Security update for SUSE Manager Server 3.2

SUSE Security Update: Security update for SUSE Manager Server 3.2
Announcement ID: SUSE-SU-2019:1703-1
Rating: moderate
References: #1117017 #1125090 #1128061 #1128838 #1129079 #1130492 #1130551 #1131423 #1131704 #1131780 #1131867 #1131929 #1131954 #1132103 #1132197 #1133424 #1133587 #1133629 #1134195 #1134876 #1135166 #1136029 #1136102 #1136250 #1136423
Cross-References: CVE-2019-3684
Affected Products:
  • SUSE Manager Server 3.2
  • SUSE Manager Proxy 3.2

An update that solves one vulnerability and has 24 fixes is now available.

Description:


This update fixes the following issues:
cobbler:

  • Removes string replace for textmode fix (bsc#1134195)

py26-compat-salt:
  • Avoid syntax error on yumpkg module running on Python 2.6 (bsc#1136250)
  • Use ThreadPool from multiprocessing.pool to avoid leakins when calculating FQDNs
  • Fix usermod options for SLE11 (bsc#1117017)
  • Do not report patches as installed on RHEL systems when not all the related packages are installed (bsc#1128061)
  • Do not include "ordereddict" and "singledispatch" on the thin for Python 2.6 systems.
  • Fix paths for py26-compat dependencies on SLE15 and newer
  • Port optimization_order config parameter (bsc#1131423)
  • Use special tornado and msgpack-python compat packages on sles15sp1 and greater in py26-compat-salt.conf (bsc#1131423)
  • Add missing py26 thin dependencies
  • Calculate the "FQDNs" grains in parallel to avoid long blocking (bsc#1129079)

salt-netapi-client:
  • Add workaround for Salt issue 52762
  • Version 0.16.0 see https://github.com/SUSE/salt-netapi-client/releases/tag/v0.16.0

spacewalk-backend:
  • Fix spacewalk-repo-sync for Ubuntu repositories in mirror case (bsc#1136029)
  • Use new names in code for client tool packages which were renamed (bsc#1134876)
  • Fix HTTP headers handling to avoid duplicated entries (bsc#1125090)
  • Use suseLib.get_proxy to get the HTTP proxy configuration properly on DEB repos (bsc#1133424)

spacewalk-certs-tools:
  • Fix missing quotation in bootstrap script (bsc#1136423)
  • Add new packages names to instructions for adding remote configuration support for traditional clients
  • Print error message instead of stacktrace for client_config_update.py

spacewalk-config:
  • Fix config declaration for rhn.conf (bsc#1132197)

spacewalk-java:
  • Remove the 'Returning' clause from the query as oracle doesn't support it (bsc#1135166)
  • Use new names in code for client tool packages which were renamed (bsc#1134876)
  • Handle the different retcodes that are being returned when salt module is not available (bsc#1131704)
  • Do not implicitly set parent channel when cloning (bsc#1130492)
  • Prevent Actions that were actually completed to be displayed as "in progress" forever (bsc#1131780)
  • Enable batching mode for salt synchronous calls
  • Show minion id in System Details GUI and API
  • Do not report Provisioning installed product to subscription matcher (bsc#1128838)
  • Fix product package conflicts with SLES for SAP systems (bsc#1130551)
  • Add support for Salt batch execution mode
  • Fix NPE on remote commands when no targets match (bsc1123375)
  • Fix apidoc return order on mergePackages
  • Take into account only synced products when scheduling SP migration from the API (bsc#1131929)

spacewalk-web:
  • Change WebUI string version to 3.2.8

susemanager:
  • Make swap files readable only by root (bsc#1131954, CVE-2019-3684)
  • Do not show false errors when configuring swapfile during setup
  • Create bootstrap repo for new Red Hat channels (bsc#1133587)

susemanager-docs_en:
  • Minion ID is visible in System Info box.
  • Managing Systems Completely via SSH now fully supported (bsc#1131867).

susemanager-schema:
  • Copy 3.1 schema migrations to 3.2 to be able to migrate from an older schema version to 3.2
  • Add support for Salt batch execution mode

susemanager-sls:
  • Add support for Salt batch execution mode

susemanager-sync-data:
  • Add SLES11 SP4 LTSS channels for SLES for SAP (bsc#1133629)
  • Add SLES11 SP4 LTSS channels for ppc64 (bsc#1132103)

zypp-plugin-spacewalk:
  • Fix python syntax error in distupgrade (bsc#1136102)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Manager Server 3.2:
    zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-1703=1
  • SUSE Manager Proxy 3.2:
    zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-1703=1

Package List:

  • SUSE Manager Server 3.2 (ppc64le s390x x86_64):
    • susemanager-3.2.18-3.25.2
    • susemanager-tools-3.2.18-3.25.2
  • SUSE Manager Server 3.2 (noarch):
    • cobbler-2.6.6-6.19.1
    • py26-compat-salt-2016.11.10-6.26.1
    • python2-spacewalk-certs-tools-2.8.8.10-3.11.1
    • salt-netapi-client-0.16.0-4.11.1
    • spacewalk-backend-2.8.57.16-3.30.1
    • spacewalk-backend-app-2.8.57.16-3.30.1
    • spacewalk-backend-applet-2.8.57.16-3.30.1
    • spacewalk-backend-config-files-2.8.57.16-3.30.1
    • spacewalk-backend-config-files-common-2.8.57.16-3.30.1
    • spacewalk-backend-config-files-tool-2.8.57.16-3.30.1
    • spacewalk-backend-iss-2.8.57.16-3.30.1
    • spacewalk-backend-iss-export-2.8.57.16-3.30.1
    • spacewalk-backend-libs-2.8.57.16-3.30.1
    • spacewalk-backend-package-push-server-2.8.57.16-3.30.1
    • spacewalk-backend-server-2.8.57.16-3.30.1
    • spacewalk-backend-sql-2.8.57.16-3.30.1
    • spacewalk-backend-sql-oracle-2.8.57.16-3.30.1
    • spacewalk-backend-sql-postgresql-2.8.57.16-3.30.1
    • spacewalk-backend-tools-2.8.57.16-3.30.1
    • spacewalk-backend-xml-export-libs-2.8.57.16-3.30.1
    • spacewalk-backend-xmlrpc-2.8.57.16-3.30.1
    • spacewalk-base-2.8.7.16-3.27.1
    • spacewalk-base-minimal-2.8.7.16-3.27.1
    • spacewalk-base-minimal-config-2.8.7.16-3.27.1
    • spacewalk-certs-tools-2.8.8.10-3.11.1
    • spacewalk-config-2.8.5.7-3.16.1
    • spacewalk-html-2.8.7.16-3.27.1
    • spacewalk-java-2.8.78.22-3.32.1
    • spacewalk-java-config-2.8.78.22-3.32.1
    • spacewalk-java-lib-2.8.78.22-3.32.1
    • spacewalk-java-oracle-2.8.78.22-3.32.1
    • spacewalk-java-postgresql-2.8.78.22-3.32.1
    • spacewalk-taskomatic-2.8.78.22-3.32.1
    • susemanager-advanced-topics_en-pdf-3.2-11.26.1
    • susemanager-best-practices_en-pdf-3.2-11.26.1
    • susemanager-docs_en-3.2-11.26.1
    • susemanager-getting-started_en-pdf-3.2-11.26.1
    • susemanager-jsp_en-3.2-11.26.1
    • susemanager-reference_en-pdf-3.2-11.26.1
    • susemanager-schema-3.2.19-3.25.1
    • susemanager-sls-3.2.25-3.29.1
    • susemanager-sync-data-3.2.15-3.23.1
    • susemanager-web-libs-2.8.7.16-3.27.1
  • SUSE Manager Proxy 3.2 (noarch):
    • python2-rhncfg-5.10.122.3-3.3.1
    • python2-rhncfg-actions-5.10.122.3-3.3.1
    • python2-rhncfg-client-5.10.122.3-3.3.1
    • python2-rhncfg-management-5.10.122.3-3.3.1
    • python2-spacewalk-certs-tools-2.8.8.10-3.11.1
    • python2-zypp-plugin-spacewalk-1.0.5-3.7.1
    • rhncfg-5.10.122.3-3.3.1
    • rhncfg-actions-5.10.122.3-3.3.1
    • rhncfg-client-5.10.122.3-3.3.1
    • rhncfg-management-5.10.122.3-3.3.1
    • spacewalk-backend-2.8.57.16-3.30.1
    • spacewalk-backend-libs-2.8.57.16-3.30.1
    • spacewalk-base-minimal-2.8.7.16-3.27.1
    • spacewalk-base-minimal-config-2.8.7.16-3.27.1
    • spacewalk-certs-tools-2.8.8.10-3.11.1
    • spacewalk-proxy-broker-2.8.5.5-3.6.2
    • spacewalk-proxy-common-2.8.5.5-3.6.2
    • spacewalk-proxy-installer-2.8.6.6-3.12.1
    • spacewalk-proxy-management-2.8.5.5-3.6.2
    • spacewalk-proxy-package-manager-2.8.5.5-3.6.2
    • spacewalk-proxy-redirect-2.8.5.5-3.6.2
    • spacewalk-proxy-salt-2.8.5.5-3.6.2
    • susemanager-web-libs-2.8.7.16-3.27.1
    • zypp-plugin-spacewalk-1.0.5-3.7.1

References: