Maintenance update for SUSE Manager 5.0: Server, Proxy and Retail Branch Server

Announcement ID:	SUSE-RU-2024:4008-1
Release Date:	2024-11-18T13:20:34Z
Rating:	moderate
References:	bsc#1223142 bsc#1226759 bsc#1228424 bsc#1228685 bsc#1229108 bsc#1229432 bsc#1229501 bsc#1230136 bsc#1230139 bsc#1230285 bsc#1230288 bsc#1231157 bsc#1231206 bsc#1231497 bsc#1231568 bsc#1232575 bsc#1232769 jsc#MSQA-863
Cross-References:	CVE-2024-22037
CVSS scores:	CVE-2024-22037 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L CVE-2024-22037 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products:	SUSE Linux Enterprise Micro 5.5 SUSE Manager Proxy 5.0 Extension 5.0 SUSE Manager Retail Branch Server 5.0 Extension 5.0 SUSE Manager Server 5.0 Extension 5.0

An update that solves one vulnerability, contains one feature and has 16 recommended fixes can now be installed.

Security update for SUSE Manager Proxy 5.0

Description:

This update fixes the following issues:

uyuni-storage-setup:

Version 5.0.3-0
Do not create partition on extra storage disk
Version 5.0.2-0
Do not build debuginfo package

uyuni-tools:

Security issues fixed:
Version 0.1.24-0
- CVE-2024-22037: Use podman secret to store the database credentials (bsc#1231497)
Bugs fixed:
Version 0.1.26-0
- Ignore all zypper caches during migration (bsc#1232769)
Version 0.1.25-0
- Don't migrate enabled systemd services, recreate them (bsc#1232575)
Version 0.1.24-0
- Redact JSESSIONID and pxt-session-cookie values from logs and console output (bsc#1231568)
Version 0.1.23-0
- Ensure namespace is defined in all kubernetes commands
- Use SCC credentials to authenticate against registry.suse.com for kubernetes (bsc#1231157)
- Fix namespace usage on mgrctl cp command
Version 0.1.22-0
- Set projectId also for test packages/images
- mgradm migration should not pull Confidential Computing and Hub image is replicas == 0 (bsc#1229432, bsc#1230136)
- Do not allow SUSE Manager downgrade
- Prevent completion issue when /var/log/uyuni-tools.log is missing
- Fix proxy shared volume flag
- During migration, exclude mgr-sync configuration file (bsc#1228685)
- Migrate from PostgreSQL 14 to PostgreSQL 16 pg_hba.conf and postgresql.conf files (bsc#1231206)
- During migration, handle empty autoinstallation path (bsc#1230285)
- During migration, handle symlinks (bsc#1230288)
- During migration, trust the remote sender's file list (bsc#1228424)
- Use SCC flags during podman pull
- Restore SELinux permission after migration (bsc#1229501)
- Share volumes between containers (bsc#1223142)
- Save supportconfig in current directory (bsc#1226759)
- Fix error code handling on reinstallation (bsc#1230139)
- Fix creating first user and organization
- Add missing variable quotes for install vars (bsc#1229108)
- Add API login and logout calls to allow persistent login

How to apply this update:

Log in as root user to the SUSE Manager Proxy.
Upgrade mgrpxy.
If you are in a disconnected environment, upgrade the image packages.
Reboot the system.
Run mgrpxy upgrade podman which will use the default image tags.

Security update for SUSE Manager Retail Branch Server 5.0

Description:

This update fixes the following issues:

uyuni-storage-setup:

Version 5.0.3-0
Do not create partition on extra storage disk
Version 5.0.2-0
Do not build debuginfo package

uyuni-tools:

Security issues fixed:
Version 0.1.24-0
- CVE-2024-22037: Use podman secret to store the database credentials (bsc#1231497)
Bugs fixed:
Version 0.1.26-0
- Ignore all zypper caches during migration (bsc#1232769)
Version 0.1.25-0
- Don't migrate enabled systemd services, recreate them (bsc#1232575)
Version 0.1.24-0
- Redact JSESSIONID and pxt-session-cookie values from logs and console output (bsc#1231568)
Version 0.1.23-0
- Ensure namespace is defined in all kubernetes commands
- Use SCC credentials to authenticate against registry.suse.com for kubernetes (bsc#1231157)
- Fix namespace usage on mgrctl cp command
Version 0.1.22-0
- Set projectId also for test packages/images
- mgradm migration should not pull Confidential Computing and Hub image is replicas == 0 (bsc#1229432, bsc#1230136)
- Do not allow SUSE Manager downgrade
- Prevent completion issue when /var/log/uyuni-tools.log is missing
- Fix proxy shared volume flag
- During migration, exclude mgr-sync configuration file (bsc#1228685)
- Migrate from PostgreSQL 14 to PostgreSQL 16 pg_hba.conf and postgresql.conf files (bsc#1231206)
- During migration, handle empty autoinstallation path (bsc#1230285)
- During migration, handle symlinks (bsc#1230288)
- During migration, trust the remote sender's file list (bsc#1228424)
- Use SCC flags during podman pull
- Restore SELinux permission after migration (bsc#1229501)
- Share volumes between containers (bsc#1223142)
- Save supportconfig in current directory (bsc#1226759)
- Fix error code handling on reinstallation (bsc#1230139)
- Fix creating first user and organization
- Add missing variable quotes for install vars (bsc#1229108)
- Add API login and logout calls to allow persistent login

How to apply this update:

Log in as root user to the SUSE Manager Retail Branch Server.
Upgrade mgrpxy.
If you are in a disconnected environment, upgrade the image packages.
Reboot the system.
Run mgrpxy upgrade podman which will use the default image tags.

Security update for SUSE Manager Server 5.0

Description:

This update fixes the following issues:

uyuni-storage-setup:

Version 5.0.3-0
Do not create partition on extra storage disk
Version 5.0.2-0
Do not build debuginfo package

uyuni-tools:

Security issues fixed:
Version 0.1.24-0
- CVE-2024-22037: Use podman secret to store the database credentials (bsc#1231497)
Bugs fixed:
Version 0.1.26-0
- Ignore all zypper caches during migration (bsc#1232769)
Version 0.1.25-0
- Don't migrate enabled systemd services, recreate them (bsc#1232575)
Version 0.1.24-0
- Redact JSESSIONID and pxt-session-cookie values from logs and console output (bsc#1231568)
Version 0.1.23-0
- Ensure namespace is defined in all kubernetes commands
- Use SCC credentials to authenticate against registry.suse.com for kubernetes (bsc#1231157)
- Fix namespace usage on mgrctl cp command
Version 0.1.22-0
- Set projectId also for test packages/images
- mgradm migration should not pull Confidential Computing and Hub image is replicas == 0 (bsc#1229432, bsc#1230136)
- Do not allow SUSE Manager downgrade
- Prevent completion issue when /var/log/uyuni-tools.log is missing
- Fix proxy shared volume flag
- During migration, exclude mgr-sync configuration file (bsc#1228685)
- Migrate from PostgreSQL 14 to PostgreSQL 16 pg_hba.conf and postgresql.conf files (bsc#1231206)
- During migration, handle empty autoinstallation path (bsc#1230285)
- During migration, handle symlinks (bsc#1230288)
- During migration, trust the remote sender's file list (bsc#1228424)
- Use SCC flags during podman pull
- Restore SELinux permission after migration (bsc#1229501)
- Share volumes between containers (bsc#1223142)
- Save supportconfig in current directory (bsc#1226759)
- Fix error code handling on reinstallation (bsc#1230139)
- Fix creating first user and organization
- Add missing variable quotes for install vars (bsc#1229108)
- Add API login and logout calls to allow persistent login

How to apply this update:

Log in as root user to the SUSE Manager Server.
Upgrade mgradm and mgrctl.
If you are in a disconnected environment, upgrade the image packages.
Reboot the system.
Run mgradm upgrade podman which will use the default image tags.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

SUSE Manager Proxy 5.0 Extension 5.0
zypper in -t patch SUSE-SUSE-Manager-Proxy-5.0-2024-4008=1
SUSE Manager Retail Branch Server 5.0 Extension 5.0
zypper in -t patch SUSE-SUSE-Manager-Retail-Branch-Server-5.0-2024-4008=1
SUSE Manager Server 5.0 Extension 5.0
zypper in -t patch SUSE-SUSE-Manager-Server-5.0-2024-4008=1

Package List:

SUSE Manager Proxy 5.0 Extension 5.0 (aarch64 ppc64le s390x x86_64)
- mgrpxy-0.1.26-150500.3.12.2
- mgrpxy-debuginfo-0.1.26-150500.3.12.2
- uyuni-storage-setup-proxy-5.0.3-150500.12.6.4
SUSE Manager Proxy 5.0 Extension 5.0 (noarch)
- mgrpxy-lang-0.1.26-150500.3.12.2
- mgrpxy-bash-completion-0.1.26-150500.3.12.2
- mgrpxy-zsh-completion-0.1.26-150500.3.12.2
SUSE Manager Retail Branch Server 5.0 Extension 5.0 (aarch64 ppc64le s390x x86_64)
- mgrpxy-0.1.26-150500.3.12.2
- mgrpxy-debuginfo-0.1.26-150500.3.12.2
- uyuni-storage-setup-proxy-5.0.3-150500.12.6.4
SUSE Manager Retail Branch Server 5.0 Extension 5.0 (noarch)
- mgrpxy-lang-0.1.26-150500.3.12.2
- mgrpxy-bash-completion-0.1.26-150500.3.12.2
- mgrpxy-zsh-completion-0.1.26-150500.3.12.2
SUSE Manager Server 5.0 Extension 5.0 (aarch64 ppc64le s390x x86_64)
- mgradm-debuginfo-0.1.26-150500.3.12.2
- mgradm-0.1.26-150500.3.12.2
- uyuni-storage-setup-server-5.0.3-150500.12.6.4
- mgrctl-0.1.26-150500.3.12.2
- mgrctl-debuginfo-0.1.26-150500.3.12.2
SUSE Manager Server 5.0 Extension 5.0 (noarch)
- mgrctl-lang-0.1.26-150500.3.12.2
- mgrctl-bash-completion-0.1.26-150500.3.12.2
- mgradm-zsh-completion-0.1.26-150500.3.12.2
- mgradm-bash-completion-0.1.26-150500.3.12.2
- mgrctl-zsh-completion-0.1.26-150500.3.12.2
- mgradm-lang-0.1.26-150500.3.12.2

Maintenance update for SUSE Manager 5.0: Server, Proxy and Retail Branch Server

Security update for SUSE Manager Proxy 5.0

Description:

Security update for SUSE Manager Retail Branch Server 5.0

Description:

Security update for SUSE Manager Server 5.0

Description:

Patch Instructions:

Package List:

References: