SUSE: 2022:2144-1 important: SUSE Manager Server 4.2
Summary
This update fixes the following issues: inter-server-sync: - version 0.2.2 * Parameter --channel-with-children didn't export data (bsc#1199089) * Clean rhnchannelcloned table to rebuild hierarchy (bsc#1197400) - Version 0.2.1 * Correct sequence in use for table rhnpackagekey(bsc#1197400) * Make Docker image export compatible with Suse Manager 4.2 - Version 0.2.0 * Allow images export and import (os based and Docker) prometheus-formula: - Version 0.6.2 * Allow prometheus-formula only for SUSE systems (bsc#1199149) salt-netapi-client: - Improve the hotfix for bsc#1192550 (bsc#1197449): smdba: - Don't package egg-info file for Enterprise Linux. spacecmd: - Version 4.2.17-1 * parse boolean paramaters correctly (bsc#1197689) spacewalk-backend: - version 4.2.22-1 * Do not raise error on file:// based DEB repo when looking for alternative Release files (bsc#1199142) - Version 4.2.21-1 * Improve parsing deb packages dependencies (bsc#1194594) spacewalk-certs-tools: - Version 4.2.16-1 * Add Salt Bundle support to bootstrap script generator spacewalk-java: - version 4.2.38-1 * Remove unused gson-extras.jar during build - version 4.2.37-1 * CVE-2022-31248: User enumeration via weak error message. (bsc#1199629) - version 4.2.36-1 * CVE-2022-21952: Unauthenticated remote Denial of Service via resource exhaustion. (bsc#1199512) - Version 4.2.35-1 * faster display installable packages list (bsc#1187333) * Pass ssh_salt_pre_flight_script and ssh_use_salt_thin parameters to the generated roster files to enable optional Salt Bundle support with Salt SSH * Fix reboot time on salt-ssh client(bsc#1197591) * detect free products in Alpha and Beta stage and prevent checks on openSUSE products (bsc#1197488) * Allow monitoring entitlement for debian 11 and 10 * Hide private methods in XMLRPC handlers * Warning log when hardware refresh result is not serializable * Optimize adding new products function (bsc#1193707) spacewalk-utils: - Version 4.2.16-1 * Add Debian 11 repositories spacewalk-web: - Version 4.2.27-1 * increase web page default timeout (bsc#1187333) * Add ssh_salt_pre_flight_script and ssh_use_salt_thin parameters to default rhn_web.conf * Upgrade minimist to fix CVE-2021-44906 * susemanager-nodejs-sdk-devel is now provided by spacewalk-web * Resolve race conditions in CLM (bsc#1195710) susemanager: - version 4.2.32-1 * Add python3-contextvars and python3-immutables to missing bootstrap repos (bsc#1200606) - version 4.2.31-1 * Add python3-gnupg to bootstrap repo definition for Ubuntu 20.04 (bsc#1200212) - version 4.2.30-1 * Fix a syntax problem at the bootstrap repository definitions - Version 4.2.29-1 * Add Salt Bundle support to mgr-create-bootstrap-repo * Enable bootstrapping for Debian 11 * fix SLE15 bootstrap repo definition (bsc#1197438) * Add SLES15SP4 and SUMA Proxy 4.3 to bootstrap repo definitions (bsc#1196702) * Add missing dependencies for Salt 3004 into bootstrap repository for SLE15 family (bsc#1198221) susemanager-doc-indexes: - Updated Salt version for Server and Proxy to 3004 - Added details to Client Configuration Guide on using Salt Bundle as optional - Updated saltversion attribute from 3002 to 3004 - In the Administration Guide, documented that monitoring tools are available in SUSE Linux Enterprise 12 and 15 and openSUSE Leap 15, but Grafana is not available on Proxy (bsc#1191143) - Documented Autoyast installation features in Autoyast section of the Client Configuration Guide - In Client Configuration Guide document Debian 11 as a supported OS as a client - In Client Configuration Guide, clarified client upgrade issues - In Client Configuration Guide, added information about registration of version 12 of SUSE Linux Enterprise clients - In Client Configuration Guide, mark the applying patches features as supported on Ubuntu - SLE Micro in Client Configuration Guide: Update version number from 5.0 to 5.1, and warn about Salt installation. susemanager-docs_en: - Updated Salt version for Server and Proxy to 3004 - Added details to Client Configuration Guide on using Salt Bundle as optional - In the Administration Guide, documented that monitoring tools are available in SUSE Linux Enterprise 12 and 15 and openSUSE Leap 15, but Grafana is not available on Proxy (bsc#1191143) - Documented Autoyast installation features in Autoyast section of the Client Configuration Guide - In Client Configuration Guide document Debian 11 as a supported OS as a client - In Client Configuration Guide, clarified client upgrade issues - In Client Configuration Guide, added information about registration of version 12 of SUSE Linux Enterprise clients - In Client Configuration Guide, mark the applying patches features as supported on Ubuntu - SLE Micro in Client Configuration Guide: Update version number from 5.0 to 5.1, and warn about Salt installation. susemanager-schema: - Version 4.2.22-1 * Add schema directory for susemanager-schema-4.2.21 susemanager-sls: - version 4.2.23-1 * Fix bootstrap repository URL resolution for Yum based clients with preflight script for Salt SSH - Version 4.2.22-1 * Add Salt Bundle support on bootstrapping * Add Salt SSH with Salt Bundle support * Add util.mgr_switch_to_venv_minion state to switch salt minions to use the Salt Bundle * Fix bootstrap repository path resolution for Oracle Linux * Handle salt bundle in set_proxy.sls susemanager-sync-data: - Version 4.2.12-1 * change release status of EL 7 and 8 aarch64 to released * change release status of Rocky Linux 8 x86_64 to released * add Debian 11 amd64 supportutils-plugin-salt: - Update to version 1.2.0 * Add support for Salt Bundle virtual-host-gatherer: - Version 1.0.23-1 * reformat the first 3 groups of the UUID for hardware versions >=13 in VMWare environment. * Fix shebangs to use python3 * Implement libvirt module How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-2144=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (ppc64le s390x x86_64): inter-server-sync-0.2.2-150300.8.17.1 inter-server-sync-debuginfo-0.2.2-150300.8.17.1 smdba-1.7.10-0.150300.3.6.1 susemanager-4.2.32-150300.3.31.1 susemanager-tools-4.2.32-150300.3.31.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): prometheus-formula-0.6.2-150300.3.14.1 python3-spacewalk-certs-tools-4.2.16-150300.3.18.3 salt-netapi-client-0.19.0-150300.3.6.1 spacecmd-4.2.17-150300.4.21.4 spacewalk-backend-4.2.22-150300.4.23.1 spacewalk-backend-app-4.2.22-150300.4.23.1 spacewalk-backend-applet-4.2.22-150300.4.23.1 spacewalk-backend-config-files-4.2.22-150300.4.23.1 spacewalk-backend-config-files-common-4.2.22-150300.4.23.1 spacewalk-backend-config-files-tool-4.2.22-150300.4.23.1 spacewalk-backend-iss-4.2.22-150300.4.23.1 spacewalk-backend-iss-export-4.2.22-150300.4.23.1 spacewalk-backend-package-push-server-4.2.22-150300.4.23.1 spacewalk-backend-server-4.2.22-150300.4.23.1 spacewalk-backend-sql-4.2.22-150300.4.23.1 spacewalk-backend-sql-postgresql-4.2.22-150300.4.23.1 spacewalk-backend-tools-4.2.22-150300.4.23.1 spacewalk-backend-xml-export-libs-4.2.22-150300.4.23.1 spacewalk-backend-xmlrpc-4.2.22-150300.4.23.1 spacewalk-base-4.2.27-150300.3.21.7 spacewalk-base-minimal-4.2.27-150300.3.21.7 spacewalk-base-minimal-config-4.2.27-150300.3.21.7 spacewalk-certs-tools-4.2.16-150300.3.18.3 spacewalk-html-4.2.27-150300.3.21.7 spacewalk-java-4.2.38-150300.3.35.1 spacewalk-java-config-4.2.38-150300.3.35.1 spacewalk-java-lib-4.2.38-150300.3.35.1 spacewalk-java-postgresql-4.2.38-150300.3.35.1 spacewalk-taskomatic-4.2.38-150300.3.35.1 spacewalk-utils-4.2.16-150300.3.15.5 spacewalk-utils-extras-4.2.16-150300.3.15.5 supportutils-plugin-salt-1.2.0-150300.3.3.1 susemanager-doc-indexes-4.2-150300.12.27.6 susemanager-docs_en-4.2-150300.12.27.1 susemanager-docs_en-pdf-4.2-150300.12.27.1 susemanager-schema-4.2.22-150300.3.21.6 susemanager-sls-4.2.23-150300.3.25.4 susemanager-sync-data-4.2.12-150300.3.18.3 uyuni-config-modules-4.2.23-150300.3.25.4 virtual-host-gatherer-1.0.23-150300.3.3.1 virtual-host-gatherer-Kubernetes-1.0.23-150300.3.3.1 virtual-host-gatherer-Nutanix-1.0.23-150300.3.3.1 virtual-host-gatherer-VMware-1.0.23-150300.3.3.1 virtual-host-gatherer-libcloud-1.0.23-150300.3.3.1
References
#1187333 #1191143 #1192550 #1193707 #1194594
#1195710 #1196702 #1197400 #1197438 #1197449
#1197488 #1197591 #1197689 #1198221 #1199089
#1199142 #1199149 #1199512 #1199629 #1200212
#1200606
Cross- CVE-2021-44906 CVE-2022-21952 CVE-2022-31248
CVSS scores:
CVE-2021-44906 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-44906 (SUSE): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE-2022-31248 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Server 4.2
SUSE Manager Server 4.2
https://www.suse.com/security/cve/CVE-2021-44906.html
https://www.suse.com/security/cve/CVE-2022-21952.html
https://www.suse.com/security/cve/CVE-2022-31248.html
https://bugzilla.suse.com/1187333
https://bugzilla.suse.com/1191143
https://bugzilla.suse.com/1192550
https://bugzilla.suse.com/1193707
https://bugzilla.suse.com/1194594
https://bugzilla.suse.com/1195710
https://bugzilla.suse.com/1196702
https://bugzilla.suse.com/1197400
https://bugzilla.suse.com/1197438
https://bugzilla.suse.com/1197449
https://bugzilla.suse.com/1197488
https://bugzilla.suse.com/1197591
https://bugzilla.suse.com/1197689
https://bugzilla.suse.com/1198221
https://bugzilla.suse.com/1199089
https://bugzilla.suse.com/1199142
https://bugzilla.suse.com/1199149
https://bugzilla.suse.com/1199512
https://bugzilla.suse.com/1199629
https://bugzilla.suse.com/1200212
https://bugzilla.suse.com/1200606