[SUSE-SU-2022:2144-1] Security update for SUSE Manager Server 4.2
Severity
Important
CVEs
3
Security update for SUSE Manager Server 4.2
This update fixes the following issues:
inter-server-sync:
- version 0.2.2
- Parameter --channel-with-children didn't export data (bsc#1199089)
- Clean rhnchannelcloned table to rebuild hierarchy (bsc#1197400)
- Version 0.2.1
- Correct sequence in use for table rhnpackagekey(bsc#1197400)
- Make Docker image export compatible with Suse Manager 4.2
- Version 0.2.0
- Allow images export and import (os based and Docker)
prometheus-formula:
- Version 0.6.2
- Allow prometheus-formula only for SUSE systems (bsc#1199149)
salt-netapi-client:
- Improve the hotfix for bsc#1192550 (bsc#1197449):
smdba:
- Don't package egg-info file for Enterprise Linux.
spacecmd:
- Version 4.2.17-1
- parse boolean paramaters correctly (bsc#1197689)
spacewalk-backend:
- version 4.2.22-1
- Do not raise error on file:// based DEB repo when looking for alternative Release files (bsc#1199142)
- Version 4.2.21-1
- Improve parsing deb packages dependencies (bsc#1194594)
spacewalk-certs-tools:
- Version 4.2.16-1
- Add Salt Bundle support to bootstrap script generator
spacewalk-java:
- version 4.2.38-1
- Remove unused gson-extras.jar during build
- version 4.2.37-1
- CVE-2022-31248: User enumeration via weak error message. (bsc#1199629)
- version 4.2.36-1
- CVE-2022-21952: Unauthenticated remote Denial of Service via resource exhaustion. (bsc#1199512)
- Version 4.2.35-1
- faster display installable packages list (bsc#1187333)
- Pass ssh_salt_pre_flight_script and ssh_use_salt_thin parameters to the generated roster files to enable optional Salt Bundle support with Salt SSH
- Fix reboot time on salt-ssh client(bsc#1197591)
- detect free products in Alpha and Beta stage and prevent checks on openSUSE products (bsc#1197488)
- Allow monitoring entitlement for debian 11 and 10
- Hide private methods in XMLRPC handlers
- Warning log when hardware refresh result is not serializable
- Optimize adding new products function (bsc#1193707)
spacewalk-utils:
- Version 4.2.16-1
- Add Debian 11 repositories
spacewalk-web:
- Version 4.2.27-1
- increase web page default timeout (bsc#1187333)
- Add ssh_salt_pre_flight_script and ssh_use_salt_thin parameters to default rhn_web.conf
- Upgrade minimist to fix CVE-2021-44906
- susemanager-nodejs-sdk-devel is now provided by spacewalk-web
- Resolve race conditions in CLM (bsc#1195710)
susemanager:
- version 4.2.32-1
- Add python3-contextvars and python3-immutables to missing bootstrap repos (bsc#1200606)
- version 4.2.31-1
- Add python3-gnupg to bootstrap repo definition for Ubuntu 20.04 (bsc#1200212)
- version 4.2.30-1
- Fix a syntax problem at the bootstrap repository definitions
- Version 4.2.29-1
- Add Salt Bundle support to mgr-create-bootstrap-repo
- Enable bootstrapping for Debian 11
- fix SLE15 bootstrap repo definition (bsc#1197438)
- Add SLES15SP4 and SUMA Proxy 4.3 to bootstrap repo definitions (bsc#1196702)
- Add missing dependencies for Salt 3004 into bootstrap repository for SLE15 family (bsc#1198221)
susemanager-doc-indexes:
- Updated Salt version for Server and Proxy to 3004
- Added details to Client Configuration Guide on using Salt Bundle as optional
- Updated saltversion attribute from 3002 to 3004
- In the Administration Guide, documented that monitoring tools are available in SUSE Linux Enterprise 12 and 15 and openSUSE Leap 15, but Grafana is not available on Proxy (bsc#1191143)
- Documented Autoyast installation features in Autoyast section of the Client Configuration Guide
- In Client Configuration Guide document Debian 11 as a supported OS as a client
- In Client Configuration Guide, clarified client upgrade issues
- In Client Configuration Guide, added information about registration of version 12 of SUSE Linux Enterprise clients
- In Client Configuration Guide, mark the applying patches features as supported on Ubuntu
- SLE Micro in Client Configuration Guide: Update version number from 5.0 to 5.1, and warn about Salt installation.
susemanager-docs_en:
- Updated Salt version for Server and Proxy to 3004
- Added details to Client Configuration Guide on using Salt Bundle as optional
- In the Administration Guide, documented that monitoring tools are available in SUSE Linux Enterprise 12 and 15 and openSUSE Leap 15, but Grafana is not available on Proxy (bsc#1191143)
- Documented Autoyast installation features in Autoyast section of the Client Configuration Guide
- In Client Configuration Guide document Debian 11 as a supported OS as a client
- In Client Configuration Guide, clarified client upgrade issues
- In Client Configuration Guide, added information about registration of version 12 of SUSE Linux Enterprise clients
- In Client Configuration Guide, mark the applying patches features as supported on Ubuntu
- SLE Micro in Client Configuration Guide: Update version number from 5.0 to 5.1, and warn about Salt installation.
susemanager-schema:
- Version 4.2.22-1
- Add schema directory for susemanager-schema-4.2.21
susemanager-sls:
- version 4.2.23-1
- Fix bootstrap repository URL resolution for Yum based clients with preflight script for Salt SSH
- Version 4.2.22-1
- Add Salt Bundle support on bootstrapping
- Add Salt SSH with Salt Bundle support
- Add util.mgr_switch_to_venv_minion state to switch salt minions to use the Salt Bundle
- Fix bootstrap repository path resolution for Oracle Linux
- Handle salt bundle in set_proxy.sls
susemanager-sync-data:
- Version 4.2.12-1
- change release status of EL 7 and 8 aarch64 to released
- change release status of Rocky Linux 8 x86_64 to released
- add Debian 11 amd64
supportutils-plugin-salt:
- Update to version 1.2.0
- Add support for Salt Bundle
virtual-host-gatherer:
- Version 1.0.23-1
- reformat the first 3 groups of the UUID for hardware versions >=13 in VMWare environment.
- Fix shebangs to use python3
- Implement libvirt module
How to apply this update:
- Log in as root user to the SUSE Manager server.
- Stop the Spacewalk service:
spacewalk-service stop
- Apply the patch using either zypper patch or YaST Online Update.
- Start the Spacewalk service:
spacewalk-service start
- ID
- SUSE-SU-2022:2144-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2022/suse-su-20222144-1/
- Published
-
2022-06-20T14:11:52
(2 years ago) - Modified
-
2022-06-20T14:11:52
(2 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALSA-2022:9073
- ALSA-2023:0050
- ALSA-2023:0321
- ELSA-2023-0050
- ELSA-2023-0321
- NPM:GHSA-XVCH-5GV4-984H
- RHSA-2022:9073
- RHSA-2023:0050
- RHSA-2023:0321
- RLSA-2022:9073
- RLSA-2023:0050
- RLSA-2023:0321
- SUSE-SU-2022:1459-1
- SUSE-SU-2022:1461-1
- SUSE-SU-2022:1462-1
- SUSE-SU-2022:1466-1
- SUSE-SU-2022:1694-1
- SUSE-SU-2022:1717-1
- SUSE-SU-2022:2143-1
- SUSE-SU-2022:2145-1
- SUSE-SU-2022:2146-1
- SUSE-SU-2022:2567-1
- SUSE-SU-2022:2568-1
- SUSE-SU-2022:3194-1
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |