SUSE: 2019:1006-1 moderate: SUSE Manager Server 3.2
Summary
This update includes the following new features: to the repository metadata (fate#325676) This update fixes the following issues: apache-commons-lang3: - Run fdupes on javadoc - Specify java target and source level 1.6 to make package compatible with JDK >= 1.8 cobbler: - Fixes case where distribution detection returns None (bsc#1130658) - SUSE texmode fix (bsc#1109316) drools: - Update Drools to 7.17.0 - Release Notes: https://issues.redhat.com/secure/ReleaseNote.jspa - Fixes for SLE 15 compatibility guava: - Updated from 13.0.1 to 27.0.1 - Changes between 13.0.1 and 23.0: https://github.com/google/guava/wiki/Release14 https://github.com/google/guava/wiki/Release15 https://github.com/google/guava/wiki/Release16 https://github.com/google/guava/wiki/Release17 https://github.com/google/guava/wiki/Release18 https://github.com/google/guava/wiki/Release19 https://github.com/google/guava/wiki/Release23 - Changes between 23.0 and 27.0.1: see https://github.com/google/guava/releases jade4j: - Conditional java/java-devel requires based on os version - Update dependency version for commons-lang3 to 3.4 - Fix building javadoc kie-api: - Update KIE to 7.17.0 - Release notes: https://issues.redhat.com/secure/ReleaseNote.jspa optaplanner: - Update Optaplanner to 7.17.0 py26-compat-salt: - Fix minion arguments assign via sysctl (bsc#1124290) smdba: - Make 'smdba space-overview' postgresql version agnostic (bsc#1129956) - Fix version mismatch spacecmd: - Fix system_delete with SSM (bsc#1125744) spacewalk-admin: - Fix encoding bug in salt event processing (bsc#1129851) spacewalk-backend: - Fix linking of packages in reposync (bsc#1131677) - Fix: handle non-standard filenames for comps.xml (bsc#1120242) - Mgr-sign-metadata can optionally clear-sign metadata files spacewalk-branding: - Introduce a description label for the new 'minion-checkin' Taskomatic job (bsc#1122837) spacewalk-certs-tools: - Add support for Ubuntu to bootstrap script - Clean up downloaded gpg keys after bootstrap (bsc#1126075) spacewalk-java: - Fix base channel selection for Ubuntu systems (bsc#1132579) - Fix retrieval of build time for .deb repositories (bsc#1131721) - Allow access to susemanager tools channels without res subscription (bsc#1127542) - Add support for SLES 15 live patches in CVE audit - Add a Taskomatic job to perform minion check-in regularly, drop use of Salt's Mine (bsc#1122837) - Fix errata_details to return details correctly (bsc#1128228) - Support ubuntu products and debian architectures in mgr-sync - Adapt check for available repositories to debian style repositories - Add support for custom username when bootstrapping with Salt-SSH - Read and update running kernel release value at each startup of minion (bsc#1122381) - Add error message on sync refresh when there are no scc credentials - Fix apidoc issues - Fix deleting server when minion_formulas.json is empty (bsc#1122230) - Minion-action-cleanup Taskomatic task: do not clean actions younger than one hour - Schedule full package refresh only once per action chain if needed (bsc#1126518) - Check and schedule package refresh in response to events independently of what originates them (bsc#1126099) - Add configuration option to limit the number of changelog entries added to the repository metadata (fate#325676) - Generate InRelease file for Debian/Ubuntu repos when metadata signing is enabled spacewalk-web: - Show undetected subscription-matching message object as a string anyway (bsc#1125600) - Fix action scheduler time picker prefill when the server is on "UTC/GMT" timezone (bsc#1121195) - Allow username input on bootstrap page when using Salt-SSH - Add cache buster for static files (js/css) to fix caching issues after upgrading. subscription-matcher: - Update dependencies (Drools, Optaplanner, Guava, Xstream) - Make the java and java-devel requirements variable - Relax the requirement condition on apache-commons-lang3 susemanager: - Support creating bootstrap repos for Ubuntu 18.04 and 16.04. - Allow alternative names for bootstrap packages, to allow using old client tools after package renames - Feat: create Ubuntu empty repository - Fix creation of bootstrap repositories for SLE12 (no SP) by requiring python-setuptools only for SLE12 >= SP1 (bsc#1129765) - Add bootstrap repo definition for SLE15 SP1 susemanager-docs_en: - Update text and image files. - Fix bad link. - Update Manual Backup and smdba sections. - Troubleshooting Salt clients. - Fix package endpoint in salt pillar content. - Ubuntu Clients supported. - Change License to GFL 1.2, as it is the real license for the doc since 3.2.0 susemanager-schema: - Add a Taskomatic job to perform minion check-in regularly, drop use of Salt's Mine (bsc#1122837) - Fix performance regression in inter-server-sync (bsc#1128781) - Set minion-action-cleanup run frequency from hourly to daily at midnight susemanager-sls: - Update get_kernel_live_version module to support older Salt versions (bsc#1131490) - Update get_kernel_live_version module to support SLES 15 live patches - Do not configure Salt Mine in newly registered minions (bsc#1122837) - Fix Salt error related to remove_traditional_stack when bootstrapping an Ubuntu minion (bsc#1128724) - Automatically trust SUSE GPG key for client tools channels on Ubuntu systems - Util.systeminfo sls has been added to perform different actions at minion startup(bsc#1122381) susemanager-sync-data: - Allow access to susemanager tools channels without res subscription (bsc#1127542) - Add Ubuntu product definitions - Adapt to SCC changes - Add CaaSP 4 Toolchain xstream: - Update xstream to 1.4.10 - Major changes: - CVE-2017-7957: XStream could cause a Denial of Service when unmarshalling void. (bsc#1070731) - New XStream artifact with -java7 appended as version suffix for a library explicitly without the Java 8 stuff (lambda expression support, converters for java.time.* package). - Improve performance by minimizing call stack of mapper chain. - XSTR-774: Add converters for types of java.time, java.time.chrono, and java.time.temporal packages (converters for LocalDate, LocalDateTime, LocalTime, OffsetDateTime, and ZonedDateTime by Matej Cimbora). - JavaBeanConverter does not respect ignored unknown elements. - Add XStream.setupDefaultSecurity to initialize security framework with defaults of XStream 1.5.x. - Emit error warning if security framework has not been initialized and the XStream instance is vulnerable to known exploits. - Feat: modify patch to be compatible with JDK 11 building - Fixes for SLE 15 compatibility Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-1006=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-1006=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): reprepro-5.3.0-2.3.3 