SUSE-SU-2023:1831-1: important: Maintenance update for SUSE Manager 4.2: Server, Proxy and Retail Branch Server

27 Feb 2024

      # Maintenance update for SUSE Manager 4.2: Server, Proxy and Retail Branch
Server

Announcement ID: SUSE-SU-2023:1831-1  
Rating: important  
References:

  * bsc#1179926
  * bsc#1197027
  * bsc#1206562
  * bsc#1206973
  * bsc#1207063
  * bsc#1207308
  * bsc#1207352
  * bsc#1207490
  * bsc#1207799
  * bsc#1207829
  * bsc#1207830
  * bsc#1207838
  * bsc#1207883
  * bsc#1208288
  * bsc#1208321
  * bsc#1208325
  * bsc#1208586
  * bsc#1208687
  * bsc#1208719
  * bsc#1208772
  * bsc#1208908
  * bsc#1209369
  * bsc#1209386
  * bsc#1209434
  * bsc#1209703
  * jsc#PED-2777

Cross-References:

  * CVE-2020-8908
  * CVE-2022-0860
  * CVE-2023-22644

CVSS scores:

  * CVE-2020-8908 ( SUSE ):  4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  * CVE-2020-8908 ( NVD ):  3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  * CVE-2022-0860 ( SUSE ):  8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
  * CVE-2022-0860 ( NVD ):  9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  * CVE-2023-22644 ( NVD ):  3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Affected Products:

  * Development Tools Module 15-SP4
  * openSUSE Leap 15.4
  * SUSE Enterprise Storage 7
  * SUSE Enterprise Storage 7.1
  * SUSE Linux Enterprise Desktop 15 SP4
  * SUSE Linux Enterprise High Performance Computing 15 SP2
  * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
  * SUSE Linux Enterprise High Performance Computing 15 SP3
  * SUSE Linux Enterprise High Performance Computing 15 SP4
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
  * SUSE Linux Enterprise Real Time 15 SP3
  * SUSE Linux Enterprise Real Time 15 SP4
  * SUSE Linux Enterprise Server 15 SP2
  * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
  * SUSE Linux Enterprise Server 15 SP3
  * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
  * SUSE Linux Enterprise Server 15 SP4
  * SUSE Linux Enterprise Server for SAP Applications 15 SP2
  * SUSE Linux Enterprise Server for SAP Applications 15 SP3
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4
  * SUSE Manager Proxy 4.2
  * SUSE Manager Proxy 4.2 Module 4.2
  * SUSE Manager Proxy 4.3
  * SUSE Manager Retail Branch Server 4.2
  * SUSE Manager Retail Branch Server 4.3
  * SUSE Manager Server 4.2
  * SUSE Manager Server 4.2 Module 4.2
  * SUSE Manager Server 4.3

An update that solves three vulnerabilities, contains one feature and has 22
security fixes can now be installed.

## Security update for SUSE Manager Server 4.2

### Description:

This update fixes the following issues:

cobbler:

  * CVE-2022-0860: Unbreak PAM authentication due to missing encode of user
    input in the PAM auth module of Cobbler (bsc#1197027)
  * Fix S390X auto-installation for cases where kernel options are longer than
    79 characters (bsc#1207308)
  * Switch packaging from patch based to Git tree based development
  * All patches that are being removed in this revision are contained in the new
    Git tree.

guava:

  * Upgrade to guava 30.1.1
  * CVE-2020-8908: temp directory creation vulnerability in Guava versions prior
    to 30.0. (bsc#1179926)
  * Remove parent reference from ALL distributed pom files
  * Avoid version-less dependencies that can cause problems with some tools
  * Build the package with ant in order to prevent build cycles using a
    generated and customized ant build system
  * Produce with Java >= 9 binaries that are compatible with Java 8

jsr-305:

  * Deliver jsr-305 to SUSE Manager as Guava dependency

mgr-libmod:

  * Version 4.2.8-1
  * Ignore extra metadata fields for Liberty Linux (bsc#1208908)

spacecmd:

  * Version 4.2.22-1
  * Display activation key details after executing the corresponding command
    (bsc#1208719)
  * Show targetted packages before actually removing them (bsc#1207830)
  * Fix spacecmd not showing any output for softwarechannel_diff and
    softwarechannel_errata_diff (bsc#1207352)

spacewalk-backend:

  * Version 4.2.27-1
  * Fix the mgr-inter-sync not creating valid repository metadata when dealing
    with empty channels (bsc#1207829)
  * Fix repo sync for cloud "Pay As You Go" connected repositories (bsc#1208772)
  * Fix issues with kickstart syncing on mirrorlist repositories
  * Do not sync .mirrorlist and other non needed files
  * reposync: catch local file not found urlgrabber error properly (bsc#1208288)

spacewalk-client-tools:

  * Version 4.2.23-1
  * Update translation strings

spacewalk-java:

  * Version 4.2.49-1
  * Refactor Java notification synchronize to avoid deadlocks (bsc#1209369)

  * Version 4.2.48-1

  * Prevent logging formula data (bsc#1209386)
  * Use gnu-jaf instead of jaf
  * Use reload4j instead of log4j or log4j12
  * Use slf4j-reload4j
  * Save scheduler user when creating Patch actions manually (bsc#1208321)
  * Add `mgr_server_is_uyuni` minion pillar item
  * Do not execute immediately Package Refresh action for the SSH minion
    (bsc#1208325)
  * Mark as failed actions that cannot be scheduled because earliest date is too
    old
  * Update earliest date when rescheduling failed actions (bsc#1206562)
  * Fix reconnection of postgres event stream
  * fix NumberFormatException when syncing Ubuntu errata (bsc#1207883)
  * Fix duplicate keys in image tables (bsc#1207799)
  * Fix CLM environments UI for environment labels containing dots (bsc#1207838)

spacewalk-search:

  * Version 4.2.10-1
  * Use reload4j instead of log4j or log4j12

spacewalk-web:

  * Version 4.2.34-1
  * Fix datetime picker appearing behind modal edge (bsc#1209703)

  * Version 4.2.33-1

  * Deprecate jQuery datepicker, integrate React datepicker
  * Fix CLM environments UI for environment labels containing dots (bsc#1207838)

subscription-matcher:

  * Relax antlr version requirement

supportutils-plugin-susemanager:

  * Version 4.2.6-1
  * Fix DB connection check tool (bsc#1208586)

susemanager-build-keys:

  * Version 15.3.7 (jsc#PED-2777):
  * Add new 4096 bit RSA build key gpg-pubkey-3fa1d6ce-63c9481c.asc
  * add new 4096 bit RSA reserve build key gpg-pubkey-d588dc46-63c939db.asc
  * Add 2022 2048 bit RSA PTF key suse_ptf_key-6F5DA62B.asc
  * Add new 4096 bit RSA PTF key suse_ptf_key_2023.asc

susemanager-doc-indexes:

  * Removed z196 and z114 from listing in System Z chapter of the Installation
    and Upgrade Guide (bsc#1206973)
  * Branding updated for 2023
  * New search engine optimization improvements for documentation
  * Translations are now included in the webui help documentation
  * Local search is now provided with the webui help documentation

susemanager-docs_en:

  * Removed z196 and z114 from listing in System Z chapter of the Installation
    and Upgrade Guide (bsc#1206973)
  * Branding updated for 2023
  * New search engine optimization improvements for documentation
  * Translations are now included in the WebUI help documentation
  * Local search is now provided with the WebUI help documentation

susemanager-sls:

  * Version 4.2.32-1
  * Improve error handling in mgr_events.py (bsc#1208687)

susemanager-tftpsync:

  * Version 4.2.4-1
  * Fix removal of proxies section in cobbler settings (bsc#1207063)

uyuni-common-libs:

  * Version 4.2.10-1
  * Allow default component for context manager.

virtual-host-gatherer:

  * Version 1.0.25-1
  * Report total CPU numbers in the libvirt module

How to apply this update:

  1. Log in as root user to the SUSE Manager Server.
  2. Stop the Spacewalk service: `spacewalk-service stop`
  3. Apply the patch using either zypper patch or YaST Online Update.
  4. Start the Spacewalk service: `spacewalk-service start`

## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.2

### Description:

This update fixes the following issues:

mgr-daemon:

  * Version 4.2.11-1
  * Update translation strings

spacecmd:

  * Version 4.2.22-1
  * Display activation key details after executing the corresponding command
    (bsc#1208719)
  * Show targetted packages before actually removing them (bsc#1207830)
  * Fix spacecmd not showing any output for softwarechannel_diff and
    softwarechannel_errata_diff (bsc#1207352)

spacewalk-backend:

  * Version 4.2.27-1
  * Fix the mgr-inter-sync not creating valid repository metadata when dealing
    with empty channels (bsc#1207829)
  * fix repo sync for cloud payg connected repositories (bsc#1208772)
  * Fix issues with kickstart syncing on mirrorlist repositories
  * Do not sync .mirrorlist and other non needed files
  * reposync: catch local file not found urlgrabber error properly (bsc#1208288)

spacewalk-client-tools:

  * Version 4.2.23-1
  * Update translation strings

spacewalk-proxy:

  * Version 4.2.14-1
  * Avoid unnecessary debug messages from proxy backend (bsc#1207490)

spacewalk-web:

  * Version 4.2.34-1
  * Fix datetime picker appearing behind modal edge (bsc#1209703)

  * Version 4.2.33-1

  * Deprecate jQuery datepicker, integrate React datepicker
  * Fix CLM environments UI for environment labels containing dots (bsc#1207838)

susemanager-build-keys:

  * Version 15.3.7 (jsc#PED-2777):
  * Add new 4096 bit RSA build key gpg-pubkey-3fa1d6ce-63c9481c.asc
  * Add new 4096 bit RSA reserve build key gpg-pubkey-d588dc46-63c939db.asc
  * Add 2022 2048 bit RSA PTF key suse_ptf_key-6F5DA62B.asc
  * Add new 4096 bit RSA PTF key suse_ptf_key_2023.asc

uyuni-common-libs:

  * Version 4.2.10-1
  * Allow default component for context manager.

How to apply this update:

  1. Log in as root user to the SUSE Manager Proxy or Retail Branch Server.
  2. Stop the proxy service: `spacewalk-proxy stop`
  3. Apply the patch using either zypper patch or YaST Online Update.
  4. Start the Spacewalk service: `spacewalk-proxy start`

## Recommended update for jsr-305

### Description:

This update for jsr-305 provides the following fix:

    - Ship the correct versions of jsr-305 on SUSE Manager repositories (no source changes).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Manager Proxy 4.2 Module 4.2  
    zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-1831=1

  * SUSE Manager Server 4.2 Module 4.2  
    zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-1831=1

  * openSUSE Leap 15.4  
    zypper in -t patch openSUSE-SLE-15.4-2023-1831=1

  * Development Tools Module 15-SP4  
    zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-1831=1

  * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1831=1

  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1831=1

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1831=1

  * SUSE Linux Enterprise Real Time 15 SP3  
    zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1831=1

  * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1831=1

  * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1831=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP2  
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1831=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP3  
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1831=1

  * SUSE Enterprise Storage 7.1  
    zypper in -t patch SUSE-Storage-7.1-2023-1831=1

  * SUSE Enterprise Storage 7  
    zypper in -t patch SUSE-Storage-7-2023-1831=1

## Package List:

  * SUSE Manager Proxy 4.2 Module 4.2 (noarch)
    * spacewalk-proxy-salt-4.2.14-150300.3.27.6
    * python3-spacewalk-client-tools-4.2.23-150300.4.33.7
    * spacewalk-client-setup-4.2.23-150300.4.33.7
    * spacewalk-base-minimal-4.2.34-150300.3.41.5
    * python3-spacewalk-client-setup-4.2.23-150300.4.33.7
    * susemanager-build-keys-15.3.6-150300.3.9.5
    * spacewalk-client-tools-4.2.23-150300.4.33.7
    * spacewalk-proxy-management-4.2.14-150300.3.27.6
    * spacecmd-4.2.22-150300.4.36.7
    * mgr-daemon-4.2.11-150300.2.12.5
    * spacewalk-proxy-redirect-4.2.14-150300.3.27.6
    * spacewalk-check-4.2.23-150300.4.33.7
    * spacewalk-base-minimal-config-4.2.34-150300.3.41.5
    * spacewalk-proxy-package-manager-4.2.14-150300.3.27.6
    * susemanager-build-keys-web-15.3.6-150300.3.9.5
    * spacewalk-proxy-common-4.2.14-150300.3.27.6
    * python3-spacewalk-check-4.2.23-150300.4.33.7
    * spacewalk-proxy-broker-4.2.14-150300.3.27.6
    * spacewalk-backend-4.2.27-150300.4.38.7
  * SUSE Manager Proxy 4.2 Module 4.2 (x86_64)
    * python3-uyuni-common-libs-4.2.10-150300.3.17.6
  * SUSE Manager Server 4.2 Module 4.2 (noarch)
    * guava-30.1.1-150300.4.3.4
    * virtual-host-gatherer-libcloud-1.0.25-150300.3.12.5
    * virtual-host-gatherer-VMware-1.0.25-150300.3.12.5
    * spacewalk-backend-package-push-server-4.2.27-150300.4.38.7
    * spacewalk-backend-xmlrpc-4.2.27-150300.4.38.7
    * spacewalk-java-lib-4.2.49-150300.3.63.3
    * spacewalk-backend-app-4.2.27-150300.4.38.7
    * spacewalk-java-4.2.49-150300.3.63.3
    * spacewalk-base-minimal-config-4.2.34-150300.3.41.5
    * susemanager-sls-4.2.32-150300.3.46.5
    * susemanager-docs_en-pdf-4.2-150300.12.42.5
    * susemanager-doc-indexes-4.2-150300.12.42.6
    * subscription-matcher-0.29-150300.6.15.5
    * virtual-host-gatherer-Nutanix-1.0.25-150300.3.12.5
    * spacewalk-backend-4.2.27-150300.4.38.7
    * spacewalk-search-4.2.10-150300.3.18.6
    * spacewalk-base-minimal-4.2.34-150300.3.41.5
    * spacewalk-backend-sql-postgresql-4.2.27-150300.4.38.7
    * mgr-libmod-4.2.8-150300.3.9.6
    * spacewalk-backend-iss-export-4.2.27-150300.4.38.7
    * susemanager-docs_en-4.2-150300.12.42.5
    * supportutils-plugin-susemanager-4.2.6-150300.3.12.5
    * spacewalk-backend-applet-4.2.27-150300.4.38.7
    * spacewalk-backend-config-files-common-4.2.27-150300.4.38.7
    * spacewalk-html-4.2.34-150300.3.41.5
    * spacewalk-backend-server-4.2.27-150300.4.38.7
    * spacewalk-backend-config-files-tool-4.2.27-150300.4.38.7
    * spacewalk-backend-config-files-4.2.27-150300.4.38.7
    * cobbler-3.1.2-150300.5.22.5
    * spacewalk-base-4.2.34-150300.3.41.5
    * spacewalk-backend-xml-export-libs-4.2.27-150300.4.38.7
    * virtual-host-gatherer-1.0.25-150300.3.12.5
    * spacewalk-backend-iss-4.2.27-150300.4.38.7
    * spacecmd-4.2.22-150300.4.36.7
    * spacewalk-backend-tools-4.2.27-150300.4.38.7
    * virtual-host-gatherer-Kubernetes-1.0.25-150300.3.12.5
    * susemanager-build-keys-15.3.6-150300.3.9.5
    * spacewalk-java-postgresql-4.2.49-150300.3.63.3
    * jsr-305-3.0.2-150200.3.7.5
    * python3-spacewalk-client-tools-4.2.23-150300.4.33.7
    * uyuni-config-modules-4.2.32-150300.3.46.5
    * spacewalk-client-tools-4.2.23-150300.4.33.7
    * spacewalk-backend-sql-4.2.27-150300.4.38.7
    * susemanager-build-keys-web-15.3.6-150300.3.9.5
    * spacewalk-java-config-4.2.49-150300.3.63.3
    * spacewalk-taskomatic-4.2.49-150300.3.63.3
  * SUSE Manager Server 4.2 Module 4.2 (ppc64le s390x x86_64)
    * susemanager-tftpsync-4.2.4-150300.3.6.6
    * python3-uyuni-common-libs-4.2.10-150300.3.17.6
  * openSUSE Leap 15.4 (noarch)
    * jsr-305-3.0.2-150200.3.7.5
    * jsr-305-javadoc-3.0.2-150200.3.7.5
  * Development Tools Module 15-SP4 (noarch)
    * jsr-305-3.0.2-150200.3.7.5
  * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
    * jsr-305-3.0.2-150200.3.7.5
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch)
    * jsr-305-3.0.2-150200.3.7.5
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
    * jsr-305-3.0.2-150200.3.7.5
  * SUSE Linux Enterprise Real Time 15 SP3 (noarch)
    * jsr-305-3.0.2-150200.3.7.5
  * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
    * jsr-305-3.0.2-150200.3.7.5
  * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
    * jsr-305-3.0.2-150200.3.7.5
  * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
    * jsr-305-3.0.2-150200.3.7.5
  * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
    * jsr-305-3.0.2-150200.3.7.5
  * SUSE Enterprise Storage 7.1 (noarch)
    * jsr-305-3.0.2-150200.3.7.5
  * SUSE Enterprise Storage 7 (noarch)
    * jsr-305-3.0.2-150200.3.7.5

## References:

  * https://www.suse.com/security/cve/CVE-2020-8908.html
  * https://www.suse.com/security/cve/CVE-2022-0860.html
  * https://www.suse.com/security/cve/CVE-2023-22644.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1179926
  * https://bugzilla.suse.com/show_bug.cgi?id=1197027
  * https://bugzilla.suse.com/show_bug.cgi?id=1206562
  * https://bugzilla.suse.com/show_bug.cgi?id=1206973
  * https://bugzilla.suse.com/show_bug.cgi?id=1207063
  * https://bugzilla.suse.com/show_bug.cgi?id=1207308
  * https://bugzilla.suse.com/show_bug.cgi?id=1207352
  * https://bugzilla.suse.com/show_bug.cgi?id=1207490
  * https://bugzilla.suse.com/show_bug.cgi?id=1207799
  * https://bugzilla.suse.com/show_bug.cgi?id=1207829
  * https://bugzilla.suse.com/show_bug.cgi?id=1207830
  * https://bugzilla.suse.com/show_bug.cgi?id=1207838
  * https://bugzilla.suse.com/show_bug.cgi?id=1207883
  * https://bugzilla.suse.com/show_bug.cgi?id=1208288
  * https://bugzilla.suse.com/show_bug.cgi?id=1208321
  * https://bugzilla.suse.com/show_bug.cgi?id=1208325
  * https://bugzilla.suse.com/show_bug.cgi?id=1208586
  * https://bugzilla.suse.com/show_bug.cgi?id=1208687
  * https://bugzilla.suse.com/show_bug.cgi?id=1208719
  * https://bugzilla.suse.com/show_bug.cgi?id=1208772
  * https://bugzilla.suse.com/show_bug.cgi?id=1208908
  * https://bugzilla.suse.com/show_bug.cgi?id=1209369
  * https://bugzilla.suse.com/show_bug.cgi?id=1209386
  * https://bugzilla.suse.com/show_bug.cgi?id=1209434
  * https://bugzilla.suse.com/show_bug.cgi?id=1209703
  * https://jira.suse.com/browse/PED-2777

OPENSUSE-SECURITY-UPDATES

tags

participants (1)