Login
Newsletter
Werbung

Sicherheit: Zahlenüberlauf in subscription-manager
Aktuelle Meldungen Distributionen
Name: Zahlenüberlauf in subscription-manager
ID: FEDORA-2018-075821dc8f
Distribution: Fedora
Plattformen: Fedora 29
Datum: Do, 15. November 2018, 08:01
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2663
https://bugzilla.redhat.com/show_bug.cgi?id=1564735
https://bugzilla.redhat.com/show_bug.cgi?id=1612282
https://bugzilla.redhat.com/show_bug.cgi?id=1446256
https://bugzilla.redhat.com/show_bug.cgi?id=1553266
https://bugzilla.redhat.com/show_bug.cgi?id=1156510
https://bugzilla.redhat.com/show_bug.cgi?id=1505955
Applikationen: subscription-manager

Originalnachricht

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2018-075821dc8f
2018-11-15 03:13:27.032145
-------------------------------------------------------------------------------
-

Name : subscription-manager
Product : Fedora 29
Version : 1.24.2
Release : 1.fc29
URL : http://www.candlepinproject.org/
Summary : Tools and libraries for subscription and repository management
Description :
The Subscription Manager package provides programs and libraries to allow users
to manage subscriptions and yum repositories from the Red Hat entitlement
platform.

-------------------------------------------------------------------------------
-
Update Information:

This is a primarily maintenance update. Please see the attached bugs for more
specific details on what has improved as far as stability is concerned. There
is also a larger new feature which is being released in concert with work being
done in Katello / Foreman. Subscription-manager has a concept of a package-
profile. This contains information on all installed rpm packages for the system
on which it is running. We have expanded this reporting capability to include
information on enabled and installed modules from modulemd as well as to report
on which repositories this system has enabled presently. This information is
combined into a group of reports and submitted to the same endpoint on Katello
/
Foreman. The new request is a PUT to /consumers/{consumer_uuid}/profiles.
This
is done only when the string "combined_reporting" in the
managerCapabilities key
of the response to a GET /status. The old just rpm profile reporting is still
done as a PUT to /consumers/{consumer_uuid}/packages. This is at this point
only
done if the server side does not support the new capability. More will likely
be added in the future to further expand on this capability of reporting.
-------------------------------------------------------------------------------
-
ChangeLog:

* Mon Nov 5 2018 Christopher Snyder <csnyder@redhat.com> 1.24.2-1
- 1645205: Do not update ent certs inside containers (csnyder@redhat.com)
- 1633304: Disable zypper product-id plugin. (awood@redhat.com)
- Fedora documentation guidelines favor global over define. (awood@redhat.com)
- Show installed profiles only for enabled modules (paji@redhat.com)
- 1631339: Fix os.errno issue (rob@sandersmail.eu)
- Add a missing comma in test_cache (nmoumoul@redhat.com)
- Add module enabled and disabled information (paji@redhat.com)
- 1636381: Fix up our detection of missing org for service-level list
(csnyder@redhat.com)
- 1616403: Better handling of missing locale use (wpoteat@redhat.com)
- 1636381: Handle case of nonexistant org (nmoumoul@redhat.com)
- Add scripts to setup local development environment (khowell@redhat.com)
- 1633380: Add syspurpose compliance status cache - Altered the syspurpose
compliance status connection call to use the
/consumers/{uuid}/purpose_compliance API instead of fetching the consumer
object and reading the syspurpose compliance field off of it. - Added new
syspurpose compliance status cache saved in
/var/lib/rhsm/cache/syspurpose_compliance_status.json similar to the
entitlement status cache. - When the server is unreachable, we don't
traceback, but rather use the new cache value instead. (nmoumoul@redhat.com)
- 1639625: Tolerate server missing syspurpose fields (khowell@redhat.com)
- 1639086: Fix vendor comparison (hyu@redhat.com)
- Includes the installed module profiles (paji@redhat.com)
- 1623390: Fix unregistered messaging in syspurpose (khowell@redhat.com)
- 1637183: Replace redhat-uep.pem properly (khowell@redhat.com)
- 1632797: Only save SLA set during register or attach if specified
(csnyder@redhat.com)
- Updated how syspurpose handles unsetting values (crog@redhat.com)
- Update man page for report_package_profile option (nmoumoul@redhat.com)
- Automatic commit of package [subscription-manager] release [1.24.1-1].
(csnyder@redhat.com)
- 1616366: Use LANG from environment (csnyder@redhat.com)
- syspurpose no longer supresses JSON malformation errors (crog@redhat.com)
- Rename zypper plugin to rhsm (khowell@redhat.com)
- 1632384: Sync SLA regardless of capability: (nmoumoul@redhat.com)
- 1621783: Updated syspurpose fields to match expected values (crog@redhat.com)
- 1632248: User should be able to set/unset while not registered
(csnyder@redhat.com)
- 1633575: Update error message when syspurpose is not supported by server
(csnyder@redhat.com)
- 1614925: Fix grammar (csnyder@redhat.com)
* Mon Oct 15 2018 Christopher Snyder <csnyder@redhat.com> 1.24.1-1
- Rename zypper plugin to rhsm (khowell@redhat.com)
- 1632384: Sync SLA regardless of capability: (nmoumoul@redhat.com)
- 1621783: Updated syspurpose fields to match expected values (crog@redhat.com)
- 1633575: Update error message when syspurpose is not supported by server
(csnyder@redhat.com)
- 1614925: Fix grammar (csnyder@redhat.com)
- Added support of modulemd to combined profile; ENT-834 (jhnidek@redhat.com)
- 1620136: dnf plugin deletes prod cert as expected; ENT-773
(jhnidek@redhat.com)
- 1615944: Show help when no args are provided (csnyder@redhat.com)
- 1614943: Fix bytes/unicode handling of dmi data (khowell@redhat.com)
- 1618825: Rename de_DE.po and es_ES.po (awood@redhat.com)
- Combined profile: WIP enabled repos (jhnidek@redhat.com)
- Added list of enabled repos to combined profile; ENT-833 (jhnidek@redhat.com)
- 1607955: WIP: polishing PR with bug fix of release --list
(jhnidek@redhat.com)
- Fixed name of capability and added two unit tests. (jhnidek@redhat.com)
- Explict requires added for package we use directly (wpoteat@redhat.com)
- 1581410: Eliminate potential for circular dependency (awood@redhat.com)
- 1631076: subscription-manager rpm now requires python3-syspurpose
(nmoumoul@redhat.com)
- For tito build, clean the yarn cache (khowell@redhat.com)
- Fix ubuntu compat for virt-who travis runs (khowell@redhat.com)
- Fix RPMDiff issue with multilib (jhnidek@redhat.com)
- Use Combined Profile reporting (jhnidek@redhat.com)
- 1629073: No python3-dmidecode on aarch64, ppc64le (khowell@redhat.com)
- Simplify and fix subpackages logic (khowell@redhat.com)
- 1614653: Update intermediate CA (khowell@redhat.com)
- Fix spelling to capitalize Workstation properly (bcourt@redhat.com)
- 1607955: Try to use all entitlement certs for connection with CDN
(jhnidek@redhat.com)
- Use pre-provisioned centos7 box (khowell@redhat.com)
- Vagrant: use ansible-role-subman-devel via galaxy (khowell@redhat.com)
- Vagrant: skip provisioning if var needs_provision is false
(khowell@redhat.com)
* Mon Sep 10 2018 Christopher Snyder <csnyder@redhat.com> 1.24.0-1
- Use the "service_level_agreement" attribute for the SlaCommand
(csnyder@redhat.com)
- 1623262: Make automatic enablement of yum plugins working again; ENT-820
(jhnidek@redhat.com)
- Start releasing to f29 (csnyder@redhat.com)
* Thu Aug 30 2018 Christopher Snyder <csnyder@redhat.com> 1.23.4-1
- 1600694: Log dbus exception tracebacks at the debug level
(csnyder@redhat.com)
- 1623368: Register a system without a syspurpose.json file
(jhnidek@redhat.com)
- Revert "Add sles version to dist" (cnsnyder@users.noreply.github.com)
- 1596699: Handle non-existant rhsm-debug destination (ENT-780)
(nmoumoul@redhat.com)
- Sync system purpose for sub-man subcommands (jhnidek@redhat.com)
- Add man page for syspurpose. (awood@redhat.com)
- 1613968: DNF product-id plugin can install product cert; ENT-789
(jhnidek@redhat.com)
- Add sles version to dist (jsherril@redhat.com)
- Remove extraneous include in setup() (khowell@redhat.com)
- Updated translations (csnyder@redhat.com)
- 1596001: Change syspurpose import error log level to debug level
(csnyder@redhat.com)
- 1602702: rhsmcertd did not close lock file; ENT-736 (jhnidek@redhat.com)
- Adds the addons set of commands to syspurpose (csnyder@redhat.com)
- 1581445: ENT-564: rhsm configuration manage_repos is not working on RHEL8
(jhnidek@redhat.com)
- Fix time stamps of pyc files (csnyder@redhat.com)
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1553266 - Oops! in subscription-manager-cockpit TypeError:
f.GetStatus is not a function
https://bugzilla.redhat.com/show_bug.cgi?id=1553266
[ 2 ] Bug #1434493 - CVE-2017-2663 subscription-manager: unsafe dbus
interface [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1434493
[ 3 ] Bug #1612282 - Man page scan results for subscription-manager
https://bugzilla.redhat.com/show_bug.cgi?id=1612282
[ 4 ] Bug #1564735 - subscription-manager-rhsm subpackage has been dropped on
Fedora 27
https://bugzilla.redhat.com/show_bug.cgi?id=1564735
[ 5 ] Bug #1505955 - claims "subscription required" which is false on
Fedora
https://bugzilla.redhat.com/show_bug.cgi?id=1505955
[ 6 ] Bug #1156510 - [rfe] use dnf instead of yum (if dnf is installed)
https://bugzilla.redhat.com/show_bug.cgi?id=1156510
[ 7 ] Bug #1446256 - [RFE] Too large dependency chain
https://bugzilla.redhat.com/show_bug.cgi?id=1446256
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-075821dc8f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Pro-Linux
Unterstützer werden
Neue Nachrichten
Werbung