Maintenance update for SUSE Manager 4.2: Server, Proxy and Retail Branch Server

Announcement ID:	SUSE-SU-2023:3474-1
Rating:	important
References:	bsc#1175823 bsc#1208528 bsc#1208577 bsc#1209156 bsc#1210103 bsc#1210994 bsc#1211100 bsc#1211469 bsc#1211650 bsc#1211884 bsc#1212032 bsc#1212106 bsc#1212416 bsc#1212507 bsc#1212589 bsc#1212700 bsc#1212943 bsc#1213880 bsc#1214187 bsc#1214333 jsc#MSQA-698
Cross-References:	CVE-2023-29409
CVSS scores:	CVE-2023-29409 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-29409 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:	SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.2 Module 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 SUSE Manager Server 4.2 Module 4.2

An update that solves one vulnerability, contains one feature and has 19 security fixes can now be installed.

Recommended update for SUSE Manager Proxy and Retail Branch Server 4.2

Description:

This update fixes the following issues:

spacecmd:

• Version 4.2.24-1
• Update translations

spacewalk-backend:

• Version 4.2.29-1
• Use a constant to get the product name in python code rather than reading rhn.conf (bsc#1212943)
• Only show missing /root/.curlrc error with log_level = 5 (bsc#1212507)

spacewalk-web:

• Version 4.2.36-1
• Update translations
• Fix VHM CPU and RAM display when 0 (bsc#1175823)
• Fix parsing error when showing notification message details (bsc#1211469)

How to apply this update:

1. Log in as root user to the SUSE Manager Proxy or Retail Branch Server.
2. Stop the proxy service: spacewalk-proxy stop
3. Apply the patch using either zypper patch or YaST Online Update.
4. Start the Spacewalk service: spacewalk-proxy start

Recommended update for SUSE Manager Server 4.2

Description:

This update fixes the following issues:

hub-xmlrpc-api:

• Security fix:
• CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. (bsc#1213880)
  • There are no direct source changes. The CVE on hub-xmlrpc-api is fixed rebuilding the sources with the patched Go version.

spacecmd:

• Version 4.2.24-1
• Update translations

spacewalk-backend:

• Version 4.2.29-1
• Use a constant to get the product name in python code rather than reading rhn.conf (bsc#1212943)
• Only show missing /root/.curlrc error with log_level = 5 (bsc#1212507)

spacewalk-java:

• Version 4.2.55-1
• Set swap memory value if available
• Set primary FQDN to hostname if none is set (bsc#1209156, bsc#1214333)
• Version 4.2.54-1
• Consider venv-salt-minion package update as a Salt update to prevent backtraces on upgrading salt with itself (bsc#1211884)
• Version 4.2.53-1
• Fix "more then one method candidate found" for API function (bsc#1211100)
• Fixed a bug that caused the tab Autoinstallation to hide when clicking on Power Management Management/Operations on SSM -> Provisioning
• Update copyright year (bsc#1212106)
• Disable jinja processing for the roster file (bsc#1211650)
• Version 4.2.52-1
• Update jetty-util to version 9.4.51
• Version 4.2.51-1
• Update version of Tomcat build dependencies

spacewalk-reports:

• Version 4.2.8-1
• Drop Python2 compatibility (bsc#1212589)

spacewalk-setup:

• Version 4.2.13-1
• Drop usage of salt.ext.six in embedded_diskspace_check

spacewalk-utils:

• Version 4.2.20-1
• Drop Python2 compatibility

spacewalk-web:

• Version 4.2.36-1
• Update translation
• Fix VHM CPU and RAM display when 0 (bsc#1175823)
• Fix parsing error when showing notification message details (bsc#1211469)

susemanager:

• Version 4.2.44-1
• Require LTSS channels for SUSE Linux Enterprise 15 SP1/SP2/SP3 and SUSE Manager Proxy 4.2 (bsc#1214187)
• Version 4.2.43-1
• Add missing Salt 3006.0 dependencies to bootstrap repo definitions (bsc#1212700)
• Make mgr-salt-ssh to properly fix HOME environment to avoid issues with gitfs (bsc#1210994)

susemanager-doc-indexes:

• Typo correction for Cobbler buildiso command in Client Configuration Guide
• Replaced plain text with dedicated attribute for AutoYaST
• Added a note about Oracle Unbreakable Linux Network mirroring requirements in Client Configuration Guide (bsc#1212032)
• Added SUSE Linux Enterprise 15 SP5 and openSUSE Leap 15.5 as supported clients in the Client Configuration Guide
• Fixed missing tables of content in the Reference Guide (bsc#1208577)
• Fixed instruction for Single sign-on implementation example in the Administration Guide (bsc#1210103)
• Removed reference to non-exitent files in Reference Guide (bsc#1208528)

susemanager-docs_en:

• Typo correction for Cobbler buildiso command in Client Configuration Guide
• Replaced plain text with dedicated attribute for AutoYaST
• Added a note about Oracle Unbreakable Linux Network mirroring requirements in Client Configuration Guide (bsc#1212032)
• Added SUSE Linux Enterprise 15 SP5 and openSUSE Leap 15.5 as supported clients in the Client Configuration Guide
• Fixed missing tables of content in the Reference Guide (bsc#1208577)
• Fixed instruction for Single sign-on implementation example in the Administration Guide (bsc#1210103)
• Removed reference to non-exitent files in Reference Guide (bsc#1208528)

susemanager-schema:

• Version 4.2.29-1
• Add schema directory for susemanager-schema-4.2.29

susemanager-sls:

