Security update for SUSE Manager Server 4.0 (Important)
Description:
This update fixes the following issues:
hibernate5:
- Address CVE-2019-14900 (bsc#1172079)
image-sync-formula:
- Allow image-sync state on regular minion. Image sync state requires branch-network pillars to get the directory where to sync images. Use default `/srv/saltboot` if that pillar is missing so image-sync can be applied on non branch minions as well.
openvpn-formula:
- Add hint that ssl certs must be on system (bsc#1172279)
prometheus-exporters-formula:
- Bugfix: Handle exporters proxy for unsupported distros (bsc#1175555) - Add support for exporters proxy (exporter_exporter) - Update the apache exporter config file for Debian
salt-netapi-client:
- Refresh authentication module list to newer Salt versions
saltboot-formula:
- Better fix for rounding errors (bsc#1136857)
spacecmd:
- Python3 fixes for errata in spacecmd (bsc#1169664) - Python3 fix for sorted usage (bsc#1167907) - Fix softwarechannel_listlatestpackages throwing error on empty channels (bsc#1175889) - Fix escaping of package names (bsc#1171281)
spacewalk-admin:
- Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028)
spacewalk-certs-tools:
- Add option --nostricthostkeychecking to spacewalk-ssh-push-init - Strip SSL Certificate Common Name after 63 Characters (bsc#1173535)
spacewalk-java:
- Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028) - Fix EntityExistsException on migration from traditional to salt minion via proxy (bsc#1175556) - Use media.1/products from media when not specified different (bsc#1175558) - Fix: use quiet API method when using spacewalk-common-channels (bsc#1175529) - Fix alignment on icon on entitlement page - Reset the server path on minion registration (bsc#1174254) - Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831) - Fix error when rolling back a system to a snapshot (bsc#1173997) - Avoid deadlock when syncing channels and registering minions at the same time (bsc#1173566) - Provide comps.xml and modules.yaml when using onlinerepo for kickstart - Set CPU and memory info for virtual instances (bsc#1170244) - Change system list header text to something better (bsc#1173982)
spacewalk-setup:
- Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028)
spacewalk-utils:
- Avoid exceptions on the logs when looking for channels that do not exist (bsc#1175529)
spacewalk-web:
- Fix login page after jQuery upgrade (bsc#1175224) - Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831) - Warn when a system is in multiple groups that configure the same formula in the system formula's UI (bsc#1173554)
susemanager:
- Define bootstrap repo data for SUSE Manager Proxies (bsc#1174470)
susemanager-frontend-libs:
- Upgrade jquery to 3.5.1 - CVE-2020-11022 (bsc#1172831)
susemanager-schema:
- Prevent a deadlock error involving delete_server and update_needed_cache (bsc#1173073)
susemanager-sls:
- Fix the dnf plugin to add the token to the HTTP header (bsc#1175724) - Fix reporting of missing products in product.all_installed (bsc#1165829) - Require PyYAML version >= 5.1 - Get redhat-release only when it is not a symlink - Fix: supply a dnf base when dealing w/repos (bsc#1172504) - Fix: autorefresh in repos is zypper-only
susemanager-sync-data:
- Remove version from centos and oracle linux identifier (bsc#1173584)
virtualization-host-formula:
- Update to version 0.5 - Ensure kernel-default and libvirt-python3 are installed - Set bridge network as default - Fix conditionals (bsc#1175791)
How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start