Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server
Announcement ID: | SUSE-SU-2024:1507-1 |
---|---|
Rating: | moderate |
References: |
|
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves one vulnerability, contains one feature and has 32 security fixes can now be installed.
Recommended update for SUSE Manager Proxy and Retail Branch Server 4.3
Description:
This update fixes the following issues:
mgr-daemon:
- Version 4.3.9-0
- Update translation strings
spacecmd:
- Version 4.3.27-0
- Update translation strings
spacewalk-backend:
- Version 4.3.28-0
- Strip whitespace from .deb package metadata (bsc#1214387)
- Fix inserting NULL into some columns during ISSv1 sync (bsc#1220980)
- Add support for package signature type V4 RSA/SHA512 (bsc#1221465)
- Unquote HTML-encoded credentials before synchronizing repositories (bsc#1217204)
spacewalk-certs-tools:
- Version 4.3.23-0
- Fix liberty bootstrapping when zypper is installed (bsc#1222347)
- Apply reboot method changes for transactional systems in the bootstrap script
spacewalk-client-tools:
- Version 4.3.19-0
- Update translation strings
spacewalk-web:
- Version 4.3.38-0
- Upgrade json5 to 2.2.3
- Upgrade semver to 7.6.0
- Add one-shot action execution to recurring custom state create/edit
- Add two filters for rpmlint in package spacewalk-web: explicit-lib-dependency and filename-too-long-for-joliet
- Fix virtual systems filters (bsc#1208572)
- Improve CLM Create New Filter button
- Bump the WebUI version to 4.3.12
uyuni-common-libs:
- Version 4.3.10-0
- Add support for package signature type V4 RSA/SHA384
- Add support for package signature type V4 RSA/SHA512 (bsc#1221465)
uyuni-proxy-systemd-services:
- Version 4.3.12-0
- Update to SUSE Manager 4.3.12
- Version 4.3.11-1
- Update the image version
How to apply this update:
- Log in as root user to the SUSE Manager Proxy or Retail Branch Server.
- Stop the proxy service:
spacewalk-proxy stop
- Apply the patch using either zypper patch or YaST Online Update.
- Start the Spacewalk service:
spacewalk-proxy start
Security update for SUSE Manager Server 4.3
Description:
This update fixes the following issues:
cobbler:
- Provide option to use pre-built GRUB bootloader
- Prevent parallel executions of cobbler sync actions (bsc#1218764)
image-sync-formula:
- Update to version 0.1.1711646883.4a44375
- Add missing URL tag
- Update license to SPDX syntax
inter-server-sync:
- Version 0.3.3-1
- Correct primary key export for table suseproductsccrepository (bsc#1220169)
jose4j:
- CVE-2023-51775: Fix denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value (bsc#1220726)
smdba:
- Version 1.7.13
- postmaster no longer exists from >=16 and it's an alias for postgresql, using postgresql command
spacecmd:
- Version 4.3.27-0
- Update translation strings
spacewalk-backend:
- Version 4.3.28-0
- Strip whitespace from .deb package metadata (bsc#1214387)
- Fix inserting NULL into some columns during ISSv1 sync (bsc#1220980)
- Add support for package signature type V4 RSA/SHA512 (bsc#1221465)
- Unquote HTML-encoded credentials before synchronizing repositories (bsc#1217204)
spacewalk-certs-tools:
- Version 4.3.23-0
- Fix liberty bootstrapping when zypper is installed (bsc#1222347)
- Apply reboot method changes for transactional systems in the bootstrap script
spacewalk-client-tools:
- Version 4.3.19-0
- Update translation strings
spacewalk-config:
- Version 4.3.13-0
- Be explicit about default Apache configs being overwritten on updates and point to making custom configs. (bsc#1219061)
spacewalk-java:
- Version 4.3.73-0
- New API endpoint for getRelevantErrata. It takes multiple servers as argument and it returns an array of maps representing the errata that can be applied to each system
- Version 4.3.72-0
- Use execution module call to detect client instance flavor (PAYG/BYOS) in public cloud (bsc#1218805)
- Update help text for the custom repo filter field (bsc#1217874)
- Fix issue where Salt cannot access autoinstallation files (bsc#1220221)
- Fix issue when checking for credential duplication (bsc#1218957)
- Fix matching epoch while creating Ubuntu erratas
- When an action that belongs to an action chain is unscheduled, unschedule the action chain as well (bsc#1221784)
- Reschedule failed SSH actions caused by a connection error due to a scheduled reboot
- Fix removal of old IPv6 addresses (bsc#1214340)
- Do not automatically add child channels outside of selected base channel (bsc#1220101)
- Fix listProxies API call (bsc#1219233)
- Fix system.provisionSystem when called via HTTP API (bsc#1219875)
- Remove package sync not available message in Software > Packages > Profile since it is no longer available for supported clients (bsc#1221279)
- Fix login for read-only users when using HTTP API (bsc#1221111)
- Add one-shot action execution to recurring custom state create/edit
- Fix a typo in 'Deploy Files' page
- Drop system password as identifier on SCC system registration (bsc#1219634, bsc#1221182)
- Fix memory size extraction in virtual instances (bsc#1219634)
- Fix virtual systems filters (bsc#1208572)
- Update license to include the year 2024
- Add timeout for SMTP server connection (bsc#1218931)
- Commit Salt event removal in case of process failure (bsc#1218931)
- Users with API read only are only allowed to make GET requests
- Ignore retry suffix when getting recurring action id from schedule name
- Sort CLM project filters by filter name
spacewalk-web:
- Version 4.3.38-0
- Upgrade json5 to 2.2.3
- Upgrade semver to 7.6.0
- Add one-shot action execution to recurring custom state create/edit
- Fix virtual systems filters (bsc#1208572)
- Improve CLM Create New Filter button
- Bump the WebUI version to 4.3.12
subscription-matcher:
- Version 0.37
- add missing part number (bsc#1221922)
- Fix penalties logging by initializing the score director consistently
- Removed wrong apache-commons-lang dependency
- Version 0.36
- Fixed Log4j 2 initialization
supportutils-plugin-susemanager:
- Version 4.3.11-0
- Add Salt and Reposync connections to minimum required DB connections calculation
susemanager:
- Version 4.3.35-0
- Add bootstrap repository definition for openSUSE Leap 15.6
- Add bootstrap repository definition for SUSE Linux Enterprise 15 SP6
susemanager-docs_en:
- Removed Debian 10 from the list of supported clients
- Added new workflow describing updating of clients using recurring actions to Commown Workflows
- Added documentation on adding a storage device for VMWare
- Documented registercloudguest tools for registering public cloud installation (BYOS) by adding a reference to the Public Cloud Guide
- Added information about requirements for the PostgreSQL database to the Installation and Upgrade Guide (bsc#1220376)
- Fixed the instructions for SSL Certificates (bsc#1219061)
- Remove package sync paragraph in package-management doc since it is not available for Salt clients and traditional clients are no longer supported (bsc#1221279)
- Fixed incorrect reference to SUSE Linux Enterprise Server 15 SP5 as base product for SUSE Manager 4.3, even in public cloud
- Updated VM based installation for 4.3 VM image with ignition or cloudinit in Installation and Upgrade Guide
- Added reference from Hub documentation to Inter-Server Synchronization in Large Deployment Guide
- Documented Virtualization Guest and Virtualization Host Formula
- Reformatted Supported Clients tables in Client Configuration Guide and Installation and Upgrade Guide
- Add documentation about SMTP timeout configuration
- Documented SSH key rotation in Salt Guide (bsc#1170848)
- Documented liberate formula in Salt Guide
- Fixed Prepare on-demand images section in Client Configuration
- Fixed a changed configuration parameter for salt-ssh
- Added Pay-as-you-go on the Cloud: FAQ document
- Updated max-connections tuning recommendation in Large Deployment
- Added troubleshooting instructions for setting up in public cloud (BYOS) to Administration Guide
- Added section about migrating Enterprise Linux (EL) clients to SUSE Liberty Linux to Client Configuration Guide
- Added detailed information about the messages produced by subscription matcher
- Added Pay-as-you-go as supported service on Azure to the Public Cloud Guide
- Added and fixed configuration details in Troubleshooting Renaming Server in Administration Guide
susemanager-schema:
- Version 4.3.25-0
- Add update-salt to internal state table
susemanager-sls:
- Version 4.3.41-0
- Use execution module call to detect client instance flavor (PAYG/BYOS) in public cloud (bsc#1218805)
- Do not log dnf needs-restarting output in Salt's log (bsc#1220194)
- Dynamically load an SELinux policy for "Push via SSH tunnel" for SELinux enabled clients. This policy allows communication over a custom SSH port
- Fix reboot needed detection for SUSE systems
- Fix SUSE Liberty Linux bootstrapping when Zypper is installed (bsc#1222347)
- Distinguish between different SUSE versions when detecting if a reboot is needed (bsc#1220903, bsc#1221571)
- Improve updatestack update in uptodate state
- Add a standalone update-salt state
- Add pillar check to skip reboot_if_needed state
- Recognize .tar.xz and .ext4 image files (bsc#1216085)
- Avoid issues on reactivating traditional clients as Salt managed
- Fix the case of missing requisites on bootstrap (bsc#1220705)
susemanager-sync-data:
- Version 4.3.17-0
- AlmaLinux 9 PowerTools was renamed into CRB (bsc#1222110)
uyuni-common-libs:
- Version 4.3.10-0
- Add support for package signature type V4 RSA/SHA384
- Add support for package signature type V4 RSA/SHA512 (bsc#1221465)
uyuni-reportdb-schema:
- Version 4.3.10-0
- Provide reportdb upgrade schema path structure
How to apply this update:
- Log in as root user to the SUSE Manager Server.
- Stop the Spacewalk service:
spacewalk-service stop
- Apply the patch using either zypper patch or YaST Online Update.
- Start the Spacewalk service:
spacewalk-service start
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Manager Proxy 4.3 Module 4.3
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2024-1507=1
-
SUSE Manager Server 4.3 Module 4.3
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2024-1507=1
Package List:
-
SUSE Manager Proxy 4.3 Module 4.3 (noarch)
- spacewalk-base-minimal-4.3.38-150400.3.42.6
- python3-spacewalk-certs-tools-4.3.23-150400.3.28.5
- python3-spacewalk-client-setup-4.3.19-150400.3.27.5
- python3-spacewalk-client-tools-4.3.19-150400.3.27.5
- mgr-daemon-4.3.9-150400.3.15.5
- spacewalk-backend-4.3.28-150400.3.41.7
- spacecmd-4.3.27-150400.3.36.5
- spacewalk-certs-tools-4.3.23-150400.3.28.5
- spacewalk-client-setup-4.3.19-150400.3.27.5
- spacewalk-client-tools-4.3.19-150400.3.27.5
- python3-spacewalk-check-4.3.19-150400.3.27.5
- spacewalk-check-4.3.19-150400.3.27.5
- spacewalk-base-minimal-config-4.3.38-150400.3.42.6
-
SUSE Manager Proxy 4.3 Module 4.3 (x86_64)
- python3-uyuni-common-libs-4.3.10-150400.3.18.4
-
SUSE Manager Server 4.3 Module 4.3 (noarch)
- spacewalk-java-lib-4.3.73-150400.3.79.1
- susemanager-docs_en-4.3-150400.9.56.4
- spacewalk-backend-package-push-server-4.3.28-150400.3.41.7
- spacewalk-backend-4.3.28-150400.3.41.7
- spacewalk-java-4.3.73-150400.3.79.1
- spacewalk-backend-iss-export-4.3.28-150400.3.41.7
- spacewalk-backend-xmlrpc-4.3.28-150400.3.41.7
- spacewalk-base-4.3.38-150400.3.42.6
- spacewalk-taskomatic-4.3.73-150400.3.79.1
- spacewalk-backend-sql-4.3.28-150400.3.41.7
- spacewalk-backend-sql-postgresql-4.3.28-150400.3.41.7
- python3-spacewalk-certs-tools-4.3.23-150400.3.28.5
- python3-spacewalk-client-tools-4.3.19-150400.3.27.5
- susemanager-docs_en-pdf-4.3-150400.9.56.4
- jose4j-0.5.1-150400.3.9.4
- spacewalk-backend-config-files-tool-4.3.28-150400.3.41.7
- spacecmd-4.3.27-150400.3.36.5
- spacewalk-certs-tools-4.3.23-150400.3.28.5
- susemanager-schema-4.3.25-150400.3.39.5
- spacewalk-backend-config-files-common-4.3.28-150400.3.41.7
- supportutils-plugin-susemanager-4.3.11-150400.3.21.4
- spacewalk-java-config-4.3.73-150400.3.79.1
- image-sync-formula-0.1.1711646883.4a44375-150400.3.18.4
- spacewalk-base-minimal-config-4.3.38-150400.3.42.6
- spacewalk-java-postgresql-4.3.73-150400.3.79.1
- subscription-matcher-0.37-150400.3.22.4
- susemanager-schema-utility-4.3.25-150400.3.39.5
- uyuni-reportdb-schema-4.3.10-150400.3.15.6
- spacewalk-backend-xml-export-libs-4.3.28-150400.3.41.7
- spacewalk-backend-iss-4.3.28-150400.3.41.7
- susemanager-sync-data-4.3.17-150400.3.25.4
- cobbler-3.3.3-150400.5.42.5
- spacewalk-backend-config-files-4.3.28-150400.3.41.7
- spacewalk-backend-applet-4.3.28-150400.3.41.7
- spacewalk-base-minimal-4.3.38-150400.3.42.6
- spacewalk-backend-app-4.3.28-150400.3.41.7
- uyuni-config-modules-4.3.41-150400.3.47.6
- susemanager-sls-4.3.41-150400.3.47.6
- spacewalk-html-4.3.38-150400.3.42.6
- spacewalk-client-tools-4.3.19-150400.3.27.5
- spacewalk-backend-tools-4.3.28-150400.3.41.7
- spacewalk-backend-server-4.3.28-150400.3.41.7
- spacewalk-config-4.3.13-150400.3.15.5
-
SUSE Manager Server 4.3 Module 4.3 (ppc64le s390x x86_64)
- smdba-1.7.13-0.150400.4.12.4
- susemanager-4.3.35-150400.3.48.6
- inter-server-sync-debuginfo-0.3.3-150400.3.30.4
- inter-server-sync-0.3.3-150400.3.30.4
- susemanager-tools-4.3.35-150400.3.48.6
- python3-uyuni-common-libs-4.3.10-150400.3.18.4
References:
- https://www.suse.com/security/cve/CVE-2023-51775.html
- https://bugzilla.suse.com/show_bug.cgi?id=1170848
- https://bugzilla.suse.com/show_bug.cgi?id=1208572
- https://bugzilla.suse.com/show_bug.cgi?id=1214340
- https://bugzilla.suse.com/show_bug.cgi?id=1214387
- https://bugzilla.suse.com/show_bug.cgi?id=1216085
- https://bugzilla.suse.com/show_bug.cgi?id=1217204
- https://bugzilla.suse.com/show_bug.cgi?id=1217874
- https://bugzilla.suse.com/show_bug.cgi?id=1218764
- https://bugzilla.suse.com/show_bug.cgi?id=1218805
- https://bugzilla.suse.com/show_bug.cgi?id=1218931
- https://bugzilla.suse.com/show_bug.cgi?id=1218957
- https://bugzilla.suse.com/show_bug.cgi?id=1219061
- https://bugzilla.suse.com/show_bug.cgi?id=1219233
- https://bugzilla.suse.com/show_bug.cgi?id=1219634
- https://bugzilla.suse.com/show_bug.cgi?id=1219875
- https://bugzilla.suse.com/show_bug.cgi?id=1220101
- https://bugzilla.suse.com/show_bug.cgi?id=1220169
- https://bugzilla.suse.com/show_bug.cgi?id=1220194
- https://bugzilla.suse.com/show_bug.cgi?id=1220221
- https://bugzilla.suse.com/show_bug.cgi?id=1220376
- https://bugzilla.suse.com/show_bug.cgi?id=1220705
- https://bugzilla.suse.com/show_bug.cgi?id=1220726
- https://bugzilla.suse.com/show_bug.cgi?id=1220903
- https://bugzilla.suse.com/show_bug.cgi?id=1220980
- https://bugzilla.suse.com/show_bug.cgi?id=1221111
- https://bugzilla.suse.com/show_bug.cgi?id=1221182
- https://bugzilla.suse.com/show_bug.cgi?id=1221279
- https://bugzilla.suse.com/show_bug.cgi?id=1221465
- https://bugzilla.suse.com/show_bug.cgi?id=1221571
- https://bugzilla.suse.com/show_bug.cgi?id=1221784
- https://bugzilla.suse.com/show_bug.cgi?id=1221922
- https://bugzilla.suse.com/show_bug.cgi?id=1222110
- https://bugzilla.suse.com/show_bug.cgi?id=1222347
- https://jira.suse.com/browse/MSQA-760