Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.2296
SUSE-SU-2019:1703-1 Security update for SUSE Manager Server 3.2
26 June 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: SUSE Manager Server
SUSE Manager Proxy
Publisher: SUSE
Operating System: SUSE
Impact/Access: Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2019-3684
Original Bulletin:
https://www.suse.com/support/update/announcement/2019/suse-su-20191703-1.html
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for SUSE Manager Server 3.2
______________________________________________________________________________
Announcement ID: SUSE-SU-2019:1703-1
Rating: moderate
References: #1117017 #1125090 #1128061 #1128838 #1129079 #1130492
#1130551 #1131423 #1131704 #1131780 #1131867 #1131929
#1131954 #1132103 #1132197 #1133424 #1133587 #1133629
#1134195 #1134876 #1135166 #1136029 #1136102 #1136250
#1136423
Cross-References: CVE-2019-3684
Affected Products:
SUSE Manager Server 3.2
SUSE Manager Proxy 3.2
______________________________________________________________________________
An update that solves one vulnerability and has 24 fixes is now available.
Description:
This update fixes the following issues:
cobbler:
o Removes string replace for textmode fix (bsc#1134195)
py26-compat-salt:
o Avoid syntax error on yumpkg module running on Python 2.6 (bsc#1136250)
o Use ThreadPool from multiprocessing.pool to avoid leakins when calculating
FQDNs
o Fix usermod options for SLE11 (bsc#1117017)
o Do not report patches as installed on RHEL systems when not all the related
packages are installed (bsc#1128061)
o Do not include "ordereddict" and "singledispatch" on the thin for Python
2.6 systems.
o Fix paths for py26-compat dependencies on SLE15 and newer
o Port optimization_order config parameter (bsc#1131423)
o Use special tornado and msgpack-python compat packages on sles15sp1 and
greater in py26-compat-salt.conf (bsc#1131423)
o Add missing py26 thin dependencies
o Calculate the "FQDNs" grains in parallel to avoid long blocking (bsc#
1129079)
salt-netapi-client:
o Add workaround for Salt issue 52762
o Version 0.16.0 see https://github.com/SUSE/salt-netapi-client/releases/tag/
v0.16.0
spacewalk-backend:
o Fix spacewalk-repo-sync for Ubuntu repositories in mirror case (bsc#
1136029)
o Use new names in code for client tool packages which were renamed (bsc#
1134876)
o Fix HTTP headers handling to avoid duplicated entries (bsc#1125090)
o Use suseLib.get_proxy to get the HTTP proxy configuration properly on DEB
repos (bsc#1133424)
spacewalk-certs-tools:
o Fix missing quotation in bootstrap script (bsc#1136423)
o Add new packages names to instructions for adding remote configuration
support for traditional clients
o Print error message instead of stacktrace for client_config_update.py
spacewalk-config:
o Fix config declaration for rhn.conf (bsc#1132197)
spacewalk-java:
o Remove the 'Returning' clause from the query as oracle doesn't support it
(bsc#1135166)
o Use new names in code for client tool packages which were renamed (bsc#
1134876)
o Handle the different retcodes that are being returned when salt module is
not available (bsc#1131704)
o Do not implicitly set parent channel when cloning (bsc#1130492)
o Prevent Actions that were actually completed to be displayed as "in
progress" forever (bsc#1131780)
o Enable batching mode for salt synchronous calls
o Show minion id in System Details GUI and API
o Do not report Provisioning installed product to subscription matcher (bsc#
1128838)
o Fix product package conflicts with SLES for SAP systems (bsc#1130551)
o Add support for Salt batch execution mode
o Fix NPE on remote commands when no targets match (bsc1123375)
o Fix apidoc return order on mergePackages
o Take into account only synced products when scheduling SP migration from
the API (bsc#1131929)
spacewalk-web:
o Change WebUI string version to 3.2.8
susemanager:
o Make swap files readable only by root (bsc#1131954, CVE-2019-3684)
o Do not show false errors when configuring swapfile during setup
o Create bootstrap repo for new Red Hat channels (bsc#1133587)
susemanager-docs_en:
o Minion ID is visible in System Info box.
