Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in SUSE Manager Server
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in SUSE Manager Server
ID: SUSE-SU-2020:2650-1
Distribution: SUSE
Plattformen: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0, SUSE Linux Enterprise Module for SUSE Manager Server 4.0
Datum: Fr, 18. September 2020, 18:39
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8028
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14900
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
Applikationen: SUSE Manager Server

Originalnachricht


SUSE Security Update: Security update for SUSE Manager Server 4.0
______________________________________________________________________________

Announcement ID: SUSE-SU-2020:2650-1
Rating: important
References: #1136857 #1165829 #1167907 #1169664 #1170244
#1171281 #1172079 #1172279 #1172504 #1172831
#1173073 #1173535 #1173554 #1173566 #1173584
#1173982 #1173997 #1174201 #1174254 #1174470
#1175224 #1175529 #1175555 #1175556 #1175558
#1175724 #1175791 #1175884 #1175889
Cross-References: CVE-2019-14900 CVE-2020-11022 CVE-2020-8028

Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Server 4.0
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0
______________________________________________________________________________

An update that solves three vulnerabilities and has 26
fixes is now available.

Description:


This update fixes the following issues:

hibernate5:

- Address CVE-2019-14900 (bsc#1172079)

image-sync-formula:

- Allow image-sync state on regular minion. Image sync state requires
branch-network pillars to get the directory where to sync images. Use
default `/srv/saltboot` if that pillar is missing so image-sync can be
applied on non branch minions as well.

openvpn-formula:

- Add hint that ssl certs must be on system (bsc#1172279)

prometheus-exporters-formula:

- Bugfix: Handle exporters proxy for unsupported distros (bsc#1175555)
- Add support for exporters proxy (exporter_exporter)
- Update the apache exporter config file for Debian

salt-netapi-client:

- Refresh authentication module list to newer Salt versions

saltboot-formula:

- Better fix for rounding errors (bsc#1136857)

spacecmd:

- Python3 fixes for errata in spacecmd (bsc#1169664)
- Python3 fix for sorted usage (bsc#1167907)
- Fix softwarechannel_listlatestpackages throwing error on empty channels
(bsc#1175889)
- Fix escaping of package names (bsc#1171281)

spacewalk-admin:

- Use the Salt API in authenticated and encrypted form (bsc#1175884,
CVE-2020-8028)

spacewalk-certs-tools:

- Add option --nostricthostkeychecking to spacewalk-ssh-push-init
- Strip SSL Certificate Common Name after 63 Characters (bsc#1173535)

spacewalk-java:

- Use the Salt API in authenticated and encrypted form (bsc#1175884,
CVE-2020-8028)
- Fix EntityExistsException on migration from traditional to salt minion
via proxy (bsc#1175556)
- Use media.1/products from media when not specified different
(bsc#1175558)
- Fix: use quiet API method when using spacewalk-common-channels
(bsc#1175529)
- Fix alignment on icon on entitlement page
- Reset the server path on minion registration (bsc#1174254)
- Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)
- Fix error when rolling back a system to a snapshot (bsc#1173997)
- Avoid deadlock when syncing channels and registering minions at the same
time (bsc#1173566)
- Provide comps.xml and modules.yaml when using onlinerepo for kickstart
- Set CPU and memory info for virtual instances (bsc#1170244)
- Change system list header text to something better (bsc#1173982)

spacewalk-setup:

- Use the Salt API in authenticated and encrypted form (bsc#1175884,
CVE-2020-8028)

spacewalk-utils:

- Avoid exceptions on the logs when looking for channels that do not exist
(bsc#1175529)

spacewalk-web:

- Fix login page after jQuery upgrade (bsc#1175224)
- Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)
- Warn when a system is in multiple groups that configure the same formula
in the system formula's UI (bsc#1173554)

susemanager:

- Define bootstrap repo data for SUSE Manager Proxies (bsc#1174470)

susemanager-frontend-libs:

- Upgrade jquery to 3.5.1 - CVE-2020-11022 (bsc#1172831)

susemanager-schema:

- Prevent a deadlock error involving delete_server and update_needed_cache
(bsc#1173073)

susemanager-sls:

- Fix the dnf plugin to add the token to the HTTP header (bsc#1175724)
- Fix reporting of missing products in product.all_installed (bsc#1165829)
- Require PyYAML version >= 5.1
- Get redhat-release only when it is not a symlink
- Fix: supply a dnf base when dealing w/repos (bsc#1172504)
- Fix: autorefresh in repos is zypper-only

susemanager-sync-data:

- Remove version from centos and oracle linux identifier (bsc#1173584)

virtualization-host-formula:

- Update to version 0.5
- Ensure kernel-default and libvirt-python3 are installed
- Set bridge network as default
- Fix conditionals (bsc#1175791)

How to apply this update: 1. Log in as root user to the SUSE Manager
server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the
patch using either zypper patch or YaST Online Update. 4. Upgrade the
database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service:
spacewalk-service start


Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Linux Enterprise Module for SUSE Manager Server 4.0:

zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2020-2650=1

- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0:

zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.0-2020-2650=1



Package List:

- SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (ppc64le s390x
x86_64):

openvpn-formula-0.1.1-4.6.2
susemanager-4.0.28-3.36.3
susemanager-tools-4.0.28-3.36.3

- SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch):

hibernate5-5.3.7-4.3.2
image-sync-formula-0.1.1595937550.0285244-3.20.2
prometheus-exporters-formula-0.7.1-3.10.2
python3-spacewalk-certs-tools-4.0.17-3.21.3
salt-netapi-client-0.17.0-4.6.3
saltboot-formula-0.1.1595937550.0285244-3.19.2
spacecmd-4.0.20-3.19.2
spacewalk-admin-4.0.11-3.12.1
spacewalk-base-4.0.23-3.30.3
spacewalk-base-minimal-4.0.23-3.30.3
spacewalk-base-minimal-config-4.0.23-3.30.3
spacewalk-certs-tools-4.0.17-3.21.3
spacewalk-html-4.0.23-3.30.3
spacewalk-java-4.0.37-3.39.1
spacewalk-java-config-4.0.37-3.39.1
spacewalk-java-lib-4.0.37-3.39.1
spacewalk-java-postgresql-4.0.37-3.39.1
spacewalk-setup-4.0.14-3.14.1
spacewalk-taskomatic-4.0.37-3.39.1
spacewalk-utils-4.0.18-3.21.3
susemanager-frontend-libs-4.0.2-4.3.2
susemanager-schema-4.0.22-3.29.2
susemanager-sls-4.0.29-3.31.3
susemanager-sync-data-4.0.18-3.24.2
susemanager-web-libs-4.0.23-3.30.3
virtualization-host-formula-0.5-4.12.3

- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (noarch):

python3-spacewalk-certs-tools-4.0.17-3.21.3
spacecmd-4.0.20-3.19.2
spacewalk-base-minimal-4.0.23-3.30.3
spacewalk-base-minimal-config-4.0.23-3.30.3
spacewalk-certs-tools-4.0.17-3.21.3
spacewalk-proxy-broker-4.0.14-3.10.3
spacewalk-proxy-common-4.0.14-3.10.3
spacewalk-proxy-management-4.0.14-3.10.3
spacewalk-proxy-package-manager-4.0.14-3.10.3
spacewalk-proxy-redirect-4.0.14-3.10.3
spacewalk-proxy-salt-4.0.14-3.10.3


References:

https://www.suse.com/security/cve/CVE-2019-14900.html
https://www.suse.com/security/cve/CVE-2020-11022.html
https://www.suse.com/security/cve/CVE-2020-8028.html
https://bugzilla.suse.com/1136857
https://bugzilla.suse.com/1165829
https://bugzilla.suse.com/1167907
https://bugzilla.suse.com/1169664
https://bugzilla.suse.com/1170244
https://bugzilla.suse.com/1171281
https://bugzilla.suse.com/1172079
https://bugzilla.suse.com/1172279
https://bugzilla.suse.com/1172504
https://bugzilla.suse.com/1172831
https://bugzilla.suse.com/1173073
https://bugzilla.suse.com/1173535
https://bugzilla.suse.com/1173554
https://bugzilla.suse.com/1173566
https://bugzilla.suse.com/1173584
https://bugzilla.suse.com/1173982
https://bugzilla.suse.com/1173997
https://bugzilla.suse.com/1174201
https://bugzilla.suse.com/1174254
https://bugzilla.suse.com/1174470
https://bugzilla.suse.com/1175224
https://bugzilla.suse.com/1175529
https://bugzilla.suse.com/1175555
https://bugzilla.suse.com/1175556
https://bugzilla.suse.com/1175558
https://bugzilla.suse.com/1175724
https://bugzilla.suse.com/1175791
https://bugzilla.suse.com/1175884
https://bugzilla.suse.com/1175889

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung