Security update for SUSE Manager Server 4.0 (Moderate)
Description:
This update fixes the following issues:
cpu-mitigations-formula:
- Handle unsupported target systems gracefully (bsc#1179273) - add mitigations for Xen hypervisor
nutch-core:
- Fix XXE injection in DmozParser CVE-2021-23901 (bsc#1181356)
smdba:
- Do not remove the database if there is no backup and deal with manifest - Fix smdba throws error on mgr-setup/installation - Raise an exception on failed external process call - Fix TablePrint formatting - Rename configuration parameter wal_keep_segments to wal_keep_size (jsc#SLE-17030) - Revert modifying cpu_tuple_cost - Adapted spec file for RHEL8 - Adapt recover mechanism for postgresql12 and later
spacecmd:
- Fix spacecmd with no parameters produces traceback on SLE 11 SP4 (bsc#1176823)
spacewalk-backend:
- Reposync: Fixed Kickstart functionality. - Reposync: Fixed URLGrabber error handling. - Reposync: Fix modular data handling for cloned channels (bsc#1177508) - Truncate author name in the changelog (bsc#1180285) - Drop Transfer-Encoding header from proxy respone to fix error response messages (bsc#1176906) - Prevent tracebacks on missing mail configuration (bsc#1179990) - Fix pycurl.error handling in suseLib.py (bsc#1179990) - Use sanitized repo label to build reposync repo cache path (bsc#1179410) - Quote the proxy settings to be used by Zypper (bsc#1179087) - Fix spacewalk-repo-sync to successfully manage and sync ULN repositories - Fix errors in spacewalk-debug and align postgresql queries to new DB version
spacewalk-branding:
- Set Copyright year to 2021
spacewalk-certs-tools:
- Improve check for correct CA trust store directory (bsc#1176417)
spacewalk-java:
- Fix modular data handling for cloned channels (bsc#1177508) - Fix reboot action race condition (bsc#1177031) - Fix availability check for debian repositories (bsc#1180127) - Ignore duplicate NEVRAs in package profile update (bsc#1176018) - Prevent deletion of CLM environments if they're used in an autoinstallation profile (bsc#1179552) - Register saltkey XMLRPC handler and fix behavior of delete salt key (bsc#1179872) - Add validation for custom repository labels - Fix expanded support detection based on CentOS installations (bsc#1179589) - Add translation strings for newly added countries and timezones (jsc#PM-2081) - Fix the activation key handling from kickstart profile (bsc#1178647) - Update exception message in findSyncedMandatoryChannels - Fix check for available products on ISS Slaves (bsc#1177184) - Get media.1/products for cloned channels (bsc#1178303) - Calculate size to truncate a history message based on the htmlified version (bsc#1178503) - Change message 'Minion is down' to be more accurate - XMLRPC: Report architecture label in the list of installed packages (bsc#1176898)
spacewalk-reports:
- Fixes no file content in `spacewalk-report config-files` - Write `` placeholder instead of dumping binary data
spacewalk-utils:
- Fix modular data handling for cloned channels (bsc#1177508)
spacewalk-web:
- Prevent deletion of CLM environments if they're used in an autoinstallation profile (bsc#1179552) - Fix mandatory channels JS API to finish loading in case of error (bsc#1178839)
supportutils-plugin-susemanager:
- Remove checks for obsolete packages - Gather new configfiles - Add more important informations
susemanager-doc-indexes:
- Added new section for bootstrap repository for end of life products in Client Configuration Guide - Remove old certs before renaming moved to Administration Guide (bsc#1171836) - Fixed error in Create and Replace CA and Server Certificates of Administration Guide (bsc#1180001) - Combining activation keys works only with traditional clients. Updated in Client Configuration Guide and Reference. (bsc#1164451)
susemanager-docs_en:
- Added new section for bootstrap repository for end of life products in Client Configuration Guide - Remove old certs before renaming moved to Administration Guide (bsc#1171836) - Fixed error in Create and Replace CA and Server Certificates of Administration Guide (bsc#1180001) - Combining activation keys works only with traditional clients. Updated Client Configuration Guide and Reference. (bsc#1164451)
susemanager-frontend-libs:
- Update Bootstrap to 3.1.0
susemanager-schema:
- Add new valid countries and timezones (jsc#PM-2081)
susemanager-sls:
- Fix apt login for similar channel labels (bsc#1180803) - Change behavior of mgrcompat wrapper after deprecation changes on Salt 3002 - Make autoinstallation provisoning compatible with GRUB and ELILO in addition to GRUB2 only (bsc#1164227) - Fix: sync before start action chains (bsc#1177336)
susemanager-sync-data:
- Change centos 6 URLs to vault.centos.org - Add new channel families for CAASP on ARM64 and HPC15 SP2 LTSS - Remove duplicate repo definition
How to apply this update:
1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: `spacewalk-schema-upgrade` 5. Start the Spacewalk service: `spacewalk-service start`