SUSE-SU-2023:0592-1

This update fixes the following issues:

cobbler:

• Fix improper authorization (bsc#1197027, CVE-2022-0860)
• Prevent error when starting up logrotate.service (bsc#1188191)

drools:

• Deserialization of Untrusted Data: unsafe data deserialization in DroolsStreamUtils.java (bsc#1204879, CVE-2022-1415)

grafana-formula:

• Version 0.8.1
  • Fix Uyuni/SUMA dashboard names
• Version 0.8.0
  • Set dashboard names depending on project
  • Update dashboards to use new JSON schema
  • Fix PostgreSQL dashboard queries
  • Migrate deprecated panels to their current replacements
• Version 0.7.1
  • Fix default password field description (bsc#1203698)
  • Do not require default admin and password fields

inter-server-sync:

• Version 0.2.7
  • Do not update pillars table if it does not exists like in 4.2
• Version 0.2.6
  • Export package extra tags for complete debian repo metatdata (bsc#1206375)
  • Replace URLs in OS Images pillars when exporting and importing images
• Version 0.2.5
  • Correct error when importing without debug log level (bsc#1204699)

mgr-osad:

• Version 4.2.9-1
  • Updated logrotate configuration (bsc#1206470)

prometheus-formula:

• Version 0.7.0
  • Switch from basic authentication to TLS certificate client authentication for Blackbox exporter
  • Fix scheme label in clients targets configration
  • Add README.md

py27-compat-salt:

• Ignore extend declarations from excluded SLS files (bsc#1203886)
• Enhance capture of error messages for Zypper calls in zypperpkg module

rhnlib:

• Version 4.2.7-1
  • Don't get stuck at the end of SSL transfers (bsc#1204032)

saltboot-formula:

• Update to version 0.1.1676908681.e90e0b1
  • Add failsafe stop file when salt-minion does not stop (bsc#1208418)
  • Support salt bundle (bsc#1208499)

salt-netapi-client:

• Version 0.21.0
  • See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.21.0
• Add transactional_update module
• Improve logging when creating salt exception

smdba:

• Version 1.7.11
  • fix config update from wal_keep_segments to wal_keep_size for newer postgresql versions (bsc#1204519)

spacecmd:

• Version 4.2.21-1
  • Prevent string api parameters to be parsed as dates if not in ISO-8601 format (bsc#1205759)
  • Add python-dateutil dependency, required to process date values in spacecmd api calls
  • Correctly understand 'ssm' keyword on scap scheduling
  • Fix dict_keys not supporting indexing in systems_setconfigchannelorger

spacewalk-admin:

• Version 4.2.13-1
  • Generate uyuni_roster.conf with salt-secrets-config (bsc#1200096)

spacewalk-backend:

• Version 4.2.26-1
  • Fix reposync error about missing 'content-type' key when syncing certain channels
  • Compute headers as list of two-tuples to be used by url grabber (bsc#1205523)
  • Updated logrotate configuration (bsc#1206470)
  • Add 'octet-stream' to accepted content-types for reposync mirrorlists
  • Exclude invalid mirror urls for reposync (bsc#1203826)
  • do not fetch mirrorlist when a file url is given
  • Keep older module metadata files in database (bsc#1201893)
  • Removed the activation keys report from the debug information

spacewalk-certs-tools:

• Version 4.2.19-1
  • some i18n functions moved to new module which needs to be loaded (bsc#1201142)
  • Generated bootstrap scripts installs all needed Salt 3004 dependencies for Ubuntu 18.04 (bsc#1204517)

spacewalk-client-tools:

• Version 4.2.22-1
  • Update translation strings

spacewalk-java:

• Version 4.2.47-1
  • Use uyuni roster salt module instead of flat roster files (bsc#1200096)
• Version 4.2.46-1
  • Fix registration with proxy and tunnel SSH (bsc#1200096)
• Version 4.2.45-1
  • Add 'none' matcher to CLM AppStream filters (bsc#1206817)
  • Improve logs when sls action chain file is missing
  • Do not forward ssh command if proxy and tunnel are present (bsc#1200096)
  • Fix not being able to delete CLM environment if there are custom child channels that where not built by the environment (bsc#1206932)
  • Include missing 'gpg' states to avoid issues on SSH minions.
  • Optimize the number of salt calls on minion startup (bsc#1203532)
  • Fix CVE Audit ignoring errata in parent channels if patch in successor product exists (bsc#1206168)
  • Fix CVE Audit incorrectly displaying predecessor product (bsc#1205663)
  • Fix modular channel check during system update via XMLRPC (bsc#1206613)
  • Trigger a package profile update when a new live-patch is installed (bsc#1206249)
  • prevent ISE on activation key page when selected base channel value is null
  • Only remove product catalog if PAYG ssh credentials are defined (bsc#1205943)
  • Updated logrotate configuration (bsc#1206470)
  • Limit changelog data in generated metadata to 20 entries
  • Fix CLM to not remove necessary packages when filtering erratas (bsc#1195979)
  • check for NULL in DEB package install size value
  • Allowed cancelling pending actions with a failed prerequisite (bsc#1204712)
  • disable cloned vendor channel auto selection by default (bsc#1204186)
  • adapt permissions of temporary ssh key directory
  • format results for package, errata and image build actions in system history similar to state apply results
  • Fix ClassCastException
  • Run only minion actions that are in the pending status (bsc#1205012)
  • Manager reboot in transactional update action chain (bsc#1201476
  • Optimize performance of config channels operations for UI and API (bsc#1204029)
  • Don't add the same channel twice in the System config addChannel API (bsc#1204029)
  • fix xmlrpc call randomly failing with translation error (bsc#1203633)
  • Optimize action chain processing on job return event (bsc#1203532)
  • Re-calculate salt event queue numbers on restart
  • Fix out of memory error when building a CLM project (bsc#1202217)
  • Process salt events in FIFO order (bsc#1203532)
  • Remove 'SSM' column text where not applicable (bsc#1203588)
  • Fix rendering of ssm/MigrateSystems page (bsc#1204651)
  • Pass mgr_sudo_user pillar on salt ssh client cleanup (bsc#1202093)
  • Deny packages from older module metadata when building CLM projects (bsc#1201893)
  • Refresh pillar data for the assigned systems when a CLM channel is built (bsc#1200169)
  • delay hardware refresh action to avoid missing channels (bsc#1204208)
  • During re-activation, recalculate grains if
  • Remove unused gson-extras.jar during build

spacewalk-search:

• Version 4.2.9-1
  • Updated logrotate configuration (bsc#1206470)

spacewalk-web:

• Version 4.2.32-1
  • Add 'none' matcher to CLM AppStream filters (bsc#1206817)
  • fix frontend logging in react pages
  • Add bugzilla references to past security fixes
    • shell-quote fix CVE-2021-42740 (bsc#1203287)
    • moment fix CVE-2022-31129 (bsc#1203288)

supportutils-plugin-susemanager:

• Version 4.2.5-1
  • Added dependency for XML Simple
  • update susemanager plugin to export the number of pending salt events

susemanager:

• Version 4.2.40-1
  • Add mgr-salt-ssh wrapper to use with uyuni roster Salt module (bsc#1200096)
• Version 4.2.39-1
  • fix bootstrap repo path for SLES for SAP 12 (bsc#1207141)
  • make venv-salt-minion optional for SUSE Manager Proxy 4.2 bootstrap repository (bsc#1206933)
  • show RHEL target for bootstrap repo creation only if it is really connected to the CDN (bsc#1206861)
  • add python3-extras to bootstrap repo as dependency of python3-libxml2, optional SLES 15 does not have it and it is only required on SP4 or greater (bsc#1204437)

susemanager-build-keys:

• Version 15.3.6
  • Add rpmlintrc configuration, so 'W: backup-file-in-package' for the keyring is ignored. We do not ship backup files, but we own them because they are created each time gpg is called, and we want them removed if the package is removed
  • uyuni-build-keys.rpmlintrc

susemanager-doc-indexes:

• Include RHEL7 in Salt 3000 to Salt Bundle migration section of the Client Configuration Guide
• Update Salt Bundle guide as Salt Bundle is now the default registration method
• Re-added statement about Cobbler support in Reference Guide and Client Configuration Guide (bsc#1206963)
• Added information about java.salt_event_thread_pool_size in Large Deployments Guide
• Added information about GPG key usage in the Debian section of the
• Updated default number of changelog entries in Administration Guide
• Include migration guide from Salt 3000 to Bundle for SUSE Linux Enterprise 12 and CentOS7 in Troubleshooting Clients
• Removed mentions to ABRT in Reference Guide
• Extended note about using Salt SSH with Salt Bundle in 4.2
• Fixed Liberty Linux client tools label in Client Configuration Guide

susemanager-docs_en:

• Include RHEL7 in Salt 3000 to Salt Bundle migration section of the Client Configuration Guide
• Update Salt Bundle guide as Salt Bundle is now the default registration method
• Re-added statement about Cobbler support in Reference Guide and Client Configuration Guide (bsc#1206963)
• Added information about java.salt_event_thread_pool_size in Large Deployments Guide
• Added information about GPG key usage in the Debian section of the
• Updated default number of changelog entries in Administration Guide
• Include migration guide from Salt 3000 to Bundle for SUSE Linux Enterprise 12 and CentOS7 in Troubleshooting Clients.
• Removed mentions to ABRT in Reference Guide
• Extended note about using Salt SSH with Salt Bundle in 4.2
• Fixed Liberty Linux client tools label in Client Configuration Guide

susemanager-schema:

• Version 4.2.27-1
  • Add created and modified fields to suseMinionInfo to make uyuni roster module cache validation more accurate (bsc#1200096)
• Version 4.2.26-1
  • Add 'none' matcher to CLM AppStream filters (bsc#1206817)
  • Increase cron_expr varchar length to 120 in suseRecurringAction table (bsc#1205040)
  • Keep older module metadata files in database (bsc#1201893)
  • Fix setting of last modified date in channel clone procedure

susemanager-sls:

• Version 4.2.30-1
  • Flush uyuni roster cache if the config has changed
  • Implement uyuni roster module for Salt (bsc#1200096)
• Version 4.2.30-1
  • Fix dnf plugin path calculation when using Salt Bundle (bsc#1208335)
• Version 4.2.29-1
  • Improve _mgractionchains.conf logs
  • Prevent possible errors from 'mgractionschains' module when there is no action chain to resume.
  • Fix mgrnet custom module to be compatible with old Python 2.6 (bsc#1206979) (bsc#1206981)
  • Fix custom 'mgrcompat.module_run' state module to work with Salt 3005.1
  • filter out libvirt engine events (bsc#1206146)
  • Optimize the number of salt calls on minion startup (bsc#1203532)
  • Updated logrotate configuration (bsc#1206470)
  • Make libvirt-events.conf path depend on what minion is used (bsc#1205920)
  • Fix kiwi inspect regexp to allow image names with '-' (bsc#1204541)
  • Avoid installing recommended packages from assigned products (bsc#1204330)
  • Manager reboot in transactional update action chain (bsc#1201476)
  • Use the actual sudo user home directory for salt ssh clients on bootstrap and clean up (bsc#1202093)
  • Perform refresh with packages.pkgupdate state (bsc#1203884)

uyuni-common-libs:

• Version 4.2.9-1
  • Fix crash due missing 'context_manager' when running salt-secrets-config service (bsc#1200096)
• Version 4.2.8-1
  • some i18n functions moved to new module which needs to be loaded (bsc#1201142)

virtual-host-gatherer:

• Version 1.0.24-1
  • Report total memory of a libvirt hypervisor
  • Improve interoperability with other Python projects

woodstox:

• CVE-2022-40152: Fixed stack overflow in XML serialization. (bsc#1203521)

How to apply this update:

1. Log in as root user to the SUSE Manager Server.
2. Stop the Spacewalk service: spacewalk-service stop
3. Apply the patch using either zypper patch or YaST Online Update.
4. Start the Spacewalk service: spacewalk-service start