smdba-1.6.4-0.3.9.3 spacewalk-branding-2.8.5.15-3.19.3 susemanager-3.2.17-3.22.4 susemanager-tools-3.2.17-3.22.4 - SUSE Manager Server 3.2 (noarch): apache-commons-lang3-3.4-3.3.3 cobbler-2.6.6-6.16.3 drools-7.17.0-3.3.3 guava-27.0.1-3.3.3 jade4j-1.0.7-3.3.3 kie-api-7.17.0-3.3.3 kie-soup-7.17.0.Final-2.3.3 optaplanner-7.17.0-3.3.3 py26-compat-salt-2016.11.10-6.21.3 python2-spacewalk-certs-tools-2.8.8.7-3.6.3 spacecmd-2.8.25.10-3.20.3 spacewalk-admin-2.8.4.4-3.6.3 spacewalk-backend-2.8.57.14-3.25.3 spacewalk-backend-app-2.8.57.14-3.25.3 spacewalk-backend-applet-2.8.57.14-3.25.3 spacewalk-backend-config-files-2.8.57.14-3.25.3 spacewalk-backend-config-files-common-2.8.57.14-3.25.3 spacewalk-backend-config-files-tool-2.8.57.14-3.25.3 spacewalk-backend-iss-2.8.57.14-3.25.3 spacewalk-backend-iss-export-2.8.57.14-3.25.3 spacewalk-backend-libs-2.8.57.14-3.25.3 spacewalk-backend-package-push-server-2.8.57.14-3.25.3 spacewalk-backend-server-2.8.57.14-3.25.3 spacewalk-backend-sql-2.8.57.14-3.25.3 spacewalk-backend-sql-oracle-2.8.57.14-3.25.3 spacewalk-backend-sql-postgresql-2.8.57.14-3.25.3 spacewalk-backend-tools-2.8.57.14-3.25.3 spacewalk-backend-xml-export-libs-2.8.57.14-3.25.3 spacewalk-backend-xmlrpc-2.8.57.14-3.25.3 spacewalk-base-2.8.7.15-3.24.3 spacewalk-base-minimal-2.8.7.15-3.24.3 spacewalk-base-minimal-config-2.8.7.15-3.24.3 spacewalk-certs-tools-2.8.8.7-3.6.3 spacewalk-html-2.8.7.15-3.24.3 spacewalk-java-2.8.78.21-3.29.1 spacewalk-java-config-2.8.78.21-3.29.1 spacewalk-java-lib-2.8.78.21-3.29.1 spacewalk-java-oracle-2.8.78.21-3.29.1 spacewalk-java-postgresql-2.8.78.21-3.29.1 spacewalk-taskomatic-2.8.78.21-3.29.1 subscription-matcher-0.23-4.12.3 susemanager-schema-3.2.18-3.22.3 susemanager-sls-3.2.23-3.26.3 susemanager-sync-data-3.2.14-3.20.3 susemanager-web-libs-2.8.7.15-3.24.3 xstream-1.4.10-4.3.3 - SUSE Manager Proxy 3.2 (noarch): python2-spacewalk-certs-tools-2.8.8.7-3.6.3 spacewalk-backend-2.8.57.14-3.25.3 spacewalk-backend-libs-2.8.57.14-3.25.3 spacewalk-base-minimal-2.8.7.15-3.24.3 spacewalk-base-minimal-config-2.8.7.15-3.24.3 spacewalk-certs-tools-2.8.8.7-3.6.3 susemanager-web-libs-2.8.7.15-3.24.3
References
#1070731 #1109316 #1120242 #1121195 #1122230
#1122381 #1122837 #1124290 #1125600 #1125744
#1126075 #1126099 #1126518 #1127542 #1128228
#1128724 #1128781 #1129765 #1129851 #1129956
#1130658 #1131490 #1131677 #1131721 #1132579
Cross- CVE-2017-7957
Affected Products:
SUSE Manager Server 3.2
SUSE Manager Proxy 3.2
https://www.suse.com/security/cve/CVE-2017-7957.html
https://bugzilla.suse.com/1070731
https://bugzilla.suse.com/1109316
https://bugzilla.suse.com/1120242
https://bugzilla.suse.com/1121195
https://bugzilla.suse.com/1122230
https://bugzilla.suse.com/1122381
https://bugzilla.suse.com/1122837
https://bugzilla.suse.com/1124290
https://bugzilla.suse.com/1125600
https://bugzilla.suse.com/1125744
https://bugzilla.suse.com/1126075
https://bugzilla.suse.com/1126099
https://bugzilla.suse.com/1126518
https://bugzilla.suse.com/1127542
https://bugzilla.suse.com/1128228
https://bugzilla.suse.com/1128724
https://bugzilla.suse.com/1128781
https://bugzilla.suse.com/1129765
https://bugzilla.suse.com/1129851
https://bugzilla.suse.com/1129956
https://bugzilla.suse.com/1130658
https://bugzilla.suse.com/1131490
https://bugzilla.suse.com/1131677
https://bugzilla.suse.com/1131721
https://bugzilla.suse.com/1132579