# Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch
Server

Announcement ID: SUSE-SU-2023:4737-1  
Rating: important  
References:

  * bsc#1191143
  * bsc#1204235
  * bsc#1207012
  * bsc#1207532
  * bsc#1210928
  * bsc#1210930
  * bsc#1211355
  * bsc#1211560
  * bsc#1211649
  * bsc#1212695
  * bsc#1212904
  * bsc#1213469
  * bsc#1214186
  * bsc#1214471
  * bsc#1214601
  * bsc#1214759
  * bsc#1215209
  * bsc#1215514
  * bsc#1215949
  * bsc#1216030
  * bsc#1216041
  * bsc#1216085
  * bsc#1216128
  * bsc#1216380
  * bsc#1216506
  * bsc#1216555
  * bsc#1216690
  * bsc#1216754
  * bsc#1217038
  * bsc#1217223
  * bsc#1217224
  * jsc#MSQA-708
  * jsc#SUMA-282

  
Cross-References:

  * CVE-2023-22644

  
CVSS scores:

  * CVE-2023-22644 ( NVD ):  3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

  
Affected Products:

  * openSUSE Leap 15.4
  * openSUSE Leap 15.5
  * Public Cloud Module 15-SP4
  * Public Cloud Module 15-SP5
  * SUSE Linux Enterprise High Performance Computing 15 SP4
  * SUSE Linux Enterprise High Performance Computing 15 SP5
  * SUSE Linux Enterprise Server 15 SP4
  * SUSE Linux Enterprise Server 15 SP5
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4
  * SUSE Linux Enterprise Server for SAP Applications 15 SP5
  * SUSE Manager Proxy 4.3
  * SUSE Manager Proxy 4.3 Module 4.3
  * SUSE Manager Retail Branch Server 4.3
  * SUSE Manager Server 4.3
  * SUSE Manager Server 4.3 Module 4.3

  
  
An update that solves one vulnerability, contains two features and has 30
security fixes can now be installed.

## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.3

### Description:

This update fixes the following issues:

spacecmd:

  * Version 4.3.25-1
  * Update translation strings

spacewalk-backend:

  * Version 4.3.25-1
  * Use the new apache2-mod_wsgi package name
  * Set stricter file permissions for config file
  * Add table statistics and options to the support config database output
  * Add CLM data collection to spacewalk-debug

spacewalk-client-tools:

  * Version 4.3.17-1
  * Update translation strings

spacewalk-proxy:

  * Version 4.3.17-1
  * Use the new apache2-mod_wsgi package name

spacewalk-web:

  * Version 4.3.36-1
  * Safeguard request URLs against tempering (bsc#1216754)
  * Improve datetimepicker input formatting
  * Improve logging to better capture third-party library issues
  * Simplify and modernize password generation logic
  * Update webpack to 5.88.2
  * Handle new message from subscription-matcher (bsc#1216506)
  * Add sanity checks for FQDNs in proxy configuration dialog
  * Add option to filter packages by build time in CLM (jsc#SUMA-282)

susemanager-tftpsync-recv:

  * Version 4.3.9-1
  * Use the new apache2-mod_wsgi package name
  * Build with Python 3 and clean up references to Python 2

How to apply this update:

  1. Log in as root user to the SUSE Manager Proxy or Retail Branch Server.
  2. Stop the proxy service: `spacewalk-proxy stop`
  3. Apply the patch using either zypper patch or YaST Online Update.
  4. Start the Spacewalk service: `spacewalk-proxy start`

## Security update for SUSE Manager Server 4.3

### Description:

This update fixes the following issues:

billing-data-service:

  * Version 4.3.2-1
  * Relax dependency to csp-billing-adapter-service

inter-server-sync:

  * Version 0.3.1
  * Require at least Go 1.20 for building SUSE packages

spacecmd:

  * Version 4.3.25-1
  * Update translation strings

spacewalk-backend:

  * Version 4.3.25-1
  * Use the new apache2-mod_wsgi package name
  * Set stricter file permissions for config file
  * Add table statistics and options to the support config database output
  * Add CLM data collection to spacewalk-debug

spacewalk-client-tools:

  * Version 4.3.17-1
  * Update translation strings

spacewalk-java:

  * Version 4.3.69-1

  * Security fixes:

    * CVE-2023-22644: Sanitize token before logging it (bsc#1210930)
    * CVE-2023-22644: Fix permissions for logfiles (bsc#1210928)
    * CVE-2023-22644: Log potential sensitive information only in debug mode (bsc#1210928)
  * Non security fixes:
    * Include in API response reboot_suggested and restart_suggested booleans
    * Fix filter ID comparison when attaching filters to a CLM project (bsc#1215949)
    * Fix validation of lists with empty defaults in formulas (bsc#1216555)
    * Safeguard request URLs against tempering (bsc#1216754)
    * Improve logging to better capture third-party library issues
    * Fix issue of non-installed package listed as errata package update candidates (bsc#1212904)
    * Fix issue with reporting database query pagination
    * Update tomcat jars to version greater than 9.0.75
    * Fix notification messages email content (bsc#1216041)
    * Look for the PAYG CA certificate location in different order to find and import the correct one (bsc#1214759)
    * Add salt-api socket timeout to abort stuck taskomatic jobs (bsc#1211649)
    * Fix SUSE Linux Enterprise Micro PAYG detection
    * Wait for lock to execute SCC sync task (bsc#1216030)
    * Fix url pointing to SCC (bsc#1216690)
    * Prevent download when a PAYG Server is not compliant
    * Fix system.provisionSystem xmlrpc endpoint to calculate host properly (bsc#1215209)
    * Include "uuid" as system search xmlrpc results (bsc#1216380)
    * Prevent losing Remote Command action result if returned JSON cannot be parsed
    * Add PAYG info to UI and rest API
    * Add management restrictions to SUMA PAYG when dealing with BYOS instances when no SCC credentials are set
    * Fix issue where bad SCC credentials were preventing other credentials to refresh (bsc#1211355)
    * Fix conversion to string if branchid is numeric in PXEEvent
    * Fix token validation for shared (public) child channels (bsc#1216128)
    * Prevent NullPointerException in updateSystemInfo (bsc#1217224)
    * Update SCC REST call to register systems in bulk
    * Enhance hardware data sent to SCC by memory
    * Fix FQDN machine name mapping on proxy configuration
    * Fix NullPointerException when creating PXE config for an unmanaged profile (bsc#1217223)
    * Add option to filter packages by build time in CLM (jsc#SUMA-282)
    * Consider server id when removing invalid erratas from rhnSet (bsc#1204235,bsc#1207012,bsc#1211560)
    * Fix createSystemRecord XML-RPC API call so the Cobbler UID is persisted (bsc#1207532)

spacewalk-search:

  * Version 4.3.10-1
  * Include "uuid" as system search result attribute (bsc#1216380)

spacewalk-web:

  * Version 4.3.36-1
  * Safeguard request URLs against tempering (bsc#1216754)
  * Improve datetimepicker input formatting
  * Improve logging to better capture third-party library issues
  * Simplify and modernize password generation logic
  * Update webpack to 5.88.2
  * Handle new message from subscription-matcher (bsc#1216506)
  * Add sanity checks for FQDNs in proxy configuration dialog
  * Add option to filter packages by build time in CLM (jsc#SUMA-282)

subscription-matcher:

  * Version 0.33
  * Added missing part numbers (bsc#1216506)
  * Ignore subscriptions without any associated products (bsc#1216506)
  * Update Guava to version 32.0

susemanager:

  * Version 4.3.33-1
  * Add bootstrap repository data for SUSE Linux Enterprise Micro 5.5
    (bsc#1217038)

susemanager-docs_en:

  * Add SUSE Liberty Linux versions 7 and 8 to the supported features matrix in
    the Client Configuration Guide
  * Add support for SUSE Linux Enterprise Micro 5.5 and openSUSE Leap Micro 5.5
    clients to the Installation and Upgrade Guide, and to the Client
    Configuration Guide
  * Update Twitter handle reference in documentation user interface
  * Update feature table and add legend in the Configuration Management section
    of the Client Configuration Guide
  * Fix parameter name in the Register clients section of the Client
    Configuration Guide
  * Fix links to HTML output of SUSE Linux Enterprise Server 15 SP4
    documentation
  * Add note about using short hostname in the Quick Start: SAP guide
    (bsc#1212695)
  * Mention the option to install Prometheus on Retail branch servers
    (bsc#1191143)
  * Fix link loop and clarify some server upgrade description details in the
    Installation and Upgrade Guide (bsc#1214471)
  * SUSE Manager 4.3 is based on SUSE Linux Enterprise 15 SP4; update the
    installation procedure (bsc#1213469)

susemanager-schema:

  * Version 4.3.22-1
  * Drop special versioned schema files
  * Add unique index for rhnpackagechangelogdata table

susemanager-sls:

  * Version 4.3.37-1
  * Disable dnf_rhui_plugin as it breaks our susemanagerplugin (bsc#1214601)
  * Fix susemanagerplugin to not overwrite header fields set by other plugins
  * Let the DNF plugin log when a token was set
  * Retry loading of pillars from DB on connection error (bsc#1214186)
  * Recognize squashfs build results from KIWI (bsc#1216085)

susemanager-sync-data:

  * Version 4.3.14-1
  * SUSE Linux Enterprise 15 SP4 Long Term Service Pack Support (LTSS)
  * Extended Service Pack Overlay Support (ESPOS) for High Performance Computing
    15 SP5
  * Long Term Service Pack Support (LTSS) for High Performance Computing 15 SP5
  * Update Open Enterprise Server to 2023.4 (bsc#1215514)

uyuni-reportdb-schema:

  * Version 4.3.8-1
  * Provide reportdb upgrade schema path structure

How to apply this update:

  1. Log in as root user to the SUSE Manager Server.
  2. Stop the Spacewalk service: `spacewalk-service stop`
  3. Apply the patch using either zypper patch or YaST Online Update.
  4. Start the Spacewalk service: `spacewalk-service start`

## Recommended update for apache2-mod_wsgi

### Description:

This update fixes the following issues:

apache2-mod_wsgi:

  * Ensure the binaries are included in SUSE Manager Server

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * openSUSE Leap 15.4  
    zypper in -t patch SUSE-2023-4737=1 openSUSE-SLE-15.4-2023-4737=1

  * openSUSE Leap 15.5  
    zypper in -t patch openSUSE-SLE-15.5-2023-4737=1

  * Public Cloud Module 15-SP4  
    zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4737=1

  * Public Cloud Module 15-SP5  
    zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-4737=1

  * SUSE Manager Proxy 4.3 Module 4.3  
    zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-4737=1

  * SUSE Manager Server 4.3 Module 4.3  
    zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-4737=1

## Package List:

  * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
    * apache2-mod_wsgi-debugsource-4.7.1-150400.3.9.4
    * apache2-mod_wsgi-4.7.1-150400.3.9.4
    * apache2-mod_wsgi-debuginfo-4.7.1-150400.3.9.4
  * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
    * apache2-mod_wsgi-debugsource-4.7.1-150400.3.9.4
    * apache2-mod_wsgi-4.7.1-150400.3.9.4
    * apache2-mod_wsgi-debuginfo-4.7.1-150400.3.9.4
  * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64)
    * apache2-mod_wsgi-debugsource-4.7.1-150400.3.9.4
    * apache2-mod_wsgi-4.7.1-150400.3.9.4
    * apache2-mod_wsgi-debuginfo-4.7.1-150400.3.9.4
  * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64)
    * apache2-mod_wsgi-debugsource-4.7.1-150400.3.9.4
    * apache2-mod_wsgi-4.7.1-150400.3.9.4
    * apache2-mod_wsgi-debuginfo-4.7.1-150400.3.9.4
  * SUSE Manager Proxy 4.3 Module 4.3 (x86_64)
    * apache2-mod_wsgi-debugsource-4.7.1-150400.3.9.4
    * apache2-mod_wsgi-4.7.1-150400.3.9.4
    * apache2-mod_wsgi-debuginfo-4.7.1-150400.3.9.4
  * SUSE Manager Proxy 4.3 Module 4.3 (noarch)
    * spacecmd-4.3.25-150400.3.30.5
    * python3-spacewalk-client-tools-4.3.17-150400.3.21.6
    * spacewalk-proxy-redirect-4.3.17-150400.3.23.5
    * spacewalk-client-setup-4.3.17-150400.3.21.6
    * python3-spacewalk-check-4.3.17-150400.3.21.6
    * spacewalk-proxy-broker-4.3.17-150400.3.23.5
    * spacewalk-proxy-common-4.3.17-150400.3.23.5
    * spacewalk-backend-4.3.25-150400.3.33.7
    * spacewalk-proxy-salt-4.3.17-150400.3.23.5
    * spacewalk-check-4.3.17-150400.3.21.6
    * spacewalk-proxy-management-4.3.17-150400.3.23.5
    * spacewalk-proxy-package-manager-4.3.17-150400.3.23.5
    * python3-spacewalk-client-setup-4.3.17-150400.3.21.6
    * spacewalk-client-tools-4.3.17-150400.3.21.6
    * spacewalk-base-minimal-4.3.36-150400.3.36.7
    * susemanager-tftpsync-recv-4.3.9-150400.3.9.5
    * spacewalk-base-minimal-config-4.3.36-150400.3.36.7
  * SUSE Manager Server 4.3 Module 4.3 (ppc64le s390x x86_64)
    * apache2-mod_wsgi-debugsource-4.7.1-150400.3.9.4
    * apache2-mod_wsgi-debuginfo-4.7.1-150400.3.9.4
    * inter-server-sync-0.3.1-150400.3.24.5
    * susemanager-tools-4.3.33-150400.3.42.4
    * susemanager-4.3.33-150400.3.42.4
    * apache2-mod_wsgi-4.7.1-150400.3.9.4
    * inter-server-sync-debuginfo-0.3.1-150400.3.24.5
  * SUSE Manager Server 4.3 Module 4.3 (noarch)
    * spacewalk-backend-config-files-tool-4.3.25-150400.3.33.7
    * spacewalk-search-4.3.10-150400.3.15.4
    * python3-spacewalk-client-tools-4.3.17-150400.3.21.6
    * susemanager-sync-data-4.3.14-150400.3.17.5
    * spacewalk-backend-config-files-common-4.3.25-150400.3.33.7
    * susemanager-docs_en-pdf-4.3-150400.9.50.5
    * spacewalk-backend-sql-postgresql-4.3.25-150400.3.33.7
    * spacewalk-base-4.3.36-150400.3.36.7
    * susemanager-schema-4.3.22-150400.3.30.5
    * spacewalk-backend-iss-4.3.25-150400.3.33.7
    * spacewalk-taskomatic-4.3.69-150400.3.69.5
    * susemanager-docs_en-4.3-150400.9.50.5
    * susemanager-sls-4.3.37-150400.3.37.5
    * spacewalk-client-tools-4.3.17-150400.3.21.6
    * spacecmd-4.3.25-150400.3.30.5
    * spacewalk-html-4.3.36-150400.3.36.7
    * spacewalk-backend-xmlrpc-4.3.25-150400.3.33.7
    * susemanager-schema-utility-4.3.22-150400.3.30.5
    * spacewalk-backend-iss-export-4.3.25-150400.3.33.7
    * spacewalk-base-minimal-config-4.3.36-150400.3.36.7
    * spacewalk-backend-xml-export-libs-4.3.25-150400.3.33.7
    * spacewalk-java-config-4.3.69-150400.3.69.5
    * spacewalk-backend-config-files-4.3.25-150400.3.33.7
    * spacewalk-backend-sql-4.3.25-150400.3.33.7
    * uyuni-reportdb-schema-4.3.8-150400.3.9.6
    * spacewalk-java-4.3.69-150400.3.69.5
    * spacewalk-backend-server-4.3.25-150400.3.33.7
    * subscription-matcher-0.33-150400.3.16.3
    * spacewalk-java-lib-4.3.69-150400.3.69.5
    * spacewalk-base-minimal-4.3.36-150400.3.36.7
    * spacewalk-java-postgresql-4.3.69-150400.3.69.5
    * billing-data-service-4.3.2-150400.10.12.5
    * spacewalk-backend-tools-4.3.25-150400.3.33.7
    * spacewalk-backend-applet-4.3.25-150400.3.33.7
    * spacewalk-backend-4.3.25-150400.3.33.7
    * uyuni-config-modules-4.3.37-150400.3.37.5
    * spacewalk-backend-package-push-server-4.3.25-150400.3.33.7
    * spacewalk-backend-app-4.3.25-150400.3.33.7

## References:

  * https://www.suse.com/security/cve/CVE-2023-22644.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1191143
  * https://bugzilla.suse.com/show_bug.cgi?id=1204235
  * https://bugzilla.suse.com/show_bug.cgi?id=1207012
  * https://bugzilla.suse.com/show_bug.cgi?id=1207532
  * https://bugzilla.suse.com/show_bug.cgi?id=1210928
  * https://bugzilla.suse.com/show_bug.cgi?id=1210930
  * https://bugzilla.suse.com/show_bug.cgi?id=1211355
  * https://bugzilla.suse.com/show_bug.cgi?id=1211560
  * https://bugzilla.suse.com/show_bug.cgi?id=1211649
  * https://bugzilla.suse.com/show_bug.cgi?id=1212695
  * https://bugzilla.suse.com/show_bug.cgi?id=1212904
  * https://bugzilla.suse.com/show_bug.cgi?id=1213469
  * https://bugzilla.suse.com/show_bug.cgi?id=1214186
  * https://bugzilla.suse.com/show_bug.cgi?id=1214471
  * https://bugzilla.suse.com/show_bug.cgi?id=1214601
  * https://bugzilla.suse.com/show_bug.cgi?id=1214759
  * https://bugzilla.suse.com/show_bug.cgi?id=1215209
  * https://bugzilla.suse.com/show_bug.cgi?id=1215514
  * https://bugzilla.suse.com/show_bug.cgi?id=1215949
  * https://bugzilla.suse.com/show_bug.cgi?id=1216030
  * https://bugzilla.suse.com/show_bug.cgi?id=1216041
  * https://bugzilla.suse.com/show_bug.cgi?id=1216085
  * https://bugzilla.suse.com/show_bug.cgi?id=1216128
  * https://bugzilla.suse.com/show_bug.cgi?id=1216380
  * https://bugzilla.suse.com/show_bug.cgi?id=1216506
  * https://bugzilla.suse.com/show_bug.cgi?id=1216555
  * https://bugzilla.suse.com/show_bug.cgi?id=1216690
  * https://bugzilla.suse.com/show_bug.cgi?id=1216754
  * https://bugzilla.suse.com/show_bug.cgi?id=1217038
  * https://bugzilla.suse.com/show_bug.cgi?id=1217223
  * https://bugzilla.suse.com/show_bug.cgi?id=1217224
  * https://jira.suse.com/browse/MSQA-708
  * https://jira.suse.com/browse/SUMA-282

SUSE: 2023:4737-1 important: Maintenance SUSE Manager 4.3

December 14, 2023
* bsc#1191143 * bsc#1204235 * bsc#1207012 * bsc#1207532 * bsc#1210928

Summary

### This update fixes the following issues: spacecmd: * Version 4.3.25-1 * Update translation strings spacewalk-backend: * Version 4.3.25-1 * Use the new apache2-mod_wsgi package name * Set stricter file permissions for config file * Add table statistics and options to the support config database output * Add CLM data collection to spacewalk-debug spacewalk-client-tools: * Version 4.3.17-1 * Update translation strings spacewalk-proxy: * Version 4.3.17-1 * Use the new apache2-mod_wsgi package name spacewalk-web: * Version 4.3.36-1 * Safeguard request URLs against tempering (bsc#1216754) * Improve datetimepicker input formatting * Improve logging to better capture third-party library issues * Simplify and modernize password generation logic * Update webpack to 5.88.2 * Handle new message from subscription-matcher (bsc#1216506) * Add sanity checks for FQDNs in proxy configuration dialog * Add option to filter packages by build time in CLM (jsc#SUMA-282) susemanager-tftpsync-recv: * Version 4.3.9-1 * Use the new apache2-mod_wsgi package name * Build with Python 3 and clean up references to Python 2 How to apply this update: 1. Log in as root user to the SUSE Manager Proxy or Retail Branch Server. 2. Stop the proxy service: `spacewalk-proxy stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-proxy start` ## Security update for SUSE Manager Server 4.3 ### This update fixes the following issues: billing-data-service: * Version 4.3.2-1 * Relax dependency to csp-billing-adapter-service inter-server-sync: * Version 0.3.1 * Require at least Go 1.20 for building SUSE packages spacecmd: * Version 4.3.25-1 * Update translation strings spacewalk-backend: * Version 4.3.25-1 * Use the new apache2-mod_wsgi package name * Set stricter file permissions for config file * Add table statistics and options to the support config database output * Add CLM data collection to spacewalk-debug spacewalk-client-tools: * Version 4.3.17-1 * Update translation strings spacewalk-java: * Version 4.3.69-1 * Security fixes: * CVE-2023-22644: Sanitize token before logging it (bsc#1210930) * CVE-2023-22644: Fix permissions for logfiles (bsc#1210928) * CVE-2023-22644: Log potential sensitive information only in debug mode (bsc#1210928) * Non security fixes: * Include in API response reboot_suggested and restart_suggested booleans * Fix filter ID comparison when attaching filters to a CLM project (bsc#1215949) * Fix validation of lists with empty defaults in formulas (bsc#1216555) * Safeguard request URLs against tempering (bsc#1216754) * Improve logging to better capture third-party library issues * Fix issue of non-installed package listed as errata package update candidates (bsc#1212904) * Fix issue with reporting database query pagination * Update tomcat jars to version greater than 9.0.75 * Fix notification messages email content (bsc#1216041) * Look for the PAYG CA certificate location in different order to find and import the correct one (bsc#1214759) * Add salt-api socket timeout to abort stuck taskomatic jobs (bsc#1211649) * Fix SUSE Linux Enterprise Micro PAYG detection * Wait for lock to execute SCC sync task (bsc#1216030) * Fix url pointing to SCC (bsc#1216690) * Prevent download when a PAYG Server is not compliant * Fix system.provisionSystem xmlrpc endpoint to calculate host properly (bsc#1215209) * Include "uuid" as system search xmlrpc results (bsc#1216380) * Prevent losing Remote Command action result if returned JSON cannot be parsed * Add PAYG info to UI and rest API * Add management restrictions to SUMA PAYG when dealing with BYOS instances when no SCC credentials are set * Fix issue where bad SCC credentials were preventing other credentials to refresh (bsc#1211355) * Fix conversion to string if branchid is numeric in PXEEvent * Fix token validation for shared (public) child channels (bsc#1216128) * Prevent NullPointerException in updateSystemInfo (bsc#1217224) * Update SCC REST call to register systems in bulk * Enhance hardware data sent to SCC by memory * Fix FQDN machine name mapping on proxy configuration * Fix NullPointerException when creating PXE config for an unmanaged profile (bsc#1217223) * Add option to filter packages by build time in CLM (jsc#SUMA-282) * Consider server id when removing invalid erratas from rhnSet (bsc#1204235,bsc#1207012,bsc#1211560) * Fix createSystemRecord XML-RPC API call so the Cobbler UID is persisted (bsc#1207532) spacewalk-search: * Version 4.3.10-1 * Include "uuid" as system search result attribute (bsc#1216380) spacewalk-web: * Version 4.3.36-1 * Safeguard request URLs against tempering (bsc#1216754) * Improve datetimepicker input formatting * Improve logging to better capture third-party library issues * Simplify and modernize password generation logic * Update webpack to 5.88.2 * Handle new message from subscription-matcher (bsc#1216506) * Add sanity checks for FQDNs in proxy configuration dialog * Add option to filter packages by build time in CLM (jsc#SUMA-282) subscription-matcher: * Version 0.33 * Added missing part numbers (bsc#1216506) * Ignore subscriptions without any associated products (bsc#1216506) * Update Guava to version 32.0 susemanager: * Version 4.3.33-1 * Add bootstrap repository data for SUSE Linux Enterprise Micro 5.5 (bsc#1217038) susemanager-docs_en: * Add SUSE Liberty Linux versions 7 and 8 to the supported features matrix in the Client Configuration Guide * Add support for SUSE Linux Enterprise Micro 5.5 and openSUSE Leap Micro 5.5 clients to the Installation and Upgrade Guide, and to the Client Configuration Guide * Update Twitter handle reference in documentation user interface * Update feature table and add legend in the Configuration Management section of the Client Configuration Guide * Fix parameter name in the Register clients section of the Client Configuration Guide * Fix links to HTML output of SUSE Linux Enterprise Server 15 SP4 documentation * Add note about using short hostname in the Quick Start: SAP guide (bsc#1212695) * Mention the option to install Prometheus on Retail branch servers (bsc#1191143) * Fix link loop and clarify some server upgrade description details in the Installation and Upgrade Guide (bsc#1214471) * SUSE Manager 4.3 is based on SUSE Linux Enterprise 15 SP4; update the installation procedure (bsc#1213469) susemanager-schema: * Version 4.3.22-1 * Drop special versioned schema files * Add unique index for rhnpackagechangelogdata table susemanager-sls: * Version 4.3.37-1 * Disable dnf_rhui_plugin as it breaks our susemanagerplugin (bsc#1214601) * Fix susemanagerplugin to not overwrite header fields set by other plugins * Let the DNF plugin log when a token was set * Retry loading of pillars from DB on connection error (bsc#1214186) * Recognize squashfs build results from KIWI (bsc#1216085) susemanager-sync-data: * Version 4.3.14-1 * SUSE Linux Enterprise 15 SP4 Long Term Service Pack Support (LTSS) * Extended Service Pack Overlay Support (ESPOS) for High Performance Computing 15 SP5 * Long Term Service Pack Support (LTSS) for High Performance Computing 15 SP5 * Update Open Enterprise Server to 2023.4 (bsc#1215514) uyuni-reportdb-schema: * Version 4.3.8-1 * Provide reportdb upgrade schema path structure How to apply this update: 1. Log in as root user to the SUSE Manager Server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` ## Recommended update for apache2-mod_wsgi ### This update fixes the following issues: apache2-mod_wsgi: * Ensure the binaries are included in SUSE Manager Server ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4737=1 openSUSE-SLE-15.4-2023-4737=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4737=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4737=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-4737=1 * SUSE Manager Proxy 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-4737=1 * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-4737=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * apache2-mod_wsgi-debugsource-4.7.1-150400.3.9.4 * apache2-mod_wsgi-4.7.1-150400.3.9.4 * apache2-mod_wsgi-debuginfo-4.7.1-150400.3.9.4 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * apache2-mod_wsgi-debugsource-4.7.1-150400.3.9.4 * apache2-mod_wsgi-4.7.1-150400.3.9.4 * apache2-mod_wsgi-debuginfo-4.7.1-150400.3.9.4 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * apache2-mod_wsgi-debugsource-4.7.1-150400.3.9.4 * apache2-mod_wsgi-4.7.1-150400.3.9.4 * apache2-mod_wsgi-debuginfo-4.7.1-150400.3.9.4 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * apache2-mod_wsgi-debugsource-4.7.1-150400.3.9.4 * apache2-mod_wsgi-4.7.1-150400.3.9.4 * apache2-mod_wsgi-debuginfo-4.7.1-150400.3.9.4 * SUSE Manager Proxy 4.3 Module 4.3 (x86_64) * apache2-mod_wsgi-debugsource-4.7.1-150400.3.9.4 * apache2-mod_wsgi-4.7.1-150400.3.9.4 * apache2-mod_wsgi-debuginfo-4.7.1-150400.3.9.4 * SUSE Manager Proxy 4.3 Module 4.3 (noarch) * spacecmd-4.3.25-150400.3.30.5 * python3-spacewalk-client-tools-4.3.17-150400.3.21.6 * spacewalk-proxy-redirect-4.3.17-150400.3.23.5 * spacewalk-client-setup-4.3.17-150400.3.21.6 * python3-spacewalk-check-4.3.17-150400.3.21.6 * spacewalk-proxy-broker-4.3.17-150400.3.23.5 * spacewalk-proxy-common-4.3.17-150400.3.23.5 * spacewalk-backend-4.3.25-150400.3.33.7 * spacewalk-proxy-salt-4.3.17-150400.3.23.5 * spacewalk-check-4.3.17-150400.3.21.6 * spacewalk-proxy-management-4.3.17-150400.3.23.5 * spacewalk-proxy-package-manager-4.3.17-150400.3.23.5 * python3-spacewalk-client-setup-4.3.17-150400.3.21.6 * spacewalk-client-tools-4.3.17-150400.3.21.6 * spacewalk-base-minimal-4.3.36-150400.3.36.7 * susemanager-tftpsync-recv-4.3.9-150400.3.9.5 * spacewalk-base-minimal-config-4.3.36-150400.3.36.7 * SUSE Manager Server 4.3 Module 4.3 (ppc64le s390x x86_64) * apache2-mod_wsgi-debugsource-4.7.1-150400.3.9.4 * apache2-mod_wsgi-debuginfo-4.7.1-150400.3.9.4 * inter-server-sync-0.3.1-150400.3.24.5 * susemanager-tools-4.3.33-150400.3.42.4 * susemanager-4.3.33-150400.3.42.4 * apache2-mod_wsgi-4.7.1-150400.3.9.4 * inter-server-sync-debuginfo-0.3.1-150400.3.24.5 * SUSE Manager Server 4.3 Module 4.3 (noarch) * spacewalk-backend-config-files-tool-4.3.25-150400.3.33.7 * spacewalk-search-4.3.10-150400.3.15.4 * python3-spacewalk-client-tools-4.3.17-150400.3.21.6 * susemanager-sync-data-4.3.14-150400.3.17.5 * spacewalk-backend-config-files-common-4.3.25-150400.3.33.7 * susemanager-docs_en-pdf-4.3-150400.9.50.5 * spacewalk-backend-sql-postgresql-4.3.25-150400.3.33.7 * spacewalk-base-4.3.36-150400.3.36.7 * susemanager-schema-4.3.22-150400.3.30.5 * spacewalk-backend-iss-4.3.25-150400.3.33.7 * spacewalk-taskomatic-4.3.69-150400.3.69.5 * susemanager-docs_en-4.3-150400.9.50.5 * susemanager-sls-4.3.37-150400.3.37.5 * spacewalk-client-tools-4.3.17-150400.3.21.6 * spacecmd-4.3.25-150400.3.30.5 * spacewalk-html-4.3.36-150400.3.36.7 * spacewalk-backend-xmlrpc-4.3.25-150400.3.33.7 * susemanager-schema-utility-4.3.22-150400.3.30.5 * spacewalk-backend-iss-export-4.3.25-150400.3.33.7 * spacewalk-base-minimal-config-4.3.36-150400.3.36.7 * spacewalk-backend-xml-export-libs-4.3.25-150400.3.33.7 * spacewalk-java-config-4.3.69-150400.3.69.5 * spacewalk-backend-config-files-4.3.25-150400.3.33.7 * spacewalk-backend-sql-4.3.25-150400.3.33.7 * uyuni-reportdb-schema-4.3.8-150400.3.9.6 * spacewalk-java-4.3.69-150400.3.69.5 * spacewalk-backend-server-4.3.25-150400.3.33.7 * subscription-matcher-0.33-150400.3.16.3 * spacewalk-java-lib-4.3.69-150400.3.69.5 * spacewalk-base-minimal-4.3.36-150400.3.36.7 * spacewalk-java-postgresql-4.3.69-150400.3.69.5 * billing-data-service-4.3.2-150400.10.12.5 * spacewalk-backend-tools-4.3.25-150400.3.33.7 * spacewalk-backend-applet-4.3.25-150400.3.33.7 * spacewalk-backend-4.3.25-150400.3.33.7 * uyuni-config-modules-4.3.37-150400.3.37.5 * spacewalk-backend-package-push-server-4.3.25-150400.3.33.7 * spacewalk-backend-app-4.3.25-150400.3.33.7

References

* bsc#1191143

* bsc#1204235

* bsc#1207012

* bsc#1207532

* bsc#1210928

* bsc#1210930

* bsc#1211355

* bsc#1211560

* bsc#1211649

* bsc#1212695

* bsc#1212904

* bsc#1213469

* bsc#1214186

* bsc#1214471

* bsc#1214601

* bsc#1214759

* bsc#1215209

* bsc#1215514

* bsc#1215949

* bsc#1216030

* bsc#1216041

* bsc#1216085

* bsc#1216128

* bsc#1216380

* bsc#1216506

* bsc#1216555

* bsc#1216690

* bsc#1216754

* bsc#1217038

* bsc#1217223

* bsc#1217224

* jsc#MSQA-708

* jsc#SUMA-282

Cross-

* CVE-2023-22644

CVSS scores:

* CVE-2023-22644 ( NVD ): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Affected Products:

* openSUSE Leap 15.4

* openSUSE Leap 15.5

* Public Cloud Module 15-SP4

* Public Cloud Module 15-SP5

* SUSE Linux Enterprise High Performance Computing 15 SP4

* SUSE Linux Enterprise High Performance Computing 15 SP5

* SUSE Linux Enterprise Server 15 SP4

* SUSE Linux Enterprise Server 15 SP5

* SUSE Linux Enterprise Server for SAP Applications 15 SP4

* SUSE Linux Enterprise Server for SAP Applications 15 SP5

* SUSE Manager Proxy 4.3

* SUSE Manager Proxy 4.3 Module 4.3

* SUSE Manager Retail Branch Server 4.3

* SUSE Manager Server 4.3

* SUSE Manager Server 4.3 Module 4.3

An update that solves one vulnerability, contains two features and has 30

security fixes can now be installed.

## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.3

##

* https://www.suse.com/security/cve/CVE-2023-22644.html

* https://bugzilla.suse.com/show_bug.cgi?id=1191143

* https://bugzilla.suse.com/show_bug.cgi?id=1204235

* https://bugzilla.suse.com/show_bug.cgi?id=1207012

* https://bugzilla.suse.com/show_bug.cgi?id=1207532

* https://bugzilla.suse.com/show_bug.cgi?id=1210928

* https://bugzilla.suse.com/show_bug.cgi?id=1210930

* https://bugzilla.suse.com/show_bug.cgi?id=1211355

* https://bugzilla.suse.com/show_bug.cgi?id=1211560

* https://bugzilla.suse.com/show_bug.cgi?id=1211649

* https://bugzilla.suse.com/show_bug.cgi?id=1212695

* https://bugzilla.suse.com/show_bug.cgi?id=1212904

* https://bugzilla.suse.com/show_bug.cgi?id=1213469

* https://bugzilla.suse.com/show_bug.cgi?id=1214186

* https://bugzilla.suse.com/show_bug.cgi?id=1214471

* https://bugzilla.suse.com/show_bug.cgi?id=1214601

* https://bugzilla.suse.com/show_bug.cgi?id=1214759

* https://bugzilla.suse.com/show_bug.cgi?id=1215209

* https://bugzilla.suse.com/show_bug.cgi?id=1215514

* https://bugzilla.suse.com/show_bug.cgi?id=1215949

* https://bugzilla.suse.com/show_bug.cgi?id=1216030

* https://bugzilla.suse.com/show_bug.cgi?id=1216041

* https://bugzilla.suse.com/show_bug.cgi?id=1216085

* https://bugzilla.suse.com/show_bug.cgi?id=1216128

* https://bugzilla.suse.com/show_bug.cgi?id=1216380

* https://bugzilla.suse.com/show_bug.cgi?id=1216506

* https://bugzilla.suse.com/show_bug.cgi?id=1216555

* https://bugzilla.suse.com/show_bug.cgi?id=1216690

* https://bugzilla.suse.com/show_bug.cgi?id=1216754

* https://bugzilla.suse.com/show_bug.cgi?id=1217038

* https://bugzilla.suse.com/show_bug.cgi?id=1217223

* https://bugzilla.suse.com/show_bug.cgi?id=1217224

* https://jira.suse.com/browse/MSQA-708

* https://jira.suse.com/browse/SUMA-282

Severity
Announcement ID: SUSE-SU-2023:4737-1
Rating: important

Related News

News

Powered By

Footer Logo

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

Powered By

Footer Logo