• Version 4.2.35-1
• Do not disable salt-minion on salt-ssh managed clients
• Use venv-salt-minion instead of salt for docker states (bsc#1212416)

How to apply this update:

1. Log in as root user to the SUSE Manager Server.
2. Stop the Spacewalk service: spacewalk-service stop
3. Apply the patch using either zypper patch or YaST Online Update.
4. Start the Spacewalk service: spacewalk-service start

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Manager Proxy 4.2 Module 4.2
  zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-3474=1
• SUSE Manager Server 4.2 Module 4.2
  zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-3474=1

Package List:

• SUSE Manager Proxy 4.2 Module 4.2 (noarch)
  • spacecmd-4.2.24-150300.4.42.3
  • spacewalk-base-minimal-config-4.2.36-150300.3.47.5
  • spacewalk-base-minimal-4.2.36-150300.3.47.5
  • spacewalk-backend-4.2.29-150300.4.44.5
• SUSE Manager Server 4.2 Module 4.2 (ppc64le s390x x86_64)
  • hub-xmlrpc-api-0.7-150300.3.14.2
  • inter-server-sync-0.3.0-150300.8.36.1
  • inter-server-sync-debuginfo-0.3.0-150300.8.36.1
  • susemanager-4.2.44-150300.3.59.1
  • susemanager-tools-4.2.44-150300.3.59.1
• SUSE Manager Server 4.2 Module 4.2 (noarch)
  • spacewalk-backend-xmlrpc-4.2.29-150300.4.44.5
  • spacewalk-backend-app-4.2.29-150300.4.44.5
  • spacewalk-base-minimal-4.2.36-150300.3.47.5
  • spacewalk-backend-4.2.29-150300.4.44.5
  • spacewalk-java-postgresql-4.2.55-150300.3.73.2
  • spacewalk-setup-4.2.13-150300.3.21.3
  • spacewalk-backend-config-files-4.2.29-150300.4.44.5
  • spacewalk-java-4.2.55-150300.3.73.2
  • susemanager-doc-indexes-4.2-150300.12.48.5
  • spacewalk-backend-xml-export-libs-4.2.29-150300.4.44.5
  • spacewalk-taskomatic-4.2.55-150300.3.73.2
  • spacewalk-backend-sql-postgresql-4.2.29-150300.4.44.5
  • spacewalk-base-minimal-config-4.2.36-150300.3.47.5
  • spacewalk-backend-iss-export-4.2.29-150300.4.44.5
  • spacewalk-java-config-4.2.55-150300.3.73.2
  • spacewalk-reports-4.2.8-150300.3.12.3
  • spacewalk-backend-applet-4.2.29-150300.4.44.5
  • spacewalk-backend-iss-4.2.29-150300.4.44.5
  • spacewalk-backend-server-4.2.29-150300.4.44.5
  • spacewalk-java-lib-4.2.55-150300.3.73.2
  • spacewalk-backend-sql-4.2.29-150300.4.44.5
  • spacewalk-backend-tools-4.2.29-150300.4.44.5
  • susemanager-docs_en-4.2-150300.12.48.3
  • spacewalk-base-4.2.36-150300.3.47.5
  • susemanager-docs_en-pdf-4.2-150300.12.48.3
  • susemanager-sls-4.2.35-150300.3.54.3
  • spacewalk-utils-4.2.20-150300.3.27.3
  • spacewalk-backend-package-push-server-4.2.29-150300.4.44.5
  • susemanager-schema-4.2.29-150300.3.41.5
  • spacecmd-4.2.24-150300.4.42.3
  • spacewalk-utils-extras-4.2.20-150300.3.27.3
  • spacewalk-backend-config-files-common-4.2.29-150300.4.44.5
  • spacewalk-backend-config-files-tool-4.2.29-150300.4.44.5
  • uyuni-config-modules-4.2.35-150300.3.54.3
  • spacewalk-html-4.2.36-150300.3.47.5

References:

• https://www.suse.com/security/cve/CVE-2023-29409.html
• https://bugzilla.suse.com/show_bug.cgi?id=1175823
• https://bugzilla.suse.com/show_bug.cgi?id=1208528
• https://bugzilla.suse.com/show_bug.cgi?id=1208577
• https://bugzilla.suse.com/show_bug.cgi?id=1209156
• https://bugzilla.suse.com/show_bug.cgi?id=1210103
• https://bugzilla.suse.com/show_bug.cgi?id=1210994
• https://bugzilla.suse.com/show_bug.cgi?id=1211100
• https://bugzilla.suse.com/show_bug.cgi?id=1211469
• https://bugzilla.suse.com/show_bug.cgi?id=1211650
• https://bugzilla.suse.com/show_bug.cgi?id=1211884
• https://bugzilla.suse.com/show_bug.cgi?id=1212032
• https://bugzilla.suse.com/show_bug.cgi?id=1212106
• https://bugzilla.suse.com/show_bug.cgi?id=1212416
• https://bugzilla.suse.com/show_bug.cgi?id=1212507
• https://bugzilla.suse.com/show_bug.cgi?id=1212589
• https://bugzilla.suse.com/show_bug.cgi?id=1212700
• https://bugzilla.suse.com/show_bug.cgi?id=1212943
• https://bugzilla.suse.com/show_bug.cgi?id=1213880
• https://bugzilla.suse.com/show_bug.cgi?id=1214187
• https://bugzilla.suse.com/show_bug.cgi?id=1214333
• https://jira.suse.com/browse/MSQA-698