Zwei Probleme in SUSE
ID: | SUSE-SU-2018:3811-1 |
Distribution: | SUSE |
Plattformen: | SUSE Manager Server 3.1 |
Datum: | Mo, 19. November 2018, 22:41 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14696
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14695 |
Applikationen: | SUSE |
Originalnachricht |
|
SUSE Security Update: Security update for SUSE Manager Server 3.1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3811-1 Rating: moderate References: #1034030 #1037389 #1042184 #1080474 #1090676 #1094524 #1094992 #1095220 #1095942 #1095972 #1096511 #1098970 #1099857 #1100852 #1101033 #1104120 #1104487 #1105045 #1105074 #1105720 #1105724 #1105886 #1106164 #1106875 #1107117 #1107302 #1107850 #1107869 #1109235 #1111249 #1111542 #1112163 #1113557 #1113698 #1113699 Cross-References: CVE-2017-14695 CVE-2017-14696 Affected Products: SUSE Manager Server 3.1 ______________________________________________________________________________ An update that solves two vulnerabilities and has 33 fixes is now available. Description: This update includes the following new features: - Add support for postgresql 10 (fate#325659) This update fixes the following issues: py26-compat-salt: - Update Salt version to 2016.11.10 - CVE-2018-15750: Fixed directory traversal vulnerability in salt-api (bsc#1113698). - CVE-2018-15751: Fixed remote authentication bypass in salt-api(netapi) that allows to execute arbitrary commands (bsc#1113699). - Fix wrong recurse behavior on for linux_acl.present (bsc#1106164) - Adding backport for string arg normalization and fix for SUSE ES os - Prepend current directory when path is just filename (bsc#1095942) smdba: - Add support for postgresql 10 (fate#325659) spacecmd: - Show group id on group_details (bsc#1111542) - State channels handling: Existing commands configchannel_create and configchannel_import were updated while system_scheduleapplyconfigchannels and configchannel_updateinitsls were added. spacewalk: - Add support for postgresql10 (fate#325659) spacewalk-backend: - Channels to be actually un-subscribed from the assigned systems when being removed using spacewalk-remove-channel tool(bsc#1104120) spacewalk-branding: - New messages are added for XMLRPC API for state channels spacewalk-doc-indexes: - Use nutch-core dependency instead of nutch spacewalk-java: - Change Requires to allow installing with both Tomcat 8 (SLE-12SP3) and 9 (SLE12-SP4) - Fix typo in messages (bsc#1111249) - Remove restrictions on SUSE Manager Channel subscriptions (bsc#1105724) - Added shortcut for editing Software Channel - Fix NullPointerException when refreshing deleted software channel (bsc#1094992) - Add last_boot to listSystems() API call - Check valid postgresql database version - Fix displayed number of systems requiring reboot in Tasks pane (bsc#1106875) - Changed localization strings for file summaries (bsc#1090676) - Added menu item entries for creating/deleting file preservation lists (bsc#1034030) - Better error handling when a websocket connection is aborted (bsc#1080474) - Remove the reference of channel from revision before deleting it(bsc#1107850) - Added link from virtualization tab to Scheduled > Pending Actions (bsc#1037389) - Speedup package listings(bsc#1100852) - Method to Unsubscribe channel from system(bsc#1104120) - Fix mgr-sync refresh when subscription was removed (bsc#1105720) - Fix an error in the system software channels UI due to SUSE product channels missing a corresponding synced channel (bsc#1105886) - XMLRPC API for state channels - Optimize execution of actions in minions (bsc#1099857) - Reschedule taskomatic jobs if task threads limit reached (bsc#1096511) - Logic constraint: results must be ordered and grouped by systemId first (bsc#1101033) - Do not wrap output if stderr is not present (bsc#1105074) spacewalk-search: - Discard commons-logging.properties removal on spec file, as OBS package does not contain it - Upgrade tika-core to 0.19.1 and adjust nutch-core (bsc#1109235) - Remove lib jar files and add them as build dependencies on spec - Limit number of old java logfiles (bsc#1107869) spacewalk-utils: - Fix typo at --phases option help spacewalk-web: - Fix typo in messages (bsc#1111249) - Fix Sles name in base channel filter (Visualization tab) (bsc#1042184) subscription-matcher: - Set core dumps location for IBM java (bsc#1107302) - Fix OutOfMemoryError crashes (bsc#1094524) - Updated to version 0.20 - Update partnumbers rule file (bsc#1095972) - Use intermediate object to store confirmed matches within a penalty group and prevent infinite reactivation of Inherited virtualization rule (bsc#1094524) susemanager: - Add new option --with-parent-channel to mgr-create-bootrap-repo to specify parent channel to use if multiple options are available (bsc#1104487) - Add support for postgresql10 (fate#325659) - Bootstrap repos for SLE12 SP4 (bsc#1107117) susemanager-branding-oss: - Use ASCII quotation marks in license file (bsc#1098970) susemanager-schema: - Check valid postgresql database version susemanager-sls: - Deploy SSL certificate during onboarding of openSUSE Leap 15.0 (bsc#1112163) - Removed the ssl certificate verification while checking bootstrap repo URL (bsc#1095220) - Removed the need for curl to be present at bootstrap phase (bsc#1095220) susemanager-sync-data: - SUSE OpenStack Cloud 9 enablement (bsc#1113557) - Add SUSE Manager 3.1 on SLES12 SP4 - Support SLE12 SP4 product family (bsc#1107117) - Add CaaSP 3.0 channels (bsc#1105045) Additionally some Java components have been split out of existing packages for better maintenance: - apache-mybatis - hadoop - icu4j - lucene - nekohtml - nutch-core - picocontainer - tagsoup - tika-core Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-2708=1 Package List: - SUSE Manager Server 3.1 (ppc64le s390x x86_64): smdba-1.6.2-0.2.9.1 spacewalk-branding-2.7.2.15-2.25.1 susemanager-3.1.16-2.26.1 susemanager-tools-3.1.16-2.26.1 - SUSE Manager Server 3.1 (noarch): apache-mybatis-3.2.3-1.3.1 hadoop-0.18.1-1.3.1 icu4j-55.1-1.3.1 lucene-2.4.1-1.3.1 nekohtml-1.9.21-1.3.1 nutch-core-1.0.1-1.3.1 picocontainer-1.3.7-1.3.1 py26-compat-salt-2016.11.10-1.16.1 spacecmd-2.7.8.13-2.26.1 spacewalk-backend-2.7.73.15-2.26.1 spacewalk-backend-app-2.7.73.15-2.26.1 spacewalk-backend-applet-2.7.73.15-2.26.1 spacewalk-backend-config-files-2.7.73.15-2.26.1 spacewalk-backend-config-files-common-2.7.73.15-2.26.1 spacewalk-backend-config-files-tool-2.7.73.15-2.26.1 spacewalk-backend-iss-2.7.73.15-2.26.1 spacewalk-backend-iss-export-2.7.73.15-2.26.1 spacewalk-backend-libs-2.7.73.15-2.26.1 spacewalk-backend-package-push-server-2.7.73.15-2.26.1 spacewalk-backend-server-2.7.73.15-2.26.1 spacewalk-backend-sql-2.7.73.15-2.26.1 spacewalk-backend-sql-oracle-2.7.73.15-2.26.1 spacewalk-backend-sql-postgresql-2.7.73.15-2.26.1 spacewalk-backend-tools-2.7.73.15-2.26.1 spacewalk-backend-xml-export-libs-2.7.73.15-2.26.1 spacewalk-backend-xmlrpc-2.7.73.15-2.26.1 spacewalk-base-2.7.1.19-2.29.1 spacewalk-base-minimal-2.7.1.19-2.29.1 spacewalk-base-minimal-config-2.7.1.19-2.29.1 spacewalk-common-2.7.0.6-2.6.1 spacewalk-doc-indexes-2.7.0.4-2.6.1 spacewalk-html-2.7.1.19-2.29.1 spacewalk-java-2.7.46.17-2.35.1 spacewalk-java-config-2.7.46.17-2.35.1 spacewalk-java-lib-2.7.46.17-2.35.1 spacewalk-java-oracle-2.7.46.17-2.35.1 spacewalk-java-postgresql-2.7.46.17-2.35.1 spacewalk-oracle-2.7.0.6-2.6.1 spacewalk-postgresql-2.7.0.6-2.6.1 spacewalk-search-2.7.3.6-2.16.1 spacewalk-taskomatic-2.7.46.17-2.35.1 spacewalk-utils-2.7.10.9-2.17.1 subscription-matcher-0.21-4.6.1 susemanager-branding-oss-3.1.2-3.3.1 susemanager-schema-3.1.20-2.33.1 susemanager-sls-3.1.19-2.30.1 susemanager-sync-data-3.1.16-2.29.1 tagsoup-1.2.1-1.3.1 tika-core-1.19.1-1.3.1 References: https://www.suse.com/security/cve/CVE-2017-14695.html https://www.suse.com/security/cve/CVE-2017-14696.html https://bugzilla.suse.com/1034030 https://bugzilla.suse.com/1037389 https://bugzilla.suse.com/1042184 https://bugzilla.suse.com/1080474 https://bugzilla.suse.com/1090676 https://bugzilla.suse.com/1094524 https://bugzilla.suse.com/1094992 https://bugzilla.suse.com/1095220 https://bugzilla.suse.com/1095942 https://bugzilla.suse.com/1095972 https://bugzilla.suse.com/1096511 https://bugzilla.suse.com/1098970 https://bugzilla.suse.com/1099857 https://bugzilla.suse.com/1100852 https://bugzilla.suse.com/1101033 https://bugzilla.suse.com/1104120 https://bugzilla.suse.com/1104487 https://bugzilla.suse.com/1105045 https://bugzilla.suse.com/1105074 https://bugzilla.suse.com/1105720 https://bugzilla.suse.com/1105724 https://bugzilla.suse.com/1105886 https://bugzilla.suse.com/1106164 https://bugzilla.suse.com/1106875 https://bugzilla.suse.com/1107117 https://bugzilla.suse.com/1107302 https://bugzilla.suse.com/1107850 https://bugzilla.suse.com/1107869 https://bugzilla.suse.com/1109235 https://bugzilla.suse.com/1111249 https://bugzilla.suse.com/1111542 https://bugzilla.suse.com/1112163 https://bugzilla.suse.com/1113557 https://bugzilla.suse.com/1113698 https://bugzilla.suse.com/1113699 _______________________________________________ sle-security-updates mailing list sle-security-updates@lists.suse.com http://lists.suse.com/mailman/listinfo/sle-security-updates |