o Managing Systems Completely via SSH now fully supported (bsc#1131867).
susemanager-schema:
o Copy 3.1 schema migrations to 3.2 to be able to migrate from an older
schema version to 3.2
o Add support for Salt batch execution mode
susemanager-sls:
o Add support for Salt batch execution mode
susemanager-sync-data:
o Add SLES11 SP4 LTSS channels for SLES for SAP (bsc#1133629)
o Add SLES11 SP4 LTSS channels for ppc64 (bsc#1132103)
zypp-plugin-spacewalk:
o Fix python syntax error in distupgrade (bsc#1136102)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Manager Server 3.2:
zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-1703=1
o SUSE Manager Proxy 3.2:
zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-1703=1
Package List:
o SUSE Manager Server 3.2 (ppc64le s390x x86_64):
susemanager-3.2.18-3.25.2
susemanager-tools-3.2.18-3.25.2
o SUSE Manager Server 3.2 (noarch):
cobbler-2.6.6-6.19.1
py26-compat-salt-2016.11.10-6.26.1
python2-spacewalk-certs-tools-2.8.8.10-3.11.1
salt-netapi-client-0.16.0-4.11.1
spacewalk-backend-2.8.57.16-3.30.1
spacewalk-backend-app-2.8.57.16-3.30.1
spacewalk-backend-applet-2.8.57.16-3.30.1
spacewalk-backend-config-files-2.8.57.16-3.30.1
spacewalk-backend-config-files-common-2.8.57.16-3.30.1
spacewalk-backend-config-files-tool-2.8.57.16-3.30.1
spacewalk-backend-iss-2.8.57.16-3.30.1
spacewalk-backend-iss-export-2.8.57.16-3.30.1
spacewalk-backend-libs-2.8.57.16-3.30.1
spacewalk-backend-package-push-server-2.8.57.16-3.30.1
spacewalk-backend-server-2.8.57.16-3.30.1
spacewalk-backend-sql-2.8.57.16-3.30.1
spacewalk-backend-sql-oracle-2.8.57.16-3.30.1
spacewalk-backend-sql-postgresql-2.8.57.16-3.30.1
spacewalk-backend-tools-2.8.57.16-3.30.1
spacewalk-backend-xml-export-libs-2.8.57.16-3.30.1
spacewalk-backend-xmlrpc-2.8.57.16-3.30.1
spacewalk-base-2.8.7.16-3.27.1
spacewalk-base-minimal-2.8.7.16-3.27.1
spacewalk-base-minimal-config-2.8.7.16-3.27.1
spacewalk-certs-tools-2.8.8.10-3.11.1
spacewalk-config-2.8.5.7-3.16.1
spacewalk-html-2.8.7.16-3.27.1
spacewalk-java-2.8.78.22-3.32.1
spacewalk-java-config-2.8.78.22-3.32.1
spacewalk-java-lib-2.8.78.22-3.32.1
spacewalk-java-oracle-2.8.78.22-3.32.1
spacewalk-java-postgresql-2.8.78.22-3.32.1
spacewalk-taskomatic-2.8.78.22-3.32.1
susemanager-advanced-topics_en-pdf-3.2-11.26.1
susemanager-best-practices_en-pdf-3.2-11.26.1
susemanager-docs_en-3.2-11.26.1
susemanager-getting-started_en-pdf-3.2-11.26.1
susemanager-jsp_en-3.2-11.26.1
susemanager-reference_en-pdf-3.2-11.26.1
susemanager-schema-3.2.19-3.25.1
susemanager-sls-3.2.25-3.29.1
susemanager-sync-data-3.2.15-3.23.1
susemanager-web-libs-2.8.7.16-3.27.1
o SUSE Manager Proxy 3.2 (noarch):
python2-rhncfg-5.10.122.3-3.3.1
python2-rhncfg-actions-5.10.122.3-3.3.1
python2-rhncfg-client-5.10.122.3-3.3.1
python2-rhncfg-management-5.10.122.3-3.3.1
python2-spacewalk-certs-tools-2.8.8.10-3.11.1
python2-zypp-plugin-spacewalk-1.0.5-3.7.1
rhncfg-5.10.122.3-3.3.1
rhncfg-actions-5.10.122.3-3.3.1
rhncfg-client-5.10.122.3-3.3.1
rhncfg-management-5.10.122.3-3.3.1
spacewalk-backend-2.8.57.16-3.30.1
spacewalk-backend-libs-2.8.57.16-3.30.1
spacewalk-base-minimal-2.8.7.16-3.27.1
spacewalk-base-minimal-config-2.8.7.16-3.27.1
spacewalk-certs-tools-2.8.8.10-3.11.1
spacewalk-proxy-broker-2.8.5.5-3.6.2
spacewalk-proxy-common-2.8.5.5-3.6.2
spacewalk-proxy-installer-2.8.6.6-3.12.1
spacewalk-proxy-management-2.8.5.5-3.6.2
spacewalk-proxy-package-manager-2.8.5.5-3.6.2
spacewalk-proxy-redirect-2.8.5.5-3.6.2
spacewalk-proxy-salt-2.8.5.5-3.6.2
susemanager-web-libs-2.8.7.16-3.27.1
zypp-plugin-spacewalk-1.0.5-3.7.1
References:
o https://www.suse.com/security/cve/CVE-2019-3684.html
o https://bugzilla.suse.com/1117017
o https://bugzilla.suse.com/1125090
o https://bugzilla.suse.com/1128061
o https://bugzilla.suse.com/1128838
o https://bugzilla.suse.com/1129079
o https://bugzilla.suse.com/1130492
o https://bugzilla.suse.com/1130551
o https://bugzilla.suse.com/1131423
o https://bugzilla.suse.com/1131704
o https://bugzilla.suse.com/1131780
o https://bugzilla.suse.com/1131867
o https://bugzilla.suse.com/1131929
o https://bugzilla.suse.com/1131954
o https://bugzilla.suse.com/1132103
o https://bugzilla.suse.com/1132197
o https://bugzilla.suse.com/1133424
o https://bugzilla.suse.com/1133587
o https://bugzilla.suse.com/1133629
o https://bugzilla.suse.com/1134195
o https://bugzilla.suse.com/1134876
o https://bugzilla.suse.com/1135166
o https://bugzilla.suse.com/1136029
o https://bugzilla.suse.com/1136102
o https://bugzilla.suse.com/1136250
o https://bugzilla.suse.com/1136423
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXRLDD2aOgq3Tt24GAQgVUBAApXwP131VPRkcA1fA00aFD0WQBxerW62B
JNnPhUuMTJ3KNUsUOthjXpx9ROZ5kTwl/ajEuAacGNjw2KpW0mm+nuyFxs481Iww
+MWwfoiShnxTEMbVk20x/lTlHSVzRipwRv2+eUzbfxtoOy8YFmeEMcym8zxJGVId
5pvju3sDSzRZc1lt0WxN4eT9Be3O73gcqudIfFKyZxD1G9Zos+mlupFVC8xBxpwQ
funD+b7eH++5Qm+yi8w0ow7dbJ3MLDkSXHYNYNGzhtQ6GpDiPuAu9Eo2KoVaMNCX
QypdDsoupRbRrTtsfUb4JCD9WTuhIGRMQ3h7NAfzx7NjIA3iwX8vJ2ziBsHQlKuz
qblVWTSG7yaaBWkDQTbw1YZXS5Ks4JV1c+rYCsjs2vd7gRzrl6d3mrxNDdUUh2nZ
qhXrj4ShnMjpCtngVMUdWREALrDgmwrgg+/MXF/2c3ukuNf7glnLtaJBVpM9+n2F
14mDYqPo6r4dDKhx7waGweynuZW9/EEC42QWS4biEHAzU/5tDSmdUryeyj+Zn358
z1C34yaAvGFNy3IF4WDYjuBJoi1bQw3IJUnnARBG36BVvxs78UeSXLGjghWpjJkz
SNjv8tDKVompTgUYB5iy7cb4/xfmCD301/jdNfcihpvO20HgCr5UNACbGhPVxM8d
zs6NQ4vmE3Q=
=I0KQ
-----END PGP SIGNATURE-----