Security update for SUSE Manager Client Tools

SUSE Security Update: Security update for SUSE Manager Client Tools
Announcement ID: SUSE-SU-2019:14163-1
Rating: moderate
References: #1103696 #1104034 #1130040 #1135881 #1136029 #1136480 #1137715 #1137940 #1138313 #1138358 #1138494 #1138822 #1139453 #1142038 #1143856 #1144155 #1144889 #1148125 #1148177 #1148311
Cross-References: CVE-2019-10136
Affected Products:
  • SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS
  • SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS

An update that solves one vulnerability and has 19 fixes is now available.

Description:


This update fixes the following issues:
mgr-cfg:

  • Ensure bytes type when using hashlib to avoid traceback (bsc#1138822)

mgr-daemon:
  • Fix systemd timer configuration on SLE12 (bsc#1142038)

mgr-osad:
  • Fix obsolete for old osad packages, to allow installing mgr-osad even by using osad at yum/zyppper install (bsc#1139453)
  • Ensure bytes type when using hashlib to avoid traceback (bsc#1138822)

mgr-virtualization:
  • Fix missing python 3 ugettext (bsc#1138494)
  • Fix package dependencies to prevent file conflict (bsc#1143856)

rhnlib:
  • Add SNI support for clients
  • Fix initialize ssl connection (bsc#1144155)
  • Fix bootstrapping SLE11SP4 trad client with SSL enabled (bsc#1148177)

python-gzipstream:
  • SPEC cleanup
  • add makefile and pylint configuration
  • Add Uyuni URL to package
  • Bump version to 4.0.0 (bsc#1104034)
  • Fix copyright for the package specfile (bsc#1103696)

spacecmd:
  • Bugfix: referenced variable before assignment.
  • Bugfix: 'dict' object has no attribute 'iteritems' (bsc#1135881)
  • Add unit tests for custominfo, snippet, scap, ssm, cryptokey and distribution
  • Fix missing runtime dependencies that made spacecmd return old versions of packages in some cases, even if newer ones were available (bsc#1148311)


spacewalk-backend:
  • Do not overwrite comps and module data with older versions
  • Fix issue with "dists" keyword in url hostname
  • Import packages from all collections of a patch not just first one
  • Ensure bytes type when using hashlib to avoid traceback on XMLRPC call to "registration.register_osad" (bsc#1138822)
  • Do not duplicate "http://" protocol when using proxies with "deb" repositories (bsc#1138313)
  • Fix reposync when dealing with RedHat CDN (bsc#1138358)
  • Fix for CVE-2019-10136. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum. (bsc#1136480)
  • Prevent FileNotFoundError: repomd.xml.key traceback (bsc#1137940)
  • Add journalctl output to spacewalk-debug tarballs
  • Prevent unnecessary triggering of channel-repodata tasks when GPG signing is disabled (bsc#1137715)
  • Fix spacewalk-repo-sync for Ubuntu repositories in mirror case (bsc#1136029)
  • Add support for ULN repositories on new Zypper based reposync.
  • Don't skip Deb package tags on package import (bsc#1130040)
  • For backend-libs subpackages, exclude files for the server (already part of spacewalk-backend) to avoid conflicts (bsc#1148125)
  • prevent duplicate key violates on repo-sync with long changelog entries (bsc#1144889)

spacewalk-remote-utils:
  • Add RHEL8

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS:
    zypper in -t patch slesctsp4-client-tools-201907-14163=1
  • SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS:
    zypper in -t patch slesctsp3-client-tools-201907-14163=1

Package List:

  • SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64):
    • mgr-cfg-4.0.9-5.6.3
    • mgr-cfg-actions-4.0.9-5.6.3
    • mgr-cfg-client-4.0.9-5.6.3
    • mgr-cfg-management-4.0.9-5.6.3
    • mgr-daemon-4.0.7-5.8.2
    • mgr-daemon-debuginfo-4.0.7-5.8.2
    • mgr-daemon-debugsource-4.0.7-5.8.2
    • mgr-osad-4.0.9-5.6.2
    • mgr-virtualization-host-4.0.8-5.8.3
    • python2-mgr-cfg-4.0.9-5.6.3
    • python2-mgr-cfg-actions-4.0.9-5.6.3
    • python2-mgr-cfg-client-4.0.9-5.6.3
    • python2-mgr-cfg-management-4.0.9-5.6.3
    • python2-mgr-osa-common-4.0.9-5.6.2
    • python2-mgr-osad-4.0.9-5.6.2
    • python2-mgr-virtualization-common-4.0.8-5.8.3
    • python2-mgr-virtualization-host-4.0.8-5.8.3
    • python2-rhnlib-4.0.11-12.16.1
    • spacecmd-4.0.14-18.51.1
    • spacewalk-backend-libs-4.0.25-28.42.1
  • SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (noarch):
    • spacewalk-remote-utils-4.0.5-6.12.2
  • SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64):
    • mgr-cfg-4.0.9-5.6.3
    • mgr-cfg-actions-4.0.9-5.6.3
    • mgr-cfg-client-4.0.9-5.6.3
    • mgr-cfg-management-4.0.9-5.6.3
    • mgr-daemon-4.0.7-5.8.2
    • mgr-daemon-debuginfo-4.0.7-5.8.2
    • mgr-daemon-debugsource-4.0.7-5.8.2
    • mgr-osad-4.0.9-5.6.2
    • mgr-virtualization-host-4.0.8-5.8.3
    • python2-mgr-cfg-4.0.9-5.6.3
    • python2-mgr-cfg-actions-4.0.9-5.6.3
    • python2-mgr-cfg-client-4.0.9-5.6.3
    • python2-mgr-cfg-management-4.0.9-5.6.3
    • python2-mgr-osa-common-4.0.9-5.6.2
    • python2-mgr-osad-4.0.9-5.6.2
    • python2-mgr-virtualization-common-4.0.8-5.8.3
    • python2-mgr-virtualization-host-4.0.8-5.8.3
    • python2-rhnlib-4.0.11-12.16.1
    • spacecmd-4.0.14-18.51.1
    • spacewalk-backend-libs-4.0.25-28.42.1
  • SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (noarch):
    • spacewalk-remote-utils-4.0.5-6.12.2

References: