SUSE-SU-2022:0798-1

This update fixes the following issues:

c3p0:

• Update to version c3p0 0.9.5.5 and mchange-commons-java 0.2.19
  • Address CVE-2018-20433
  • Address CVE-2019-5427 - XML-config parsing related attacks (bsc#1133198)
  • Properly implement the JDBC 4.1 abort method
• Build with log4j mapper
• Enhanced for RHEL8

dhcpd-formula:

• Update to version 0.1.1641480250.d5bd14c
  • make routers option optional
• Add arm64 support
• Update to version 0.1.1615805990.f15c8d9

hub-xmlrpc-api:

• Updated to build on Enterprise Linux 8.

py26-compat-msgpack-python:

• Adapted to build on OBS for Enterprise Linux.

py27-compat-salt:

• Fix inspector module export function (bsc#1097531)
• Fix possible traceback on ip6_interface grain (bsc#1193565)
• Don't check for cached pillar errors on state.apply (bsc#1190781)
• Simplify 'transactional_update' module to not use SSH wrapper and allow more flexible execution
• Add '--no-return-event' option to salt-call to prevent sending return event back to master.
• Make 'state.highstate' to acts on concurrent flag.
• Fix the regression with invalid syntax in test_parse_cpe_name_v23.

spacecmd:

• Version 4.1.17-1
  • Fix interactive mode for 'system_applyerrata' and 'errata_apply' (bsc#1194363)

spacewalk-java:

• Version 4.1.44-1
  • allow SCC to display the last check-in time for registered systems
  • Suggest Product Migration when patch for CVE is in a successor Product (bsc#1191360)
  • Add store info to Equals and hash methods to fix CVE audit process (bsc#1195282)
  • fix ClassCastException during action processing (bsc#1195043)
  • Fix disappearing metadata key files after channel change (bsc#1192822)
  • Pass only selected servers to taskomatic for cancelation (bsc#1194044)

spacewalk-web:

• Version 4.1.32-1
  • Suggest Product Migration when patch for CVE is in a successor Product (bsc#1191360)

susemanager:

• Version 4.1.33-1
  • set default for registration batch size

susemanager-doc-indexes:

• Added a warning about the origin of the salt-minion package in the Register on the Command Line (Salt) section of the Client Configuration Guide
• In the Client Configuration Guide, explain how you find channel names to register older SUSE Linux Enterprise clients.
• Added grub.cfg for GRUB 2 in the Upgrade chapter of the Client

susemanager-docs_en:

• Added a warning about the origin of the salt-minion package in the Register on the Command Line (Salt) section of the Client Configuration Guide
• In the Client Configuration Guide, explain how you find channel names to register older SUSE Linux Enterprise clients.
• Added grub.cfg for GRUB 2 in the Upgrade chapter of the Client Configuration Guide

susemanager-schema:

• Version 4.1.25-1
  • Continue with index migration when the expected indexes do not exist (bsc#1192566)

susemanager-sls:

• Version 4.1.34-1
  • Improve pkgset beacon with using salt.cache to notify about the changes made while the minion was stopped.
  • Align the code of pkgset beacon to prevent warnings (bsc#1194464)
• Version 4.1.33-1
  • Fix errors on calling sed -E ... by force_restart_minion with action chains
  • Postgres exporter package was renamed
  • fix deprecation warnings
  • enforce correct minion configuration similar to bootstrapping (bsc#1192510)

How to apply this update:

1. Log in as root user to the SUSE Manager server.
2. Stop the Spacewalk service: spacewalk-service stop
3. Apply the patch using either zypper patch or YaST Online Update.
4. Start the Spacewalk service: spacewalk-service start