Login
Newsletter
Werbung

Sicherheit: Denial of Service in SUSE Manager Server 3.2
Aktuelle Meldungen Distributionen
Name: Denial of Service in SUSE Manager Server 3.2
ID: SUSE-SU-2018:4011-1
Distribution: SUSE
Plattformen: SUSE Manager Server 3.2, SUSE Manager Proxy 3.2
Datum: Fr, 7. Dezember 2018, 18:17
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11761
Applikationen: SUSE Manager Server 3.2

Originalnachricht

   SUSE Security Update: Security update for SUSE Manager Server 3.2
______________________________________________________________________________

Announcement ID: SUSE-SU-2018:4011-1
Rating: moderate
References: #1041999 #1080474 #1083094 #1104487 #1105359
#1105724 #1106430 #1106626 #1107869 #1109235
#1110361 #1110625 #1111247 #1111249 #1111387
#1111497 #1111542 #1111810 #1111966 #1112163
#1112445 #1112754 #1113557 #1113747 #1114181
#1114362 #1114814 #1114991 #1115449 #1116517

Cross-References: CVE-2018-11761
Affected Products:
SUSE Manager Server 3.2
SUSE Manager Proxy 3.2
______________________________________________________________________________

An update that solves one vulnerability and has 29 fixes is
now available.

Description:


This update fixes the following issues:

apache-mybatis:

- Install missing LICENSE.txt file (bsc#1114814)

cobbler:

- Fix service restart after logrotate for cobblerd (bsc#1113747)
- Rotate cobbler logs at higher frequency to prevent disk fillup
(bsc#1113747)

hadoop:

- Install missing LICENSE.txt file (bsc#1114814)

image-sync-formula:

- Handle empty images pillar (bsc#1105359)

lucene:

- Install missing LICENSE.txt file (bsc#1114814)

nekohtml:

- Install missing LICENSE.txt file (bsc#1114814)

nutch-core:

- Install missing LICENSE.txt file (bsc#1114814)
- Add conditional requirement for java 1.8
- Use java >= 1.8 - required by tika 0.19.1 to /var/log/nutch
(bsc#1107869)
- Add new tarball file for v1.0.1
- Bump up version to 1.0.1 and fix paths
- Adjustments after upgrade of tika-core to v1.19

picocontainer:

- Install missing LICENSE.txt file (bsc#1114814)

python-susemanager-retail:

- Improve error reporting on duplicate systems
- Output partition size as int (bsc#1116517)
- Start partition numbers from 1
- Warn on long group names
- Improved logging support
- Add retail_yaml --only-new option
- Print import summary (bsc#1112754)
- Add retail_migration tool
- Check for duplicate addresses in yaml (bsc#1111497)

salt-netapi-client:

- Version 0.15.0 See:
https://github.com/SUSE/salt-netapi-client/releases/tag/v0.15.0

saltboot-formula:

- Send pxe_update by external command to make sure it is finished
(bsc#1111387)
- Better error message on missing partitioning pillar (bsc#1110625)

spacecmd:

- Show group id on group_details (bsc#1111542)
- State channels handling: Existing commands configchannel_create and
configchannel_import were updated while
system_scheduleapplyconfigchannels and configchannel_updateinitsls were
added.

spacewalk-branding:

- Automatic cleanup of notification messages after a configurable lifetime
- ActivationKey base and child channel in a reactjs component
- New messages are added for XMLRPC API for state channels

spacewalk-config:

- Add permissions for tomcat & apache to check bootstrap ssh file
(bsc#1114181)

spacewalk-java:

- Improve return value and errors thrown for system.createEmptyProfile
XMLRPC endpoint
- Fix scheduling jobs to prevent forever pending events (bsc#1114991)
- Performance improvements for group listings and detail page (bsc#1111810)
- Fix wrong counts of systems currency reports when a system belongs to
more than one group (bsc#1114362)
- Add check if ssh-file permissions are correct (bsc#1114181)
- Increase maximum number of threads and open files for taskomatic
(bsc#1111966)
- When removing cobbler system record, lookup by mac address as well if
lookup by id fails(bsc#1110361)
- Allow listing empty system profiles via XMLRPC
- Automatic cleanup of notification messages after a configurable lifetime
- Different methods have been refactored in tomcat/taskomatic for better
performance(bsc#1106430)
- Do not try cleanup when deleting empty system profiles (bsc#1111247)
- Better error handling when a websocket connection is aborted
(bsc#1080474)
- Change Requires to allow installing with both Tomcat 8 (SLE-12SP3) and 9
(SLE12-SP4)
- ActivationKey base and child channel in a reactjs component
- Fix typo in messages (bsc#1111249)
- Cleanup formula data and assignment when migrating formulas or when
removing system
- Remove restrictions on SUSE Manager Channel subscriptions (bsc#1105724)
- Added shortcut for editing Software Channel
- Fix permissions check on formula list api call (bsc#1106626)
- Add sp migration dry runs to the daily status report (bsc#1083094)

spacewalk-search:

- Fix nutch-core path (bsc#1112445)

spacewalk-setup:

- Increase maximum number of threads and open files for taskomatic
(bsc#1111966)

spacewalk-utils:

- Fix typo at --phases option help

spacewalk-web:

- Make datetimepicker update displayed time (bsc#1041999)
- Show human-readable system cleanup error messages
- ActivationKey base and child channel in a reactjs component
- Fix typo in messages (bsc#1111249)

susemanager:

- Add new option --with-parent-channel to mgr-create-bootrap-repo to
specify parent channel to use if multiple options are available
(bsc#1104487)

susemanager-docs_en:

- Update text and image files.
- Add information about SLE12 SP4 as base OS for Server and Proxy

susemanager-frontend-libs:

- Fix package version (bsc#1115449)

susemanager-schema:

- Automatic cleanup of notification messages after a configurable lifetime
- Add missing minion-action-chain-cleanup to db init scripts

susemanager-sls:

- Deploy SSL certificate during onboarding of openSUSE Leap 15.0
(bsc#1112163)

susemanager-sync-data:

- SUSE OpenStack Cloud 9 enablement (bsc#1113557)
- Add SUSE Manager 3.1 and 3.2 to SLES12 SP4

tika-core:

- Fix improper XML parsing to prevent DoS attacks (CVE-2018-11761)
(bsc#1109235)
- Install missing LICENSE.txt file (bsc#1114814)
- New upstream version (0.19.1)


Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Manager Server 3.2:

zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2018-2869=1

- SUSE Manager Proxy 3.2:

zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2018-2869=1



Package List:

- SUSE Manager Server 3.2 (ppc64le s390x x86_64):

spacewalk-branding-2.8.5.12-3.10.4
susemanager-3.2.14-3.13.3
susemanager-tools-3.2.14-3.13.3

- SUSE Manager Server 3.2 (noarch):

apache-mybatis-3.2.3-3.3.3
cobbler-2.6.6-6.10.3
hadoop-0.18.1-3.3.3
image-sync-formula-0.1.1542287363.b8aa274-3.6.3
lucene-2.4.1-4.3.3
nekohtml-1.9.21-3.3.3
nutch-core-1.0.1-7.10.3
picocontainer-1.3.7-3.3.3
python-susemanager-retail-1.0.1542643545.8752d17-2.6.3
salt-netapi-client-0.15.0-4.3.3
saltboot-formula-0.1.1542287363.b8aa274-3.6.3
spacecmd-2.8.25.7-3.9.3
spacewalk-base-2.8.7.11-3.13.3
spacewalk-base-minimal-2.8.7.11-3.13.3
spacewalk-base-minimal-config-2.8.7.11-3.13.3
spacewalk-config-2.8.5.5-3.10.3
spacewalk-html-2.8.7.11-3.13.3
spacewalk-java-2.8.78.13-3.13.1
spacewalk-java-config-2.8.78.13-3.13.1
spacewalk-java-lib-2.8.78.13-3.13.1
spacewalk-java-oracle-2.8.78.13-3.13.1
spacewalk-java-postgresql-2.8.78.13-3.13.1
spacewalk-search-2.8.3.7-3.12.3
spacewalk-setup-2.8.7.5-3.10.3
spacewalk-taskomatic-2.8.78.13-3.13.1
spacewalk-utils-2.8.18.3-3.3.3
susemanager-advanced-topics_en-pdf-3.2-11.12.3
susemanager-best-practices_en-pdf-3.2-11.12.3
susemanager-docs_en-3.2-11.12.3
susemanager-frontend-libs-3.2.4-3.7.3
susemanager-getting-started_en-pdf-3.2-11.12.3
susemanager-jsp_en-3.2-11.12.3
susemanager-reference_en-pdf-3.2-11.12.3
susemanager-retail-tools-1.0.1542643545.8752d17-2.6.3
susemanager-schema-3.2.15-3.13.3
susemanager-sls-3.2.18-3.13.3
susemanager-sync-data-3.2.10-3.9.3
tika-core-1.19.1-3.3.3

- SUSE Manager Proxy 3.2 (noarch):

spacewalk-base-minimal-2.8.7.11-3.13.3
spacewalk-base-minimal-config-2.8.7.11-3.13.3


References:

https://www.suse.com/security/cve/CVE-2018-11761.html
https://bugzilla.suse.com/1041999
https://bugzilla.suse.com/1080474
https://bugzilla.suse.com/1083094
https://bugzilla.suse.com/1104487
https://bugzilla.suse.com/1105359
https://bugzilla.suse.com/1105724
https://bugzilla.suse.com/1106430
https://bugzilla.suse.com/1106626
https://bugzilla.suse.com/1107869
https://bugzilla.suse.com/1109235
https://bugzilla.suse.com/1110361
https://bugzilla.suse.com/1110625
https://bugzilla.suse.com/1111247
https://bugzilla.suse.com/1111249
https://bugzilla.suse.com/1111387
https://bugzilla.suse.com/1111497
https://bugzilla.suse.com/1111542
https://bugzilla.suse.com/1111810
https://bugzilla.suse.com/1111966
https://bugzilla.suse.com/1112163
https://bugzilla.suse.com/1112445
https://bugzilla.suse.com/1112754
https://bugzilla.suse.com/1113557
https://bugzilla.suse.com/1113747
https://bugzilla.suse.com/1114181
https://bugzilla.suse.com/1114362
https://bugzilla.suse.com/1114814
https://bugzilla.suse.com/1114991
https://bugzilla.suse.com/1115449
https://bugzilla.suse.com/1116517

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung