Hi, I updated according the instructions, but the server does not start again. spacewalk-service status <rest is green> �� taskomatic.service - Taskomatic Loaded: loaded (/usr/lib/systemd/system/taskomatic.service; enabled; vendor preset: disabled) Drop-In: /usr/lib/systemd/system/taskomatic.service.d ����override.conf Active: failed (Result: exit-code) since Tue 2020-09-22 12:00:15 CEST; 13min ago Process: 18028 ExecStart=/usr/sbin/taskomatic (code=exited, status=255) Main PID: 18028 (code=exited, status=255) <rest is green> journalctl -u tomcat.service Sep 22 11:57:06 smduyuni server[15493]: 22-Sep-2020 11:57:06.953 SEVERE [main] org.apache.catalina.core.StandardContext.startInternal One or more listeners failed to start. Full details will be found in the appropriate container log file Sep 22 11:57:06 smduyuni server[15493]: 22-Sep-2020 11:57:06.977 SEVERE [main] org.apache.catalina.core.StandardContext.startInternal Context [/rhn] startup failed due to previous errors localhost.2020-09-22.log 22-Sep-2020 11:57:06.953 SEVERE [main] org.apache.catalina.core.StandardContext.listenerStart Error configuring application listener of class [com.redhat.rhn.webapp.RhnServletListener] java.lang.NoSuchFieldError: FILE at com.suse.manager.webui.services.impl.SaltService.<init>(SaltService.java:151) at com.suse.manager.webui.services.impl.SaltService.<clinit>(SaltService.java:136) at com.redhat.rhn.webapp.RhnServletListener.<init>(RhnServletListener.java:56) at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490) at org.apache.catalina.core.DefaultInstanceManager.newInstance(DefaultInstanceManager.java:151) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4602) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5139) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:717) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:690) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705) at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1133) at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1866) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) at java.base/java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:118) at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:1045) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:429) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1576) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:309) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123) at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423) at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:366) at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:936) at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:841) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1384) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1374) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) at java.base/java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:140) at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:909) at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:262) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) at org.apache.catalina.core.StandardService.startInternal(StandardService.java:421) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:930) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) at org.apache.catalina.startup.Catalina.start(Catalina.java:633) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:343) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:474) 22-Sep-2020 11:57:06.953 SEVERE [main] org.apache.catalina.core.StandardContext.listenerStart Skipped installing application listeners due to previous error(s) Regards, Torsten
-----Original Message----- From: Julio Gonz��lez Gil [mailto:jgonzalez@suse.com] Sent: Wednesday, September 16, 2020 7:15 PM To: uyuni-announce@opensuse.org; uyuni-devel@opensuse.org; uyuni- users@opensuse.org Subject: [EXTERN] [uyuni-users] Special update for CVE-2020-8028 (bsc#1175884)
Dear lists,
today we released an unscheduled maintenance update for CVE-2020-8028 (bsc#1175884), which is a security vulnerability of SUSE Manager and Uyuni Servers. The bug has been kept under embargo since it was reported to this day while we prepared a fix and coordinated the release.
Only users that have shell access to the Uyuni server can exploit this vulnerability. This is not a common setup, shell access to the server should usually be restricted to the server administrators.
In order to install this update please make sure you are on the most recent release (2020.07) and use the following commands on the Uyuni server:
zypper addrepo https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stab le:/Patches/openSUSE_Leap_15.2/systemsmanagement:Uyuni:Stable:Patches.r epo zypper refresh spacewalk-service stop zypper update spacewalk-java-lib spacewalk-java spacewalk-java-config spacewalk-java-postgresql spacewalk-taskomatic spacewalk-admin spacewalk- setup salt-netapi-client spacewalk-service start
After services start again, the Salt API endpoint will be authenticated and encrypted.
As the fix changes the way the Salt API endpoint is served, it is expected to break any third-party scripts or software that may rely on it. We will take this occasion to remind you that:
- the Salt API endpoint configured by Uyuni at installation time is exclusively for internal Uyuni use and by default not exposed to the network. If your custom software depends on using the Salt API directly, you are relying on something not supported by Uyuni. - it is possible to define additional API endpoints, and secure them in a variety of ways, and those are fine for custom scripts. More information about how to configure those are available at: https://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_tornado... ml#module-salt.netapi.rest_tornado
If applying the update is not readily feasible, we recommend to restrict shell access to the Uyuni Server to the minimum set of users who really need it - which is a standard, recommended security practice in any case.
More information is available at: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8028 - https://github.com/uyuni-project/uyuni/pull/2613
-- Julio Gonz��lez Gil Release Engineer, SUSE Manager and Uyuni jgonzalez@suse.com N�����r��y隊[��x������칻�&ޢ��������'��-���w�zf��쮞+�z�>� ޮ�^�ˬz��