Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.0467
SUSE Security Update: Security update for SUSE Manager Server 3.2
14 February 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: SUSE Manager Server 3.2
SUSE Manager Proxy 3.2
Publisher: SUSE
Operating System: SUSE
Impact/Access: Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2018-17197
Reference: ESB-2019.0031
Original Bulletin:
https://www.suse.com/support/update/announcement/2019/suse-su-20190341-1/
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for SUSE Manager Server 3.2
______________________________________________________________________________
Announcement ID: SUSE-SU-2019:0341-1
Rating: moderate
References: #1089121 #1098826 #1099988 #1104680 #1105720
#1105791 #1110427 #1110757 #1110772 #1111191
#1111686 #1111910 #1111963 #1112121 #1114029
#1114059 #1114115 #1114268 #1114877 #1115029
#1115978 #1116365 #1116566 #1116610 #1116826
#1117759 #1118112 #1118478 #1118917 #1119233
#1119271 #1119320 #1119727 #1119807 #1121038
#1121424 #1122565 #1123902 #1123983 #1124794
#1125097 #987798
Cross-References: CVE-2018-17197
Affected Products:
SUSE Manager Server 3.2
SUSE Manager Proxy 3.2
______________________________________________________________________________
An update that solves one vulnerability and has 41 fixes is
now available.
Description:
This update fixes the following issues:
branch-network-formula:
- Netconfig update requires bind directory to exists for bind forward,
ensure it (bsc#1116365)
- Rework network update in branch-network formula (bsc#1116365)
py26-compat-salt:
- Remove arch from name when pkg.list_pkgs is called with 'attr'
(bsc#1114029)
python-susemanager-retail:
- Force one python version for SLE12 (python2) and SLE15 (python3)
- Add disklabel: none to migrated RAID
saltboot-formula:
- Use FTP active mode for image download
- Always deploy image when image is specified in partitioning pillar
(bsc#1119807)
- Call blockdev.formatted with force=True
- Allow RAID images to be defined by saltboot formula
- image information can be provided directly for disk
- allow "none" disk label in formula and in that case hide partitioning
information
smdba:
- Tuning: add cpu_tuple_cost (bsc#1105791)
spacecmd:
- Fix importing state channels using configchannel_import
- Fix getting file info for latest revision (via configchannel_filedetails)
- Add functions to merge errata (softwarechannel_errata_merge) and
packages (softwarechannel_mergepackages) through spacecmd (bsc#987798)
spacewalk-admin:
- Use a Salt engine to process return results (bsc#1099988)
spacewalk-backend:
- Move channel update close to commit to avoid long lock (bsc#1121424)
- Adapt Inter Server Sync code to new SCC sync backend
- Fix issue raising exceptions 'with_traceback' on Python 2
- Hide Python traceback and show only error message (bsc#1110427)
- Honor renamed postgresql10 log directory for supportconfig
spacewalk-branding:
- Better label visualization when the input is disabled. (bsc#1110772)
spacewalk-client-tools:
- Fix XML-RPC type serialization (bsc#1116610)
spacewalk-java:
- Improve salt events processing performance (bsc#1125097)
- Prevent an error when onboarding a RES 6 minion (bsc#1124794)
- Support products with multiple base channels
- Fix ordering of base channels to prevent synchronization errors
(bsc#1123902)
- Support products with multiple base channels
- Avoid a NullPointerException error in Taskomatic (bsc#1119271)
- Reset channel assignments when base channel changes on registration
(bsc#1118917)
- Allow bootstrapping minions with a pending minion key being present
(bsc#1119727)
- Hide 'unknown virtual host manager' when virtual host manager of all
hosts is known (bsc#1119320)
- Disable notification types with 'java.notifications_type_disabled' in
rhn.conf (bsc#1111910)
- Change SCC sync backend to adapt quicker to SCC changes and improve
speed of syncing metadata and checking for channel dependencies
(bsc#1089121)
- Read OEM Orderitems from DB instead of create always new items
(bsc#1098826)
- Fix mgr-sync refresh when subscription was removed (bsc#1105720)
- XMLRPC API: Include init.sls in channel file list (bsc#1111191)
- Fix the config channels assignment via SSM (bsc#1117759)
- Install product packages during bootstrapping minions (bsc#1104680)
- Fix cloning channels when managing the same errata for both vendor and
private orgs (bsc#1111686)
- Introduce Loggerhead-module.js to store logs from the frontend
- Removed 'Manage Channels' shortcut for vendor channels (bsc#1115978)
- Hide already applied errata and channel entries from the output list in
audit.listSystemsByPatchStatus (bsc#1111963)
- Prevent failing KickstartCommand when customPosition is null
(bsc#1112121)
- Automatically schedule an Action to refresh minion repos after deletion
of an assigned channel (bsc#1115029)
- Performance improvements in channel management functionalities
(bsc#1114877)
- Handle with an error message if state file fails to render (bsc#1110757)
- When changing basechannel the compatible old childchannels are now
selected by default. (bsc#1110772)
- Add check for yast autoinstall profiles when setting kickstartTree
(bsc#1114115)
- Use a Salt engine to process return results (bsc#1099988)
- Fix handling of CVEs including multiple patches in CVE audit
(bsc#1111963)
- Fix synchronizing Expanded Support Channel with missing architecture
(bsc#1122565)
spacewalk-setup:
- Use a Salt engine to process return results (bsc#1099988)
spacewalk-utils:
- Exit with an error if spacewalk-common-channels does not match any
channel
spacewalk-web:
- Show feedback messages after using the retry option on the notification
messages page
- Change SCC sync backend to adapt quicker to SCC changes and improve
speed of syncing metadata and checking for channel dependencies
- Fix wording for taskotop (cosmetical only)(bsc#1118112)
- When changing basechannel the compatible old childchannels are now
selected by default. (bsc#1110772)
subscription-matcher:
- Old style hard bundle merging fix (bsc#1114059)
susemanager:
- Add bootstrap repo definition for OES 2018 SP1 (bsc#1116826)
- Rhnlib was renamed to python2-rhnlib. Change bootstrap data accordingly.
- Change SCC sync backend to adapt quicker to SCC changes and improve
speed of syncing metadata and checking for channel dependencies
- Adapt mgr-create-bootstrap-repo for Uyuni and let it create bootstrap
repos for openSUSE and CentOS
- Fetch packages from correct channel when creating a bootstrap repository
- Fix not found package on mgr-create-bootstrap-repo for SLE-15-s390x
(bsc#1116566)
- Add python3-six to bootstrap repo for SLES15 (bsc#1118478)
susemanager-docs_en:
- Update text and image files.
- Enhance forms documentation (more attributes).
- Proxy: for example, migration from traditional to Salt not supported.
- RAM requirements for host running kiwi OS images.
- Notification properties.
- Update scalability documentation.
susemanager-schema:
- Change SCC sync backend to adapt quicker to SCC changes and improve
speed of syncing metadata and checking for channel dependencies
- Performance improvements in channel management functionalities
(bsc#1114877)
- Use a Salt engine to process return results (bsc#1099988)
susemanager-sls:
- Improve salt events processing performance (bsc#1125097)
- Allow bootstrapping minions with a pending minion key being present
(bsc#1119727)
- Use a Salt engine to process return results (bsc#1099988)
susemanager-sync-data:
- Make SUSE Manager Tools channel mandatory (bsc#1123983)
- Add sle-module-web-scripting for OES2018 (bsc#1119233)
- Add new set of data for the new SCC sync backend
- Enable SLE15 SP1 family (bsc#1114268)
- Enable OES2018 SP1 (bsc#1116826)
tika-core:
- CVE-2018-17197: Fixed an infinite loop in the SQLite3Parser of Apache
Tika (bsc#1121038)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Server 3.2:
zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-341=1
- SUSE Manager Proxy 3.2:
zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-341=1
Package List:
- SUSE Manager Server 3.2 (ppc64le s390x x86_64):
smdba-1.6.3-0.3.6.13
spacewalk-branding-2.8.5.13-3.13.14
susemanager-3.2.15-3.16.13
susemanager-tools-3.2.15-3.16.13
- SUSE Manager Server 3.2 (noarch):
branch-network-formula-0.1.1545038754.c983fa6-3.6.13
netty-4.1.8.Final-2.7.4
py26-compat-salt-2016.11.10-6.18.14
python-susemanager-retail-1.0.1544459934.07229ad-2.9.13
python2-spacewalk-client-tools-2.8.22.4-3.3.13
saltboot-formula-0.1.1546527519.591e925-3.9.13
spacecmd-2.8.25.8-3.12.13
spacewalk-admin-2.8.4.3-3.3.13
spacewalk-backend-2.8.57.8-3.10.14
spacewalk-backend-app-2.8.57.8-3.10.14
spacewalk-backend-applet-2.8.57.8-3.10.14
spacewalk-backend-config-files-2.8.57.8-3.10.14
spacewalk-backend-config-files-common-2.8.57.8-3.10.14
spacewalk-backend-config-files-tool-2.8.57.8-3.10.14
spacewalk-backend-iss-2.8.57.8-3.10.14
spacewalk-backend-iss-export-2.8.57.8-3.10.14
spacewalk-backend-libs-2.8.57.8-3.10.14
spacewalk-backend-package-push-server-2.8.57.8-3.10.14
spacewalk-backend-server-2.8.57.8-3.10.14
spacewalk-backend-sql-2.8.57.8-3.10.14
spacewalk-backend-sql-oracle-2.8.57.8-3.10.14
spacewalk-backend-sql-postgresql-2.8.57.8-3.10.14
spacewalk-backend-tools-2.8.57.8-3.10.14
spacewalk-backend-xml-export-libs-2.8.57.8-3.10.14
spacewalk-backend-xmlrpc-2.8.57.8-3.10.14
spacewalk-base-2.8.7.12-3.16.12
spacewalk-base-minimal-2.8.7.12-3.16.12
spacewalk-base-minimal-config-2.8.7.12-3.16.12
spacewalk-client-tools-2.8.22.4-3.3.13
spacewalk-html-2.8.7.12-3.16.12
spacewalk-java-2.8.78.18-3.21.1
spacewalk-java-config-2.8.78.18-3.21.1
spacewalk-java-lib-2.8.78.18-3.21.1
spacewalk-java-oracle-2.8.78.18-3.21.1
spacewalk-java-postgresql-2.8.78.18-3.21.1
spacewalk-setup-2.8.7.6-3.13.13
spacewalk-taskomatic-2.8.78.18-3.21.1
spacewalk-utils-2.8.18.4-3.6.13
subscription-matcher-0.22-4.9.13
susemanager-advanced-topics_en-pdf-3.2-11.15.12
susemanager-best-practices_en-pdf-3.2-11.15.12
susemanager-docs_en-3.2-11.15.12
susemanager-getting-started_en-pdf-3.2-11.15.12
susemanager-jsp_en-3.2-11.15.12
susemanager-reference_en-pdf-3.2-11.15.12
susemanager-retail-tools-1.0.1544459934.07229ad-2.9.13
susemanager-schema-3.2.16-3.16.13
susemanager-sls-3.2.20-3.18.1
susemanager-sync-data-3.2.12-3.14.2
susemanager-web-libs-2.8.7.12-3.16.12
tika-core-1.20-3.6.13
- SUSE Manager Proxy 3.2 (noarch):
python2-spacewalk-check-2.8.22.4-3.3.13
python2-spacewalk-client-setup-2.8.22.4-3.3.13
python2-spacewalk-client-tools-2.8.22.4-3.3.13
spacewalk-backend-2.8.57.8-3.10.14
spacewalk-backend-libs-2.8.57.8-3.10.14
spacewalk-base-minimal-2.8.7.12-3.16.12
spacewalk-base-minimal-config-2.8.7.12-3.16.12
spacewalk-check-2.8.22.4-3.3.13
spacewalk-client-setup-2.8.22.4-3.3.13
spacewalk-client-tools-2.8.22.4-3.3.13
spacewalk-proxy-installer-2.8.6.4-3.6.13
susemanager-web-libs-2.8.7.12-3.16.12
References:
https://www.suse.com/security/cve/CVE-2018-17197.html
https://bugzilla.suse.com/1089121
https://bugzilla.suse.com/1098826
https://bugzilla.suse.com/1099988
https://bugzilla.suse.com/1104680
https://bugzilla.suse.com/1105720
https://bugzilla.suse.com/1105791
https://bugzilla.suse.com/1110427
https://bugzilla.suse.com/1110757
https://bugzilla.suse.com/1110772
https://bugzilla.suse.com/1111191
https://bugzilla.suse.com/1111686
https://bugzilla.suse.com/1111910
https://bugzilla.suse.com/1111963
https://bugzilla.suse.com/1112121
https://bugzilla.suse.com/1114029
https://bugzilla.suse.com/1114059
https://bugzilla.suse.com/1114115
https://bugzilla.suse.com/1114268
https://bugzilla.suse.com/1114877
https://bugzilla.suse.com/1115029
https://bugzilla.suse.com/1115978
https://bugzilla.suse.com/1116365
https://bugzilla.suse.com/1116566
https://bugzilla.suse.com/1116610
https://bugzilla.suse.com/1116826
https://bugzilla.suse.com/1117759
https://bugzilla.suse.com/1118112
https://bugzilla.suse.com/1118478
https://bugzilla.suse.com/1118917
https://bugzilla.suse.com/1119233
https://bugzilla.suse.com/1119271
https://bugzilla.suse.com/1119320
https://bugzilla.suse.com/1119727
https://bugzilla.suse.com/1119807
https://bugzilla.suse.com/1121038
https://bugzilla.suse.com/1121424
https://bugzilla.suse.com/1122565
https://bugzilla.suse.com/1123902
https://bugzilla.suse.com/1123983
https://bugzilla.suse.com/1124794
https://bugzilla.suse.com/1125097
https://bugzilla.suse.com/987798
_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXGS0w2aOgq3Tt24GAQgXAQ/+Kdbq5D28XZPNSkv7SuZGV7b1VtwsBgqZ
qANKgyGszuDgOrKF3NRo8E03R6/qwX0ss9rRuvmETYIcC6nAok+pUn1aOe/9xOGk
5sdhbzC6NXxD7hNXZI7x0PoBqu7G6s6qvcamPV7XqzQAThf5hZ1+8H4jx5i313+t
Nc6cWoubsY7BkFiYzI+a+ICwGqcptVbo9OJcjWS7LqiPKLhHoXnnU7mUePuZ1QJ6
gaj8cCQpmnhkF3a+w0rrFdeG/NxbEFS9TGQOQiFPk++5pybVtagT+5bEiOVz1iob
xvh+LYQxrhMKV4lBER6kLkFZ9b0A8tTcvd9BIRL+23POhUajUiobWVIRwmqQ6O7e
USTx8xK14np21YYZGrz3+lLPTFaxZ9a3vZ5c7dw8xhBMtbA15yOXYOZ7oo7SKLHP
qdraAnqbupc2rBbmhS10NzEiYyr47zXeD4ad7CIdUHqp3gFwLt/O2PvZ+zB1KWRP
nLm1Oopi0He14UbJ7DGcCwb+88j+VpHVpFH5JxwfXRP+4PhCDcu578e4CL5V6qLG
Q5KVxh/NOxB0AjmVcDd5xejUNtNCwDd2NTqvv4WSHeVBud/sRLfF4FuqxWLvHcY8
FyablnjHYCC9De/ZQTiwbkB9LkSVepFaBf86DmvYM00u9dWUwEPoPfm1hjrPCbj6
JALNhN856aA=
=3moh
-----END PGP SIGNATURE-----