Maintenance update for SUSE Manager 4.2: Server, Proxy and Retail Branch Server

Announcement ID: SUSE-RU-2023:2595-1
Rating: moderate
References:
Cross-References:
CVSS scores:
  • CVE-2023-22644 ( NVD ): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Affected Products:
  • SUSE Manager Proxy 4.2
  • SUSE Manager Proxy 4.2 Module 4.2
  • SUSE Manager Retail Branch Server 4.2
  • SUSE Manager Server 4.2
  • SUSE Manager Server 4.2 Module 4.2

An update that solves one vulnerability, contains one feature and has 36 recommended fixes can now be installed.

Recommended update for SUSE Manager Proxy and Retail Branch Server 4.2

Description:

This update fixes the following issues:

spacecmd:

  • Version 4.2.23-1
  • Fix argument parsing of distribution_update (bsc#1210458)

spacewalk-backend:

  • Version 4.2.28-1
  • Filter CLM modular packages using release strings (bsc#1207814)
  • Add package details to reposync error logging

spacewalk-certs-tools:

  • Version 4.2.20-1
  • Update translations

spacewalk-proxy-installer:

  • version 4.3.11-1
  • Fix squid refresh_pattern for "venv-enabled-*.txt" files to avoid serving outdated version of the file (bsc#1211956)

spacewalk-ssl-cert-check:

  • Version 4.2.3-1
  • Update translations

spacewalk-web:

  • Version 4.2.35-1
  • Show loading indicator on formula details pages (bsc#1179747)
  • Increase datetimepicker font sizes (bsc#1210437)
  • Fix an issue where the datetimepicker shows wrong date (bsc#1209231)

susemanager-build-keys:

  • Version 15.3.9
  • add SUSE Liberty v2 key (bsc#1212096)
  • add Debian 12 (bookworm) GPG keys (bsc#1212363)
  • add new 4096 bit RSA SUSE Package Hub key
  • Version 15.3.8
  • Fix installation of SUSE Linux Enterprise 15 RSA reserve build key
  • Add new 4096 bit RSA openSUSE build key gpg-pubkey-29b700a4.asc

How to apply this update:

  1. Log in as root user to the SUSE Manager Proxy or Retail Branch Server.
  2. Stop the proxy service: spacewalk-proxy stop
  3. Apply the patch using either zypper patch or YaST Online Update.
  4. Start the Spacewalk service: spacewalk-proxy start

Security update for SUSE Manager Server 4.2

Description:

This update fixes the following issues:

branch-network-formula:

  • Update to version 0.1.1680167239.23f2fec
  • Remove unnecessary import of "salt.ext.six"

cpu-mitigations-formula:

  • Update to version 0.5.0:
  • Mark all SUSE Linux Enterprise 15 SP4 and newer and openSUSE 15.4 and newer as supported (bsc#1210835)

hub-xmlrpc-api:

  • Do not strictly require Go 1.18 on SUSE Linux Enterprise 15 SP3 (bsc#1203599)

inter-server-sync:

  • Version 0.2.8
  • Correctly detect product name and product version number
  • Import image channel data only when related software channel is available (bsc#1211330)

perl-Satcon:

  • Version 4.2.3-1
  • Accept keys with dots

spacecmd:

  • Version 4.2.23-1
  • Fix argument parsing of distribution_update (bsc#1210458)

spacewalk-backend:

  • Version 4.2.28-1
  • Filter CLM modular packages using release strings (bsc#1207814)
  • Add package details to reposync error logging

spacewalk-certs-tools:

  • Version 4.2.20-1
  • Update translations

spacewalk-java:

  • Security fixes in version 4.2.50-1:
  • CVE-2023-22644: Remove web session swap secrets output in logs (bsc#1210086)
  • CVE-2023-22644: Do not output URL parameters for tiny urls (bsc#1210101)
  • CVE-2023-22644: Fix session information leak (bsc#1210107)
  • CVE-2023-22644: Do not output Cobbler xmlrpc token in debug logs (bsc#1210162)
  • CVE-2023-22644: Fix credentials and other secrets disclosure when debug log is enabled (bsc#1210154)
  • CVE-2023-22644: Prevent logging formula data (bsc#1209386, bsc#1209434)
  • Other non-security issues fixed in version 4.2.50-1:
  • Fix misleading error message regarding SCC credentials removal (bsc#1207941)
  • Fix issue with aclChannelTypeCapable that prevented errata view in deb arch
  • Refresh pillars after setting custom values via SSM (bsc#1210659)
  • Report SSM power management errors in 'rhn_web_ui' (bsc#1210406)
  • Filter CLM modular packages using release strings (bsc#1207814)
  • Allow processing big state results (bsc#1210957)
  • Use glassfish-activation-api instead of gnu-jaf
  • Fix Intenal Server Error when URI contains invalid sysid (bsc#1186011)
  • kernel options: only add quotes if there is a space in the value (bsc#1209926)
  • Fix link to Knowledge Base articles (bsc#1210311)
  • Remove channels from client after transfer to a different organization (bsc#1209220)
  • Fix displaying system channels when no base product is installed (bsc#1206423)
  • Fix broken ifcfg grub option on reinstallation (bsc#1210232)
  • Fix NPE in Cobbler system sync when server has no creator set
  • Add listSystemEvents missing API endpoint (bsc#1209877)

spacewalk-setup:

  • Version 4.2.12-1
  • Enable netapi clients in master configuration (required for Salt 3006)

spacewalk-utils:

  • Version 4.2.19-1
  • spacewalk-hostname-rename remains stuck at refreshing pillars (bsc#1207550)

spacewalk-web:

  • Version 4.2.35-1
  • Show loading indicator on formula details pages (bsc#1179747)
  • Increase datetimepicker font sizes (bsc#1210437)
  • Fix an issue where the datetimepicker shows wrong date (bsc#1209231)

supportutils-plugin-susemanager:

  • Version 4.2.7-1
  • Fix property name to tune for salt events queue processing

susemanager:

  • version 4.3.27-1
  • Use newest venv-salt-minion version available to generate the venv-enabled-*.txt file in bootstrap repos (bsc#1211958)
  • Version 4.2.41-1
  • Add bootstrap repository definitions for openSUSE Leap 15.5
  • Add bootstrap repository definitions for SUSE Linux Enterprise Server 15 SP5

susemanager-build-keys:

  • Version 15.3.9
  • add SUSE Liberty v2 key (bsc#1212096)
  • add Debian 12 (bookworm) GPG keys (bsc#1212363)
  • add new 4096 bit RSA SUSE Package Hub key
  • Version 15.3.8
  • Fix installation of SUSE Linux Enterprise 15 RSA reserve build key
  • Add new 4096 bit RSA openSUSE build key gpg-pubkey-29b700a4.asc

susemanager-sls:

  • Version 4.2.34-1
  • Trust new Liberty Linux v2 key (bsc#1212096)

susemanager-doc-indexes:

  • Salt version changed to 3006.0
  • Added note for clarification between self-installed and cloud instances of Ubuntu
  • Improved pay-as-you-go documentation in the Install and Upgrade Guide (bsc#1208984)
  • Added comment about activation keys for LTSS clients in Client Configuration Guide (bsc#1210011)
  • Updated API script examples to Python 3 in Administration Guide and Large Deployment Guide
  • Change cleanup Salt Client description
  • Added instruction for Cobbler to use the correct label in Client Configuration Guide distro label (bsc#1205600)
  • Added updated options for rhn.conf file in the Administration Guide (bsc#1209508)
  • Fixed calculation of DB max-connections and align it with the supportconfig checking tool in the Tuning Guide

susemanager-docs_en:

  • Salt version changed to 3006.0
  • Added note for clarification between self-installed and cloud instances of Ubuntu
  • Improved Pay-as-you-go documentation in the Install and Upgrade Guide (bsc#1208984)
  • Added comment about activation keys for LTSS clients in Client Configuration Guide (bsc#1210011)
  • Updated API script examples to Python 3 in Administration Guide and Large Deployment Guide
  • Change cleanup Salt Client description
  • Added instruction for Cobbler to use the correct label in Client Configuration Guide distro label (bsc#1205600)
  • Added updated options for rhn.conf file in the Administration Guide (bsc#1209508)
  • Fixed calculation of DB max-connections and align it with the supportconfig checking tool in the Tuning Guide

susemanager-schema:

  • Version 4.2.28-1
  • Filter CLM modular packages using release strings (bsc#1207814)
  • Repeat schema migrations for module metadata storage (bsc#1209915)

susemanager-sls:

  • Version 4.2.33-1
  • Include automatic migration from Salt 3000 to Salt bundle in highstate
  • Disable salt-minion and remove its config file on cleanup (bsc#1209277)
  • To update everything on a debian system, call dist-upgrade to be able to install and remove packages

virtual-host-gatherer:

  • Version 1.0.26-1
  • Fix cpu calculation in the libvirt module and enhance the data structure by os value

How to apply this update:

  1. Log in as root user to the SUSE Manager Server.
  2. Stop the Spacewalk service: spacewalk-service stop
  3. Apply the patch using either zypper patch or YaST Online Update.
  4. Start the Spacewalk service: spacewalk-service start

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Manager Proxy 4.2 Module 4.2
    zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-2595=1
  • SUSE Manager Server 4.2 Module 4.2
    zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-2595=1

Package List:

  • SUSE Manager Proxy 4.2 Module 4.2 (noarch)
    • spacewalk-base-minimal-config-4.2.35-150300.3.44.4
    • susemanager-build-keys-web-15.3.9-150300.3.14.1
    • spacewalk-backend-4.2.28-150300.4.41.4
    • python3-spacewalk-certs-tools-4.2.20-150300.3.30.4
    • spacewalk-proxy-installer-4.2.12-150300.3.17.2
    • spacewalk-certs-tools-4.2.20-150300.3.30.4
    • susemanager-build-keys-15.3.9-150300.3.14.1
    • spacewalk-ssl-cert-check-4.2.3-150300.3.3.2
    • spacewalk-base-minimal-4.2.35-150300.3.44.4
    • spacecmd-4.2.23-150300.4.39.4
  • SUSE Manager Server 4.2 Module 4.2 (noarch)
    • spacewalk-backend-iss-export-4.2.28-150300.4.41.4
    • spacewalk-backend-app-4.2.28-150300.4.41.4
    • spacewalk-backend-server-4.2.28-150300.4.41.4
    • spacewalk-java-4.2.50-150300.3.66.5
    • susemanager-doc-indexes-4.2-150300.12.45.4
    • spacewalk-backend-tools-4.2.28-150300.4.41.4
    • spacewalk-backend-config-files-tool-4.2.28-150300.4.41.4
    • spacewalk-java-lib-4.2.50-150300.3.66.5
    • uyuni-config-modules-4.2.34-150300.3.51.1
    • spacewalk-backend-package-push-server-4.2.28-150300.4.41.4
    • spacewalk-base-minimal-4.2.35-150300.3.44.4
    • cpu-mitigations-formula-0.5.0-150300.3.6.2
    • spacewalk-backend-config-files-common-4.2.28-150300.4.41.4
    • spacewalk-base-minimal-config-4.2.35-150300.3.44.4
    • spacewalk-java-postgresql-4.2.50-150300.3.66.5
    • susemanager-build-keys-web-15.3.9-150300.3.14.1
    • virtual-host-gatherer-Kubernetes-1.0.26-150300.3.15.2
    • susemanager-sls-4.2.34-150300.3.51.1
    • spacewalk-utils-extras-4.2.19-150300.3.24.2
    • spacewalk-java-config-4.2.50-150300.3.66.5
    • spacewalk-backend-sql-4.2.28-150300.4.41.4
    • supportutils-plugin-susemanager-4.2.7-150300.3.15.4
    • susemanager-build-keys-15.3.9-150300.3.14.1
    • spacewalk-backend-sql-postgresql-4.2.28-150300.4.41.4
    • spacewalk-base-4.2.35-150300.3.44.4
    • spacewalk-taskomatic-4.2.50-150300.3.66.5
    • virtual-host-gatherer-1.0.26-150300.3.15.2
    • python3-spacewalk-certs-tools-4.2.20-150300.3.30.4
    • spacewalk-backend-xml-export-libs-4.2.28-150300.4.41.4
    • susemanager-docs_en-4.2-150300.12.45.2
    • spacewalk-backend-4.2.28-150300.4.41.4
    • spacewalk-html-4.2.35-150300.3.44.4
    • virtual-host-gatherer-Nutanix-1.0.26-150300.3.15.2
    • spacewalk-backend-applet-4.2.28-150300.4.41.4
    • spacewalk-backend-iss-4.2.28-150300.4.41.4
    • spacewalk-backend-config-files-4.2.28-150300.4.41.4
    • spacewalk-setup-4.2.12-150300.3.18.3
    • virtual-host-gatherer-VMware-1.0.26-150300.3.15.2
    • branch-network-formula-0.1.1680167239.23f2fec-150300.3.6.2
    • virtual-host-gatherer-libcloud-1.0.26-150300.3.15.2
    • spacewalk-backend-xmlrpc-4.2.28-150300.4.41.4
    • spacewalk-certs-tools-4.2.20-150300.3.30.4
    • spacewalk-utils-4.2.19-150300.3.24.2
    • susemanager-schema-4.2.28-150300.3.38.4
    • susemanager-docs_en-pdf-4.2-150300.12.45.2
    • perl-Satcon-4.2.3-150300.3.3.3
    • spacecmd-4.2.23-150300.4.39.4
  • SUSE Manager Server 4.2 Module 4.2 (ppc64le s390x x86_64)
    • inter-server-sync-0.2.8-150300.8.31.2
    • susemanager-tools-4.2.42-150300.3.54.4
    • inter-server-sync-debuginfo-0.2.8-150300.8.31.2
    • susemanager-4.2.42-150300.3.54.4
    • hub-xmlrpc-api-0.7-150300.3.12.3

References: