Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server
Announcement ID: | SUSE-SU-2023:4737-1 |
---|---|
Rating: | important |
References: |
|
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves one vulnerability, contains two features and has 30 security fixes can now be installed.
Recommended update for SUSE Manager Proxy and Retail Branch Server 4.3
Description:
This update fixes the following issues:
spacecmd:
- Version 4.3.25-1
- Update translation strings
spacewalk-backend:
- Version 4.3.25-1
- Use the new apache2-mod_wsgi package name
- Set stricter file permissions for config file
- Add table statistics and options to the support config database output
- Add CLM data collection to spacewalk-debug
spacewalk-client-tools:
- Version 4.3.17-1
- Update translation strings
spacewalk-proxy:
- Version 4.3.17-1
- Use the new apache2-mod_wsgi package name
spacewalk-web:
- Version 4.3.36-1
- Safeguard request URLs against tempering (bsc#1216754)
- Improve datetimepicker input formatting
- Improve logging to better capture third-party library issues
- Simplify and modernize password generation logic
- Update webpack to 5.88.2
- Handle new message from subscription-matcher (bsc#1216506)
- Add sanity checks for FQDNs in proxy configuration dialog
- Add option to filter packages by build time in CLM (jsc#SUMA-282)
susemanager-tftpsync-recv:
- Version 4.3.9-1
- Use the new apache2-mod_wsgi package name
- Build with Python 3 and clean up references to Python 2
How to apply this update:
- Log in as root user to the SUSE Manager Proxy or Retail Branch Server.
- Stop the proxy service:
spacewalk-proxy stop
- Apply the patch using either zypper patch or YaST Online Update.
- Start the Spacewalk service:
spacewalk-proxy start
Security update for SUSE Manager Server 4.3
Description:
This update fixes the following issues:
billing-data-service:
- Version 4.3.2-1
- Relax dependency to csp-billing-adapter-service
inter-server-sync:
- Version 0.3.1
- Require at least Go 1.20 for building SUSE packages
spacecmd:
- Version 4.3.25-1
- Update translation strings
spacewalk-backend:
- Version 4.3.25-1
- Use the new apache2-mod_wsgi package name
- Set stricter file permissions for config file
- Add table statistics and options to the support config database output
- Add CLM data collection to spacewalk-debug
spacewalk-client-tools:
- Version 4.3.17-1
- Update translation strings
spacewalk-java:
-
Version 4.3.69-1
-
Security fixes:
- CVE-2023-22644: Sanitize token before logging it (bsc#1210930)
- CVE-2023-22644: Fix permissions for logfiles (bsc#1210928)
- CVE-2023-22644: Log potential sensitive information only in debug mode (bsc#1210928)
- Non security fixes:
- Include in API response reboot_suggested and restart_suggested booleans
- Fix filter ID comparison when attaching filters to a CLM project (bsc#1215949)
- Fix validation of lists with empty defaults in formulas (bsc#1216555)
- Safeguard request URLs against tempering (bsc#1216754)
- Improve logging to better capture third-party library issues
- Fix issue of non-installed package listed as errata package update candidates (bsc#1212904)
- Fix issue with reporting database query pagination
- Update tomcat jars to version greater than 9.0.75
- Fix notification messages email content (bsc#1216041)
- Look for the PAYG CA certificate location in different order to find and import the correct one (bsc#1214759)
- Add salt-api socket timeout to abort stuck taskomatic jobs (bsc#1211649)
- Fix SUSE Linux Enterprise Micro PAYG detection
- Wait for lock to execute SCC sync task (bsc#1216030)
- Fix url pointing to SCC (bsc#1216690)
- Prevent download when a PAYG Server is not compliant
- Fix system.provisionSystem xmlrpc endpoint to calculate host properly (bsc#1215209)
- Include "uuid" as system search xmlrpc results (bsc#1216380)
- Prevent losing Remote Command action result if returned JSON cannot be parsed
- Add PAYG info to UI and rest API
- Add management restrictions to SUMA PAYG when dealing with BYOS instances when no SCC credentials are set
- Fix issue where bad SCC credentials were preventing other credentials to refresh (bsc#1211355)
- Fix conversion to string if branchid is numeric in PXEEvent
- Fix token validation for shared (public) child channels (bsc#1216128)
- Prevent NullPointerException in updateSystemInfo (bsc#1217224)
- Update SCC REST call to register systems in bulk
- Enhance hardware data sent to SCC by memory
- Fix FQDN machine name mapping on proxy configuration
- Fix NullPointerException when creating PXE config for an unmanaged profile (bsc#1217223)
- Add option to filter packages by build time in CLM (jsc#SUMA-282)
- Consider server id when removing invalid erratas from rhnSet (bsc#1204235,bsc#1207012,bsc#1211560)
- Fix createSystemRecord XML-RPC API call so the Cobbler UID is persisted (bsc#1207532)
spacewalk-search:
- Version 4.3.10-1
- Include "uuid" as system search result attribute (bsc#1216380)
spacewalk-web:
- Version 4.3.36-1
- Safeguard request URLs against tempering (bsc#1216754)
- Improve datetimepicker input formatting
- Improve logging to better capture third-party library issues
- Simplify and modernize password generation logic
- Update webpack to 5.88.2
- Handle new message from subscription-matcher (bsc#1216506)
- Add sanity checks for FQDNs in proxy configuration dialog
- Add option to filter packages by build time in CLM (jsc#SUMA-282)
subscription-matcher:
- Version 0.33
- Added missing part numbers (bsc#1216506)
- Ignore subscriptions without any associated products (bsc#1216506)
- Update Guava to version 32.0
susemanager:
- Version 4.3.33-1
- Add bootstrap repository data for SUSE Linux Enterprise Micro 5.5 (bsc#1217038)
susemanager-docs_en:
- Add SUSE Liberty Linux versions 7 and 8 to the supported features matrix in the Client Configuration Guide
- Add support for SUSE Linux Enterprise Micro 5.5 and openSUSE Leap Micro 5.5 clients to the Installation and Upgrade Guide, and to the Client Configuration Guide
- Update Twitter handle reference in documentation user interface
- Update feature table and add legend in the Configuration Management section of the Client Configuration Guide
- Fix parameter name in the Register clients section of the Client Configuration Guide
- Fix links to HTML output of SUSE Linux Enterprise Server 15 SP4 documentation
- Add note about using short hostname in the Quick Start: SAP guide (bsc#1212695)
- Mention the option to install Prometheus on Retail branch servers (bsc#1191143)
- Fix link loop and clarify some server upgrade description details in the Installation and Upgrade Guide (bsc#1214471)
- SUSE Manager 4.3 is based on SUSE Linux Enterprise 15 SP4; update the installation procedure (bsc#1213469)
susemanager-schema:
- Version 4.3.22-1
- Drop special versioned schema files
- Add unique index for rhnpackagechangelogdata table
susemanager-sls:
- Version 4.3.37-1
- Disable dnf_rhui_plugin as it breaks our susemanagerplugin (bsc#1214601)
- Fix susemanagerplugin to not overwrite header fields set by other plugins
- Let the DNF plugin log when a token was set
- Retry loading of pillars from DB on connection error (bsc#1214186)
- Recognize squashfs build results from KIWI (bsc#1216085)
susemanager-sync-data:
- Version 4.3.14-1
- SUSE Linux Enterprise 15 SP4 Long Term Service Pack Support (LTSS)
- Extended Service Pack Overlay Support (ESPOS) for High Performance Computing 15 SP5
- Long Term Service Pack Support (LTSS) for High Performance Computing 15 SP5
- Update Open Enterprise Server to 2023.4 (bsc#1215514)
uyuni-reportdb-schema:
- Version 4.3.8-1
- Provide reportdb upgrade schema path structure
How to apply this update:
- Log in as root user to the SUSE Manager Server.
- Stop the Spacewalk service:
spacewalk-service stop
- Apply the patch using either zypper patch or YaST Online Update.
- Start the Spacewalk service:
spacewalk-service start
Recommended update for apache2-mod_wsgi
Description:
This update fixes the following issues:
apache2-mod_wsgi:
- Ensure the binaries are included in SUSE Manager Server
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4737=1 openSUSE-SLE-15.4-2023-4737=1
-
openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4737=1
-
Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4737=1
-
Public Cloud Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-4737=1
-
SUSE Manager Proxy 4.3 Module 4.3
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-4737=1
-
SUSE Manager Server 4.3 Module 4.3
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-4737=1
Package List:
-
openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
- apache2-mod_wsgi-debuginfo-4.7.1-150400.3.9.4
- apache2-mod_wsgi-debugsource-4.7.1-150400.3.9.4
- apache2-mod_wsgi-4.7.1-150400.3.9.4
-
openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
- apache2-mod_wsgi-debuginfo-4.7.1-150400.3.9.4
- apache2-mod_wsgi-debugsource-4.7.1-150400.3.9.4
- apache2-mod_wsgi-4.7.1-150400.3.9.4
-
Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64)
- apache2-mod_wsgi-debuginfo-4.7.1-150400.3.9.4
- apache2-mod_wsgi-debugsource-4.7.1-150400.3.9.4
- apache2-mod_wsgi-4.7.1-150400.3.9.4
-
Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64)
- apache2-mod_wsgi-debuginfo-4.7.1-150400.3.9.4
- apache2-mod_wsgi-debugsource-4.7.1-150400.3.9.4
- apache2-mod_wsgi-4.7.1-150400.3.9.4
-
SUSE Manager Proxy 4.3 Module 4.3 (x86_64)
- apache2-mod_wsgi-debuginfo-4.7.1-150400.3.9.4
- apache2-mod_wsgi-debugsource-4.7.1-150400.3.9.4
- apache2-mod_wsgi-4.7.1-150400.3.9.4
-
SUSE Manager Proxy 4.3 Module 4.3 (noarch)
- python3-spacewalk-client-tools-4.3.17-150400.3.21.6
- susemanager-tftpsync-recv-4.3.9-150400.3.9.5
- spacewalk-proxy-salt-4.3.17-150400.3.23.5
- spacecmd-4.3.25-150400.3.30.5
- python3-spacewalk-check-4.3.17-150400.3.21.6
- spacewalk-proxy-management-4.3.17-150400.3.23.5
- spacewalk-proxy-broker-4.3.17-150400.3.23.5
- spacewalk-proxy-common-4.3.17-150400.3.23.5
- spacewalk-check-4.3.17-150400.3.21.6
- spacewalk-proxy-redirect-4.3.17-150400.3.23.5
- spacewalk-base-minimal-4.3.36-150400.3.36.7
- spacewalk-backend-4.3.25-150400.3.33.7
- python3-spacewalk-client-setup-4.3.17-150400.3.21.6
- spacewalk-client-tools-4.3.17-150400.3.21.6
- spacewalk-proxy-package-manager-4.3.17-150400.3.23.5
- spacewalk-base-minimal-config-4.3.36-150400.3.36.7
- spacewalk-client-setup-4.3.17-150400.3.21.6
-
SUSE Manager Server 4.3 Module 4.3 (ppc64le s390x x86_64)
- apache2-mod_wsgi-debugsource-4.7.1-150400.3.9.4
- inter-server-sync-debuginfo-0.3.1-150400.3.24.5
- apache2-mod_wsgi-4.7.1-150400.3.9.4
- susemanager-4.3.33-150400.3.42.4
- inter-server-sync-0.3.1-150400.3.24.5
- apache2-mod_wsgi-debuginfo-4.7.1-150400.3.9.4
- susemanager-tools-4.3.33-150400.3.42.4
-
SUSE Manager Server 4.3 Module 4.3 (noarch)
- uyuni-config-modules-4.3.37-150400.3.37.5
- spacewalk-search-4.3.10-150400.3.15.4
- spacecmd-4.3.25-150400.3.30.5
- spacewalk-backend-iss-4.3.25-150400.3.33.7
- spacewalk-java-config-4.3.69-150400.3.69.5
- susemanager-sync-data-4.3.14-150400.3.17.5
- spacewalk-backend-tools-4.3.25-150400.3.33.7
- spacewalk-java-lib-4.3.69-150400.3.69.5
- spacewalk-backend-package-push-server-4.3.25-150400.3.33.7
- spacewalk-html-4.3.36-150400.3.36.7
- subscription-matcher-0.33-150400.3.16.3
- billing-data-service-4.3.2-150400.10.12.5
- python3-spacewalk-client-tools-4.3.17-150400.3.21.6
- spacewalk-java-4.3.69-150400.3.69.5
- spacewalk-backend-config-files-common-4.3.25-150400.3.33.7
- uyuni-reportdb-schema-4.3.8-150400.3.9.6
- spacewalk-base-minimal-4.3.36-150400.3.36.7
- spacewalk-java-postgresql-4.3.69-150400.3.69.5
- spacewalk-backend-4.3.25-150400.3.33.7
- spacewalk-backend-app-4.3.25-150400.3.33.7
- spacewalk-client-tools-4.3.17-150400.3.21.6
- spacewalk-base-4.3.36-150400.3.36.7
- spacewalk-taskomatic-4.3.69-150400.3.69.5
- susemanager-sls-4.3.37-150400.3.37.5
- spacewalk-backend-iss-export-4.3.25-150400.3.33.7
- susemanager-schema-utility-4.3.22-150400.3.30.5
- spacewalk-backend-applet-4.3.25-150400.3.33.7
- spacewalk-backend-config-files-tool-4.3.25-150400.3.33.7
- spacewalk-backend-xml-export-libs-4.3.25-150400.3.33.7
- spacewalk-backend-xmlrpc-4.3.25-150400.3.33.7
- susemanager-docs_en-pdf-4.3-150400.9.50.5
- spacewalk-backend-sql-4.3.25-150400.3.33.7
- spacewalk-backend-server-4.3.25-150400.3.33.7
- susemanager-docs_en-4.3-150400.9.50.5
- susemanager-schema-4.3.22-150400.3.30.5
- spacewalk-backend-config-files-4.3.25-150400.3.33.7
- spacewalk-backend-sql-postgresql-4.3.25-150400.3.33.7
- spacewalk-base-minimal-config-4.3.36-150400.3.36.7
References:
- https://www.suse.com/security/cve/CVE-2023-22644.html
- https://bugzilla.suse.com/show_bug.cgi?id=1191143
- https://bugzilla.suse.com/show_bug.cgi?id=1204235
- https://bugzilla.suse.com/show_bug.cgi?id=1207012
- https://bugzilla.suse.com/show_bug.cgi?id=1207532
- https://bugzilla.suse.com/show_bug.cgi?id=1210928
- https://bugzilla.suse.com/show_bug.cgi?id=1210930
- https://bugzilla.suse.com/show_bug.cgi?id=1211355
- https://bugzilla.suse.com/show_bug.cgi?id=1211560
- https://bugzilla.suse.com/show_bug.cgi?id=1211649
- https://bugzilla.suse.com/show_bug.cgi?id=1212695
- https://bugzilla.suse.com/show_bug.cgi?id=1212904
- https://bugzilla.suse.com/show_bug.cgi?id=1213469
- https://bugzilla.suse.com/show_bug.cgi?id=1214186
- https://bugzilla.suse.com/show_bug.cgi?id=1214471
- https://bugzilla.suse.com/show_bug.cgi?id=1214601
- https://bugzilla.suse.com/show_bug.cgi?id=1214759
- https://bugzilla.suse.com/show_bug.cgi?id=1215209
- https://bugzilla.suse.com/show_bug.cgi?id=1215514
- https://bugzilla.suse.com/show_bug.cgi?id=1215949
- https://bugzilla.suse.com/show_bug.cgi?id=1216030
- https://bugzilla.suse.com/show_bug.cgi?id=1216041
- https://bugzilla.suse.com/show_bug.cgi?id=1216085
- https://bugzilla.suse.com/show_bug.cgi?id=1216128
- https://bugzilla.suse.com/show_bug.cgi?id=1216380
- https://bugzilla.suse.com/show_bug.cgi?id=1216506
- https://bugzilla.suse.com/show_bug.cgi?id=1216555
- https://bugzilla.suse.com/show_bug.cgi?id=1216690
- https://bugzilla.suse.com/show_bug.cgi?id=1216754
- https://bugzilla.suse.com/show_bug.cgi?id=1217038
- https://bugzilla.suse.com/show_bug.cgi?id=1217223
- https://bugzilla.suse.com/show_bug.cgi?id=1217224
- https://jira.suse.com/browse/MSQA-708
- https://jira.suse.com/browse/SUMA-282