Login
Newsletter
Werbung

Sicherheit: Denial of Service in SUSE Manager Server 3.2
Aktuelle Meldungen Distributionen
Name: Denial of Service in SUSE Manager Server 3.2
ID: SUSE-SU-2019:0341-1
Distribution: SUSE
Plattformen: SUSE Manager Server 3.2, SUSE Manager Proxy 3.2
Datum: Mi, 13. Februar 2019, 15:44
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17197
Applikationen: SUSE Manager Server 3.2

Originalnachricht

   SUSE Security Update: Security update for SUSE Manager Server 3.2
______________________________________________________________________________

Announcement ID: SUSE-SU-2019:0341-1
Rating: moderate
References: #1089121 #1098826 #1099988 #1104680 #1105720
#1105791 #1110427 #1110757 #1110772 #1111191
#1111686 #1111910 #1111963 #1112121 #1114029
#1114059 #1114115 #1114268 #1114877 #1115029
#1115978 #1116365 #1116566 #1116610 #1116826
#1117759 #1118112 #1118478 #1118917 #1119233
#1119271 #1119320 #1119727 #1119807 #1121038
#1121424 #1122565 #1123902 #1123983 #1124794
#1125097 #987798
Cross-References: CVE-2018-17197
Affected Products:
SUSE Manager Server 3.2
SUSE Manager Proxy 3.2
______________________________________________________________________________

An update that solves one vulnerability and has 41 fixes is
now available.

Description:


This update fixes the following issues:

branch-network-formula:

- Netconfig update requires bind directory to exists for bind forward,
ensure it (bsc#1116365)
- Rework network update in branch-network formula (bsc#1116365)

py26-compat-salt:

- Remove arch from name when pkg.list_pkgs is called with 'attr'
(bsc#1114029)

python-susemanager-retail:

- Force one python version for SLE12 (python2) and SLE15 (python3)
- Add disklabel: none to migrated RAID

saltboot-formula:

- Use FTP active mode for image download
- Always deploy image when image is specified in partitioning pillar
(bsc#1119807)
- Call blockdev.formatted with force=True
- Allow RAID images to be defined by saltboot formula
- image information can be provided directly for disk
- allow "none" disk label in formula and in that case hide
partitioning
information

smdba:

- Tuning: add cpu_tuple_cost (bsc#1105791)

spacecmd:

- Fix importing state channels using configchannel_import
- Fix getting file info for latest revision (via configchannel_filedetails)
- Add functions to merge errata (softwarechannel_errata_merge) and
packages (softwarechannel_mergepackages) through spacecmd (bsc#987798)

spacewalk-admin:

- Use a Salt engine to process return results (bsc#1099988)

spacewalk-backend:

- Move channel update close to commit to avoid long lock (bsc#1121424)
- Adapt Inter Server Sync code to new SCC sync backend
- Fix issue raising exceptions 'with_traceback' on Python 2
- Hide Python traceback and show only error message (bsc#1110427)
- Honor renamed postgresql10 log directory for supportconfig

spacewalk-branding:

- Better label visualization when the input is disabled. (bsc#1110772)

spacewalk-client-tools:

- Fix XML-RPC type serialization (bsc#1116610)

spacewalk-java:

- Improve salt events processing performance (bsc#1125097)
- Prevent an error when onboarding a RES 6 minion (bsc#1124794)
- Support products with multiple base channels
- Fix ordering of base channels to prevent synchronization errors
(bsc#1123902)
- Support products with multiple base channels
- Avoid a NullPointerException error in Taskomatic (bsc#1119271)
- Reset channel assignments when base channel changes on registration
(bsc#1118917)
- Allow bootstrapping minions with a pending minion key being present
(bsc#1119727)
- Hide 'unknown virtual host manager' when virtual host manager of
all
hosts is known (bsc#1119320)
- Disable notification types with 'java.notifications_type_disabled'
in
rhn.conf (bsc#1111910)
- Change SCC sync backend to adapt quicker to SCC changes and improve
speed of syncing metadata and checking for channel dependencies
(bsc#1089121)
- Read OEM Orderitems from DB instead of create always new items
(bsc#1098826)
- Fix mgr-sync refresh when subscription was removed (bsc#1105720)
- XMLRPC API: Include init.sls in channel file list (bsc#1111191)
- Fix the config channels assignment via SSM (bsc#1117759)
- Install product packages during bootstrapping minions (bsc#1104680)
- Fix cloning channels when managing the same errata for both vendor and
private orgs (bsc#1111686)
- Introduce Loggerhead-module.js to store logs from the frontend
- Removed 'Manage Channels' shortcut for vendor channels
(bsc#1115978)
- Hide already applied errata and channel entries from the output list in
audit.listSystemsByPatchStatus (bsc#1111963)
- Prevent failing KickstartCommand when customPosition is null
(bsc#1112121)
- Automatically schedule an Action to refresh minion repos after deletion
of an assigned channel (bsc#1115029)
- Performance improvements in channel management functionalities
(bsc#1114877)
- Handle with an error message if state file fails to render (bsc#1110757)
- When changing basechannel the compatible old childchannels are now
selected by default. (bsc#1110772)
- Add check for yast autoinstall profiles when setting kickstartTree
(bsc#1114115)
- Use a Salt engine to process return results (bsc#1099988)
- Fix handling of CVEs including multiple patches in CVE audit
(bsc#1111963)
- Fix synchronizing Expanded Support Channel with missing architecture
(bsc#1122565)

spacewalk-setup:

- Use a Salt engine to process return results (bsc#1099988)

spacewalk-utils:

- Exit with an error if spacewalk-common-channels does not match any
channel

spacewalk-web:

- Show feedback messages after using the retry option on the notification
messages page
- Change SCC sync backend to adapt quicker to SCC changes and improve
speed of syncing metadata and checking for channel dependencies
- Fix wording for taskotop (cosmetical only)(bsc#1118112)
- When changing basechannel the compatible old childchannels are now
selected by default. (bsc#1110772)

subscription-matcher:

- Old style hard bundle merging fix (bsc#1114059)

susemanager:

- Add bootstrap repo definition for OES 2018 SP1 (bsc#1116826)
- Rhnlib was renamed to python2-rhnlib. Change bootstrap data accordingly.
- Change SCC sync backend to adapt quicker to SCC changes and improve
speed of syncing metadata and checking for channel dependencies
- Adapt mgr-create-bootstrap-repo for Uyuni and let it create bootstrap
repos for openSUSE and CentOS
- Fetch packages from correct channel when creating a bootstrap repository
- Fix not found package on mgr-create-bootstrap-repo for SLE-15-s390x
(bsc#1116566)
- Add python3-six to bootstrap repo for SLES15 (bsc#1118478)

susemanager-docs_en:

- Update text and image files.
- Enhance forms documentation (more attributes).
- Proxy: for example, migration from traditional to Salt not supported.
- RAM requirements for host running kiwi OS images.
- Notification properties.
- Update scalability documentation.

susemanager-schema:

- Change SCC sync backend to adapt quicker to SCC changes and improve
speed of syncing metadata and checking for channel dependencies
- Performance improvements in channel management functionalities
(bsc#1114877)
- Use a Salt engine to process return results (bsc#1099988)

susemanager-sls:

- Improve salt events processing performance (bsc#1125097)
- Allow bootstrapping minions with a pending minion key being present
(bsc#1119727)
- Use a Salt engine to process return results (bsc#1099988)

susemanager-sync-data:

- Make SUSE Manager Tools channel mandatory (bsc#1123983)
- Add sle-module-web-scripting for OES2018 (bsc#1119233)
- Add new set of data for the new SCC sync backend
- Enable SLE15 SP1 family (bsc#1114268)
- Enable OES2018 SP1 (bsc#1116826)

tika-core:

- CVE-2018-17197: Fixed an infinite loop in the SQLite3Parser of Apache
Tika (bsc#1121038)


Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Manager Server 3.2:

zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-341=1

- SUSE Manager Proxy 3.2:

zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-341=1



Package List:

- SUSE Manager Server 3.2 (ppc64le s390x x86_64):

smdba-1.6.3-0.3.6.13
spacewalk-branding-2.8.5.13-3.13.14
susemanager-3.2.15-3.16.13
susemanager-tools-3.2.15-3.16.13

- SUSE Manager Server 3.2 (noarch):

branch-network-formula-0.1.1545038754.c983fa6-3.6.13
netty-4.1.8.Final-2.7.4
py26-compat-salt-2016.11.10-6.18.14
python-susemanager-retail-1.0.1544459934.07229ad-2.9.13
python2-spacewalk-client-tools-2.8.22.4-3.3.13
saltboot-formula-0.1.1546527519.591e925-3.9.13
spacecmd-2.8.25.8-3.12.13
spacewalk-admin-2.8.4.3-3.3.13
spacewalk-backend-2.8.57.8-3.10.14
spacewalk-backend-app-2.8.57.8-3.10.14
spacewalk-backend-applet-2.8.57.8-3.10.14
spacewalk-backend-config-files-2.8.57.8-3.10.14
spacewalk-backend-config-files-common-2.8.57.8-3.10.14
spacewalk-backend-config-files-tool-2.8.57.8-3.10.14
spacewalk-backend-iss-2.8.57.8-3.10.14
spacewalk-backend-iss-export-2.8.57.8-3.10.14
spacewalk-backend-libs-2.8.57.8-3.10.14
spacewalk-backend-package-push-server-2.8.57.8-3.10.14
spacewalk-backend-server-2.8.57.8-3.10.14
spacewalk-backend-sql-2.8.57.8-3.10.14
spacewalk-backend-sql-oracle-2.8.57.8-3.10.14
spacewalk-backend-sql-postgresql-2.8.57.8-3.10.14
spacewalk-backend-tools-2.8.57.8-3.10.14
spacewalk-backend-xml-export-libs-2.8.57.8-3.10.14
spacewalk-backend-xmlrpc-2.8.57.8-3.10.14
spacewalk-base-2.8.7.12-3.16.12
spacewalk-base-minimal-2.8.7.12-3.16.12
spacewalk-base-minimal-config-2.8.7.12-3.16.12
spacewalk-client-tools-2.8.22.4-3.3.13
spacewalk-html-2.8.7.12-3.16.12
spacewalk-java-2.8.78.18-3.21.1
spacewalk-java-config-2.8.78.18-3.21.1
spacewalk-java-lib-2.8.78.18-3.21.1
spacewalk-java-oracle-2.8.78.18-3.21.1
spacewalk-java-postgresql-2.8.78.18-3.21.1
spacewalk-setup-2.8.7.6-3.13.13
spacewalk-taskomatic-2.8.78.18-3.21.1
spacewalk-utils-2.8.18.4-3.6.13
subscription-matcher-0.22-4.9.13
susemanager-advanced-topics_en-pdf-3.2-11.15.12
susemanager-best-practices_en-pdf-3.2-11.15.12
susemanager-docs_en-3.2-11.15.12
susemanager-getting-started_en-pdf-3.2-11.15.12
susemanager-jsp_en-3.2-11.15.12
susemanager-reference_en-pdf-3.2-11.15.12
susemanager-retail-tools-1.0.1544459934.07229ad-2.9.13
susemanager-schema-3.2.16-3.16.13
susemanager-sls-3.2.20-3.18.1
susemanager-sync-data-3.2.12-3.14.2
susemanager-web-libs-2.8.7.12-3.16.12
tika-core-1.20-3.6.13

- SUSE Manager Proxy 3.2 (noarch):

python2-spacewalk-check-2.8.22.4-3.3.13
python2-spacewalk-client-setup-2.8.22.4-3.3.13
python2-spacewalk-client-tools-2.8.22.4-3.3.13
spacewalk-backend-2.8.57.8-3.10.14
spacewalk-backend-libs-2.8.57.8-3.10.14
spacewalk-base-minimal-2.8.7.12-3.16.12
spacewalk-base-minimal-config-2.8.7.12-3.16.12
spacewalk-check-2.8.22.4-3.3.13
spacewalk-client-setup-2.8.22.4-3.3.13
spacewalk-client-tools-2.8.22.4-3.3.13
spacewalk-proxy-installer-2.8.6.4-3.6.13
susemanager-web-libs-2.8.7.12-3.16.12


References:

https://www.suse.com/security/cve/CVE-2018-17197.html
https://bugzilla.suse.com/1089121
https://bugzilla.suse.com/1098826
https://bugzilla.suse.com/1099988
https://bugzilla.suse.com/1104680
https://bugzilla.suse.com/1105720
https://bugzilla.suse.com/1105791
https://bugzilla.suse.com/1110427
https://bugzilla.suse.com/1110757
https://bugzilla.suse.com/1110772
https://bugzilla.suse.com/1111191
https://bugzilla.suse.com/1111686
https://bugzilla.suse.com/1111910
https://bugzilla.suse.com/1111963
https://bugzilla.suse.com/1112121
https://bugzilla.suse.com/1114029
https://bugzilla.suse.com/1114059
https://bugzilla.suse.com/1114115
https://bugzilla.suse.com/1114268
https://bugzilla.suse.com/1114877
https://bugzilla.suse.com/1115029
https://bugzilla.suse.com/1115978
https://bugzilla.suse.com/1116365
https://bugzilla.suse.com/1116566
https://bugzilla.suse.com/1116610
https://bugzilla.suse.com/1116826
https://bugzilla.suse.com/1117759
https://bugzilla.suse.com/1118112
https://bugzilla.suse.com/1118478
https://bugzilla.suse.com/1118917
https://bugzilla.suse.com/1119233
https://bugzilla.suse.com/1119271
https://bugzilla.suse.com/1119320
https://bugzilla.suse.com/1119727
https://bugzilla.suse.com/1119807
https://bugzilla.suse.com/1121038
https://bugzilla.suse.com/1121424
https://bugzilla.suse.com/1122565
https://bugzilla.suse.com/1123902
https://bugzilla.suse.com/1123983
https://bugzilla.suse.com/1124794
https://bugzilla.suse.com/1125097
https://bugzilla.suse.com/987798

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates
Pro-Linux
Unterstützer werden
Neue Nachrichten
Werbung