Oval Definition:oval:org.opensuse.security:def:95986
Revision Date:2021-11-05Version:1
Title:Security update for SUSE Manager Server 4.1 (Moderate)
Description:

This update fixes the following issues:

grafana-formula:

- Version 0.4.2 * Add SSH blackbox status check panel to clients dashboard * Migrate deprecated panels in clients dashboard

prometheus-formula:

- Version 0.3.4 * Fix opening Prometheus ports on proxy - Version 0.3.3 * Add Prometheus targets configuration for minions SSH probing * Add blackbox exporter * Open Prometheus ports (bsc#1191144)

py26-compat-salt:

- Exclude the full path of a download URL to prevent injection of alicious code (bsc#1190265, CVE-2021-21996)

py26-compat-tornado:

- No relevant changes for users

py27-compat-salt:

- Fix the regression of docker_container state module - Support querying for JSON data in external sql pillar - Exclude the full path of a download URL to prevent injection of malicious code (bsc#1190265, CVE-2021-21996) - Fix wrong relative paths resolution with Jinja renderer when importing subdirectories

spacecmd:

- Version 4.1.15-1 * configchannel_updatefile handles directory properly (bsc#1190512)

spacewalk-backend:

- Version 4.1.29-1 * Avoid GPG errors messages in reposync caused by rpm not understanding signatures (bsc#1191538) * handle download of metadata filesnames with checksums (bsc#1188315) * Sanitize cached filename for custom SSL certs used by reposync (bsc#1190751)

spacewalk-certs-tools:

- Version 4.1.19-1 * add GPG keys using apt-key on debian machines (bsc#1187998) * set key format to PEM when generating key for traditional clients push ssh (bsc#1189643)

spacewalk-java:

- Version 4.1.41-1 * Move pickedup actions to history as soon as they are pickedup (bsc#1191444) * On salt-ssh minions, enforce package list refresh after state apply * Fix internal server error on DuplicateSystemsCompare (bsc#1191643) * mgr-sync refresh logs when a vendor channel is expire and shows how to remove it (bsc#1191222) * Remove NullPointerException in rhn_web_ui.log when building an image (bsc#1185951) * Add checksums to repository metadata filenames (bsc#1188315) * Fix ISE in product migration if base product is missing (bsc#1190151) * use TLSv1.3 if it is a supported Protocol * Adapt auto errata update to respect maintenance windows * Adapt auto errata update to skip during CLM build (bsc#1189609) * Update kernel live patch version on minion startup (bsc#1190276)

spacewalk-reports:

- Version 4.1.4-1 * Improve performance of inventory report (bsc#1191495)

spacewalk-web:

- Version 4.1.30-1 * Update Web UI version to 4.1.12

subscription-matcher:

- Version 0.27 * update subscription rules for new SKUs (bsc#1189818)

susemanager:

- Version 4.1.31-1 * Add the gnupg package for ubuntu which is then needed by apt-key (bsc#1187998) * Add python-mako, python-gnupg and gnupg1 to the Debian 9 bootstrap repository so bootstrapping without any enabled repositories is possible (bsc#1191898)

susemanager-doc-indexes:

- Add SLS state for keeping clients updated in Client Configuration Guide - Fixed unpublished patches note in the server update chapter of the Upgrade Guide - Added DNS resolution for minions to the troubleshooting section in the Client Configuration Guide - Documented low disc space warnings in the managing disk space chapter of the Administration Guide - In the ports section of the Installation Guide, mention tftpsync explicitly for port 443 (bsc#1190665) - In server upgrade procedure of the Upgrade Guide, add zypper ref step to refresh repositories reliably - Update effective_cache_size section of the Salt Guide (bsc#1191274) - Documented new filter in the content lifecycle management chapter of the Administration Guide - Added aarch64 support for clients in the Installation Guide and Client Configuration Guide - Documented AWS Permissions for Virtual Host Manager in VHM and Amazon Web Services chapter of the Client Configuration Guide - Removed an outdated patches note in the server update chapter of the - Fixed mgr-cfg-* issues in appendix of the Reference Guide. Run the commands on the client (bsc#1190166) - Removed Portus and CaaSP references from the image management chapter

susemanager-docs_en:

- Add SLS state for keeping clients updated in Client Configuration Guide - Fixed unpublished patches note in the server update chapter of the Upgrade Guide - Added DNS resolution for minions to the troubleshooting section in the Client Configuration Guide - Documented low disc space warnings in the managing disk space chapter of the Administration Guide - In the ports section of the Installation Guide, mention tftpsync explicitly for port 443 (bsc#1190665) - In server upgrade procedure of the Upgrade Guide, add zypper ref step to refresh repositories reliably - Update effective_cache_size section of the Salt Guide (bsc#1191274) - Documented new filter in the content lifecycle management chapter of the Administration Guide - Added aarch64 support for clients in the Installation Guide and Client Configuration Guide - Documented AWS Permissions for Virtual Host Manager in VHM and Amazon Web Services chapter of the Client Configuration Guide - Removed an outdated patches note in the server update chapter of the - Fixed mgr-cfg-* issues in appendix of the Reference Guide. Run the commands on the client (bsc#1190166) - Removed Portus and CaaSP references from the image management chapter

susemanager-sls:

- Version 4.1.31-1 * Fix mgrcompat state module to work with Salt 3003 and 3004 * Update kernel live patch version on minion startup (bsc#1190276)

How to apply this update:

1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start`
Family:unixClass:patch
Status:Reference(s):1185951
1187998
1188315
1189609
1189643
1189818
1190151
1190166
1190265
1190276
1190512
1190665
1190751
1191144
1191222
1191274
1191444
1191495
1191538
1191643
1191898
CVE-2021-21996
SUSE-SU-2021:3621-1
Platform(s):SUSE Linux Enterprise Module for SUSE Manager Server 4.1
SUSE Manager Server 4.1
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for SUSE Manager Server 4.1 is installed
  • AND Package Information
  • grafana-formula-0.4.2-3.12.2 is installed
  • OR prometheus-formula-0.3.4-3.12.2 is installed
  • OR py26-compat-salt-2016.11.10-17.2 is installed
  • OR py26-compat-tornado-4.2.1-3.3.2 is installed
  • OR py27-compat-salt-3000.3-6.15.2 is installed
  • OR python3-spacewalk-certs-tools-4.1.19-3.22.2 is installed
  • OR spacecmd-4.1.15-4.30.2 is installed
  • OR spacewalk-backend-4.1.29-4.44.2 is installed
  • OR spacewalk-backend-app-4.1.29-4.44.2 is installed
  • OR spacewalk-backend-applet-4.1.29-4.44.2 is installed
  • OR spacewalk-backend-config-files-4.1.29-4.44.2 is installed
  • OR spacewalk-backend-config-files-common-4.1.29-4.44.2 is installed
  • OR spacewalk-backend-config-files-tool-4.1.29-4.44.2 is installed
  • OR spacewalk-backend-iss-4.1.29-4.44.2 is installed
  • OR spacewalk-backend-iss-export-4.1.29-4.44.2 is installed
  • OR spacewalk-backend-package-push-server-4.1.29-4.44.2 is installed
  • OR spacewalk-backend-server-4.1.29-4.44.2 is installed
  • OR spacewalk-backend-sql-4.1.29-4.44.2 is installed
  • OR spacewalk-backend-sql-postgresql-4.1.29-4.44.2 is installed
  • OR spacewalk-backend-tools-4.1.29-4.44.2 is installed
  • OR spacewalk-backend-xml-export-libs-4.1.29-4.44.2 is installed
  • OR spacewalk-backend-xmlrpc-4.1.29-4.44.2 is installed
  • OR spacewalk-base-4.1.30-3.36.1 is installed
  • OR spacewalk-base-minimal-4.1.30-3.36.1 is installed
  • OR spacewalk-base-minimal-config-4.1.30-3.36.1 is installed
  • OR spacewalk-certs-tools-4.1.19-3.22.2 is installed
  • OR spacewalk-html-4.1.30-3.36.1 is installed
  • OR spacewalk-java-4.1.41-3.58.2 is installed
  • OR spacewalk-java-config-4.1.41-3.58.2 is installed
  • OR spacewalk-java-lib-4.1.41-3.58.2 is installed
  • OR spacewalk-java-postgresql-4.1.41-3.58.2 is installed
  • OR spacewalk-reports-4.1.4-3.6.2 is installed
  • OR spacewalk-taskomatic-4.1.41-3.58.2 is installed
  • OR subscription-matcher-0.27-3.12.2 is installed
  • OR susemanager-4.1.31-3.39.2 is installed
  • OR susemanager-doc-indexes-4.1-11.46.2 is installed
  • OR susemanager-docs_en-4.1-11.46.2 is installed
  • OR susemanager-docs_en-pdf-4.1-11.46.2 is installed
  • OR susemanager-sls-4.1.31-3.51.2 is installed
  • OR susemanager-tools-4.1.31-3.39.2 is installed
  • OR susemanager-web-libs-4.1.30-3.36.1 is installed
  • OR uyuni-config-modules-4.1.31-3.51.2 is installed
  • BACK