 9 enablement (bsc#1113557)
  • Add SUSE Manager 3.1 and 3.2 to SLES12 SP4

tika-core:
  • Fix improper XML parsing to prevent DoS attacks (CVE-2018-11761) (bsc#1109235)
  • Install missing LICENSE.txt file (bsc#1114814)
  • New upstream version (0.19.1)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Manager Server 3.2:
    zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2018-2869=1
  • SUSE Manager Proxy 3.2:
    zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2018-2869=1

Package List:

  • SUSE Manager Server 3.2 (ppc64le s390x x86_64):
    • spacewalk-branding-2.8.5.12-3.10.4
    • susemanager-3.2.14-3.13.3
    • susemanager-tools-3.2.14-3.13.3
  • SUSE Manager Server 3.2 (noarch):
    • apache-mybatis-3.2.3-3.3.3
    • cobbler-2.6.6-6.10.3
    • hadoop-0.18.1-3.3.3
    • image-sync-formula-0.1.1542287363.b8aa274-3.6.3
    • lucene-2.4.1-4.3.3
    • nekohtml-1.9.21-3.3.3
    • nutch-core-1.0.1-7.10.3
    • picocontainer-1.3.7-3.3.3
    • python-susemanager-retail-1.0.1542643545.8752d17-2.6.3
    • salt-netapi-client-0.15.0-4.3.3
    • saltboot-formula-0.1.1542287363.b8aa274-3.6.3
    • spacecmd-2.8.25.7-3.9.3
    • spacewalk-base-2.8.7.11-3.13.3
    • spacewalk-base-minimal-2.8.7.11-3.13.3
    • spacewalk-base-minimal-config-2.8.7.11-3.13.3
    • spacewalk-config-2.8.5.5-3.10.3
    • spacewalk-html-2.8.7.11-3.13.3
    • spacewalk-java-2.8.78.13-3.13.1
    • spacewalk-java-config-2.8.78.13-3.13.1
    • spacewalk-java-lib-2.8.78.13-3.13.1
    • spacewalk-java-oracle-2.8.78.13-3.13.1
    • spacewalk-java-postgresql-2.8.78.13-3.13.1
    • spacewalk-search-2.8.3.7-3.12.3
    • spacewalk-setup-2.8.7.5-3.10.3
    • spacewalk-taskomatic-2.8.78.13-3.13.1
    • spacewalk-utils-2.8.18.3-3.3.3
    • susemanager-advanced-topics_en-pdf-3.2-11.12.3
    • susemanager-best-practices_en-pdf-3.2-11.12.3
    • susemanager-docs_en-3.2-11.12.3
    • susemanager-frontend-libs-3.2.4-3.7.3
    • susemanager-getting-started_en-pdf-3.2-11.12.3
    • susemanager-jsp_en-3.2-11.12.3
    • susemanager-reference_en-pdf-3.2-11.12.3
    • susemanager-retail-tools-1.0.1542643545.8752d17-2.6.3
    • susemanager-schema-3.2.15-3.13.3
    • susemanager-sls-3.2.18-3.13.3
    • susemanager-sync-data-3.2.10-3.9.3
    • tika-core-1.19.1-3.3.3
  • SUSE Manager Proxy 3.2 (noarch):
    • spacewalk-base-minimal-2.8.7.11-3.13.3
    • spacewalk-base-minimal-config-2.8.7.11-3.13.3

References: