SUSE Security Update: Security update for SUSE Manager Server 3.2
______________________________________________________________________________

Announcement ID:    SUSE-SU-2019:1703-1
Rating:             moderate
References:         #1117017 #1125090 #1128061 #1128838 #1129079 
                    #1130492 #1130551 #1131423 #1131704 #1131780 
                    #1131867 #1131929 #1131954 #1132103 #1132197 
                    #1133424 #1133587 #1133629 #1134195 #1134876 
                    #1135166 #1136029 #1136102 #1136250 #1136423 
                    
Cross-References:   CVE-2019-3684
Affected Products:
                    SUSE Manager Server 3.2
                    SUSE Manager Proxy 3.2
______________________________________________________________________________

   An update that solves one vulnerability and has 24 fixes is
   now available.

Description:


   This update fixes the following issues:

   cobbler:

   - Removes string replace for textmode fix (bsc#1134195)

   py26-compat-salt:

   - Avoid syntax error on yumpkg module running on Python 2.6 (bsc#1136250)
   - Use ThreadPool from multiprocessing.pool to avoid leakins when
     calculating FQDNs
   - Fix usermod options for SLE11 (bsc#1117017)
   - Do not report patches as installed on RHEL systems when not all the
     related packages are installed (bsc#1128061)
   - Do not include "ordereddict" and "singledispatch" on the thin for Python
     2.6 systems.
   - Fix paths for py26-compat dependencies on SLE15 and newer
   - Port optimization_order config parameter (bsc#1131423)
   - Use special tornado and msgpack-python compat packages on sles15sp1 and
     greater in py26-compat-salt.conf (bsc#1131423)
   - Add missing py26 thin dependencies
   - Calculate the "FQDNs" grains in parallel to avoid long blocking
     (bsc#1129079)

   salt-netapi-client:

   - Add workaround for Salt issue 52762
   - Version 0.16.0 see
     https://github.com/SUSE/salt-netapi-client/releases/tag/v0.16.0

   spacewalk-backend:

   - Fix spacewalk-repo-sync for Ubuntu repositories in mirror case
     (bsc#1136029)
   - Use new names in code for client tool packages which were renamed
     (bsc#1134876)
   - Fix HTTP headers handling to avoid duplicated entries (bsc#1125090)
   - Use suseLib.get_proxy to get the HTTP proxy configuration properly on
     DEB repos (bsc#1133424)

   spacewalk-certs-tools:

   - Fix missing quotation in bootstrap script (bsc#1136423)
   - Add new packages names to instructions for adding remote configuration
     support for traditional clients
   - Print error message instead of stacktrace for client_config_update.py

   spacewalk-config:

   - Fix config declaration for rhn.conf (bsc#1132197)

   spacewalk-java:

   - Remove the 'Returning' clause from the query as oracle doesn't support
     it (bsc#1135166)
   - Use new names in code for client tool packages which were renamed
     (bsc#1134876)
   - Handle the different retcodes that are being returned when salt module
     is not available (bsc#1131704)
   - Do not implicitly set parent channel when cloning (bsc#1130492)
   - Prevent Actions that were actually completed to be displayed as "in
     progress" forever (bsc#1131780)
   - Enable batching mode for salt synchronous calls
   - Show minion id in System Details GUI and API
   - Do not report Provisioning installed product to subscription matcher
     (bsc#1128838)
   - Fix product package conflicts with SLES for SAP systems (bsc#1130551)
   - Add support for Salt batch execution mode
   - Fix NPE on remote commands when no targets match (bsc1123375)
   - Fix apidoc return order on mergePackages
   - Take into account only synced products when scheduling SP migration from
     the API (bsc#1131929)

   spacewalk-web:

   - Change WebUI string version to 3.2.8

   susemanager:

   - Make swap files readable only by root (bsc#1131954, CVE-2019-3684)
   - Do not show false errors when configuring swapfile during setup
   - Create bootstrap repo for new Red Hat channels (bsc#1133587)

   susemanager-docs_en:

   - Minion ID is visible in System Info box.
   - Managing Systems Completely via SSH now fully supported (bsc#1131867).

   susemanager-schema:

   - Copy 3.1 schema migrations to 3.2 to be able to migrate from an older
     schema version to 3.2
   - Add support for Salt batch execution mode

   susemanager-sls:

   - Add support for Salt batch execution mode

   susemanager-sync-data:

   - Add SLES11 SP4 LTSS channels for SLES for SAP (bsc#1133629)
   - Add SLES11 SP4 LTSS channels for ppc64 (bsc#1132103)

   zypp-plugin-spacewalk:

   - Fix python syntax error in distupgrade (bsc#1136102)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Manager Server 3.2:

      zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-1703=1

   - SUSE Manager Proxy 3.2:

      zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-1703=1



Package List:

   - SUSE Manager Server 3.2 (ppc64le s390x x86_64):

      susemanager-3.2.18-3.25.2
      susemanager-tools-3.2.18-3.25.2

   - SUSE Manager Server 3.2 (noarch):

      cobbler-2.6.6-6.19.1
      py26-compat-salt-2016.11.10-6.26.1
      python2-spacewalk-certs-tools-2.8.8.10-3.11.1
      salt-netapi-client-0.16.0-4.11.1
      spacewalk-backend-2.8.57.16-3.30.1
      spacewalk-backend-app-2.8.57.16-3.30.1
      spacewalk-backend-applet-2.8.57.16-3.30.1
      spacewalk-backend-config-files-2.8.57.16-3.30.1
      spacewalk-backend-config-files-common-2.8.57.16-3.30.1
      spacewalk-backend-config-files-tool-2.8.57.16-3.30.1
      spacewalk-backend-iss-2.8.57.16-3.30.1
      spacewalk-backend-iss-export-2.8.57.16-3.30.1
      spacewalk-backend-libs-2.8.57.16-3.30.1
      spacewalk-backend-package-push-server-2.8.57.16-3.30.1
      spacewalk-backend-server-2.8.57.16-3.30.1
      spacewalk-backend-sql-2.8.57.16-3.30.1
      spacewalk-backend-sql-oracle-2.8.57.16-3.30.1
      spacewalk-backend-sql-postgresql-2.8.57.16-3.30.1
      spacewalk-backend-tools-2.8.57.16-3.30.1
      spacewalk-backend-xml-export-libs-2.8.57.16-3.30.1
      spacewalk-backend-xmlrpc-2.8.57.16-3.30.1
      spacewalk-base-2.8.7.16-3.27.1
      spacewalk-base-minimal-2.8.7.16-3.27.1
      spacewalk-base-minimal-config-2.8.7.16-3.27.1
      spacewalk-certs-tools-2.8.8.10-3.11.1
      spacewalk-config-2.8.5.7-3.16.1
      spacewalk-html-2.8.7.16-3.27.1
      spacewalk-java-2.8.78.22-3.32.1
      spacewalk-java-config-2.8.78.22-3.32.1
      spacewalk-java-lib-2.8.78.22-3.32.1
      spacewalk-java-oracle-2.8.78.22-3.32.1
      spacewalk-java-postgresql-2.8.78.22-3.32.1
      spacewalk-taskomatic-2.8.78.22-3.32.1
      susemanager-advanced-topics_en-pdf-3.2-11.26.1
      susemanager-best-practices_en-pdf-3.2-11.26.1
      susemanager-docs_en-3.2-11.26.1
      susemanager-getting-started_en-pdf-3.2-11.26.1
      susemanager-jsp_en-3.2-11.26.1
      susemanager-reference_en-pdf-3.2-11.26.1
      susemanager-schema-3.2.19-3.25.1
      susemanager-sls-3.2.25-3.29.1
      susemanager-sync-data-3.2.15-3.23.1
      susemanager-web-libs-2.8.7.16-3.27.1

   - SUSE Manager Proxy 3.2 (noarch):

      python2-rhncfg-5.10.122.3-3.3.1
      python2-rhncfg-actions-5.10.122.3-3.3.1
      python2-rhncfg-client-5.10.122.3-3.3.1
      python2-rhncfg-management-5.10.122.3-3.3.1
      python2-spacewalk-certs-tools-2.8.8.10-3.11.1
      python2-zypp-plugin-spacewalk-1.0.5-3.7.1
      rhncfg-5.10.122.3-3.3.1
      rhncfg-actions-5.10.122.3-3.3.1
      rhncfg-client-5.10.122.3-3.3.1
      rhncfg-management-5.10.122.3-3.3.1
      spacewalk-backend-2.8.57.16-3.30.1
      spacewalk-backend-libs-2.8.57.16-3.30.1
      spacewalk-base-minimal-2.8.7.16-3.27.1
      spacewalk-base-minimal-config-2.8.7.16-3.27.1
      spacewalk-certs-tools-2.8.8.10-3.11.1
      spacewalk-proxy-broker-2.8.5.5-3.6.2
      spacewalk-proxy-common-2.8.5.5-3.6.2
      spacewalk-proxy-installer-2.8.6.6-3.12.1
      spacewalk-proxy-management-2.8.5.5-3.6.2
      spacewalk-proxy-package-manager-2.8.5.5-3.6.2
      spacewalk-proxy-redirect-2.8.5.5-3.6.2
      spacewalk-proxy-salt-2.8.5.5-3.6.2
      susemanager-web-libs-2.8.7.16-3.27.1
      zypp-plugin-spacewalk-1.0.5-3.7.1


References:

   https://www.suse.com/security/cve/CVE-2019-3684.html
   https://bugzilla.suse.com/1117017
   https://bugzilla.suse.com/1125090
   https://bugzilla.suse.com/1128061
   https://bugzilla.suse.com/1128838
   https://bugzilla.suse.com/1129079
   https://bugzilla.suse.com/1130492
   https://bugzilla.suse.com/1130551
   https://bugzilla.suse.com/1131423
   https://bugzilla.suse.com/1131704
   https://bugzilla.suse.com/1131780
   https://bugzilla.suse.com/1131867
   https://bugzilla.suse.com/1131929
   https://bugzilla.suse.com/1131954
   https://bugzilla.suse.com/1132103
   https://bugzilla.suse.com/1132197
   https://bugzilla.suse.com/1133424
   https://bugzilla.suse.com/1133587
   https://bugzilla.suse.com/1133629
   https://bugzilla.suse.com/1134195
   https://bugzilla.suse.com/1134876
   https://bugzilla.suse.com/1135166
   https://bugzilla.suse.com/1136029
   https://bugzilla.suse.com/1136102
   https://bugzilla.suse.com/1136250
   https://bugzilla.suse.com/1136423

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates