Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.2501 Recommended update for SUSE Manager Client Tools 22 July 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOL Publisher: SUSE Operating System: SUSE Impact/Access: Reduced Security -- Unknown/Unspecified Resolution: Patch/Upgrade Original Bulletin: https://www.suse.com/support/update/announcement/2020/suse-ru-202014428-1 - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:14428-1 Rating: moderate References: #1113160 #1138822 #1142038 #1148177 #1153090 #1153277 #1154940 #1154968 #1155372 #1163871 #1165921 #1168310 #1171687 #1172462 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that has 14 recommended fixes can now be installed. Description: This update fixes the following issues: golang-github-prometheus-node_exporter: o Update to 0.18.1 + [BUGFIX] Fix incorrect sysctl call in BSD meminfo collector, resulting in broken swap metrics on FreeBSD #1345 + [BUGFIX] Fix rollover bug in mountstats collector #1364 o Update to 0.18.0 + Renamed interface label to device in netclass collector for consistency with + other network metrics #1224 + The cpufreq metrics now separate the cpufreq and scaling data based on what the driver provides. #1248 + The labels for the network_up metric have changed, see issue #1236 + Bonding collector now uses mii_status instead of operstatus # 1124 + Several systemd metrics have been turned off by default to improve performance #1254 + These include unit_tasks_current, unit_tasks_max, service_restart_total, and unit_start_time_seconds + The systemd collector blacklist now includes automount, device, mount, and slice units by default. #1255 + [CHANGE] Bonding state uses mii_status #1124 + [CHANGE] Add a limit to the number of in-flight requests #1166 + [CHANGE] Renamed interface label to device in netclass collector #1224 + [CHANGE] Add separate cpufreq and scaling metrics #1248 + [CHANGE] Several systemd metrics have been turned off by default to improve performance #1254 + [CHANGE] Expand systemd collector blacklist #1255 + [CHANGE] Split cpufreq metrics into a separate collector #1253 + [FEATURE] Add a flag to disable exporter metrics #1148 + [FEATURE] Add kstat-based Solaris metrics for boottime, cpu and zfs collectors #1197 + [FEATURE] Add uname collector for FreeBSD #1239 + [FEATURE] Add diskstats collector for OpenBSD #1250 + [FEATURE] Add pressure collector exposing pressure stall information for Linux #1174 + [FEATURE] Add perf exporter for Linux #1274 + [ENHANCEMENT] Add Infiniband counters #1120 + [ENHANCEMENT] Add TCPSynRetrans to netstat default filter #1143 + [ENHANCEMENT] Move network_up labels into new metric network_info #1236 + [ENHANCEMENT] Use 64-bit counters for Darwin netstat + [BUGFIX] Add fallback for missing /proc/1/mounts #1172 + [BUGFIX] Fix node_textfile_mtime_seconds to work properly on symlinks #1326 o Add support for RedHat 8 + Adjust dependencies on spec file + Disable dwarf compression in go build golang-github-wrouesnel-postgres_exporter: o Add support for RedHat 8 + Adjust dependencies on spec file + Disable dwarf compression in go build mgr-cfg: o Remove commented code in test files o Replace spacewalk-usix with uyuni-common-libs o Bump version to 4.1.0 (bsc#1154940) o Add mgr manpage links mgr-custom-info: o Bump version to 4.1.0 (bsc#1154940) mgr-daemon: o Bump version to 4.1.0 (bsc#1154940) o Fix systemd timer configuration on SLE12 (bsc#1142038) mgr-osad: o Separate osa-dispatcher and jabberd so it can be disabled independently o Replace spacewalk-usix with uyuni-common-libs o Bump version to 4.1.0 (bsc#1154940) o Move /usr/share/rhn/config-defaults to uyuni-base-common o Require uyuni-base-common for /etc/rhn (for osa-dispatcher) o Ensure bytes type when using hashlib to avoid traceback (bsc#1138822) mgr-push: o Replace spacewalk-usix and spacewalk-backend-libs with uyuni-common-libs o Bump version to 4.1.0 (bsc#1154940) mgr-virtualization: o Replace spacewalk-usix with uyuni-common-libs o Bump version to 4.1.0 (bsc#1154940) o Fix mgr-virtualization timer rhnlib: o Fix building o Fix malformed XML response when data contains non-ASCII chars (bsc#1154968) o Bump version to 4.1.0 (bsc#1154940) o Fix bootstrapping SLE11SP4 trad client with SSL enabled (bsc#1148177) spacecmd: o Only report real error, not result (bsc#1171687) o Use defined return values for spacecmd methods so scripts can check for failure (bsc#1171687) o Disable globbing for api subcommand to allow wildcards in filter settings (bsc#1163871) o Bugfix: attempt to purge SSM when it is empty (bsc#1155372) o Bump version to 4.1.0 (bsc#1154940) o Prevent error when piping stdout in Python 2 (bsc#1153090) o Java api expects content as encoded string instead of encoded bytes like before (bsc#1153277) o Enable building and installing for Ubuntu 16.04 and Ubuntu 18.04 o Add unit test for schedule, errata, user, utils, misc, configchannel and kickstart modules o Multiple minor bugfixes alongside the unit tests o Bugfix: referenced variable before assignment. o Add unit test for report, package, org, repo and group spacewalk-client-tools: o Add workaround for uptime overflow to spacewalk-update-status as well (bsc# 1165921) o Spell correctly "successful" and "successfully" o Skip dmidecode data on aarch64 to prevent coredump (bsc#1113160) o Replace spacewalk-usix with uyuni-common-libs o Return a non-zero exit status on errors in rhn_check o Bump version to 4.1.0 (bsc#1154940) o Make a explicit requirement to systemd for spacewalk-client-tools when rhnsd timer is installed spacewalk-koan: o Bump version to 4.1.0 (bsc#1154940) o Require commands we use in merge-rd.sh spacewalk-oscap: o Bump version to 4.1.0 (bsc#1154940) spacewalk-remote-utils: o Update spacewalk-create-channel with RHEL 7.7 channel definitions o Bump version to 4.1.0 (bsc#1154940) supportutils-plugin-susemanager-client: o Bump version to 4.1.0 (bsc#1154940) suseRegisterInfo: o SuseRegisterInfo only needs perl-base, not full perl (bsc#1168310) o Bump version to 4.1.0 (bsc#1154940) zypp-plugin-spacewalk: o Prevent issue with non-ASCII characters in Python 2 systems (bsc#1172462) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-client-tools-202006-14428=1 o SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-client-tools-202006-14428=1 Package List: o SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): koan-2.2.2-0.68.9.1 mgr-cfg-4.1.2-5.12.1 mgr-cfg-actions-4.1.2-5.12.1 mgr-cfg-client-4.1.2-5.12.1 mgr-cfg-management-4.1.2-5.12.1 mgr-custom-info-4.1.1-5.6.1 mgr-daemon-4.1.1-5.14.1 mgr-daemon-debuginfo-4.1.1-5.14.1 mgr-daemon-debugsource-4.1.1-5.14.1 mgr-osad-4.1.2-5.15.1 mgr-push-4.1.1-5.6.1 mgr-virtualization-host-4.1.1-5.14.1 python2-mgr-cfg-4.1.2-5.12.1 python2-mgr-cfg-actions-4.1.2-5.12.1 python2-mgr-cfg-client-4.1.2-5.12.1 python2-mgr-cfg-management-4.1.2-5.12.1 python2-mgr-osa-common-4.1.2-5.15.1 python2-mgr-osad-4.1.2-5.15.1 python2-mgr-push-4.1.1-5.6.1 python2-mgr-virtualization-common-4.1.1-5.14.1 python2-mgr-virtualization-host-4.1.1-5.14.1 python2-rhnlib-4.1.2-12.22.1 python2-spacewalk-check-4.1.5-27.32.1 python2-spacewalk-client-setup-4.1.5-27.32.1 python2-spacewalk-client-tools-4.1.5-27.32.1 python2-spacewalk-koan-4.1.1-9.12.1 python2-spacewalk-oscap-4.1.1-6.12.2 python2-suseRegisterInfo-4.1.2-6.9.1 python2-uyuni-common-libs-4.1.5-5.3.1 python2-zypp-plugin-spacewalk-1.0.7-27.15.1 spacecmd-4.1.4-18.63.1 spacewalk-check-4.1.5-27.32.1 spacewalk-client-setup-4.1.5-27.32.1 spacewalk-client-tools-4.1.5-27.32.1 spacewalk-koan-4.1.1-9.12.1 spacewalk-oscap-4.1.1-6.12.2 suseRegisterInfo-4.1.2-6.9.1 uyuni-base-common-4.1.1-5.3.1 zypp-plugin-spacewalk-1.0.7-27.15.1 o SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 x86_64): golang-github-prometheus-node_exporter-0.18.1-5.6.1 golang-github-wrouesnel-postgres_exporter-0.4.7-5.6.1 o SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (noarch): spacewalk-remote-utils-4.1.1-6.15.1 supportutils-plugin-susemanager-client-4.1.2-9.15.1 o SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): koan-2.2.2-0.68.9.1 mgr-cfg-4.1.2-5.12.1 mgr-cfg-actions-4.1.2-5.12.1 mgr-cfg-client-4.1.2-5.12.1 mgr-cfg-management-4.1.2-5.12.1 mgr-custom-info-4.1.1-5.6.1 mgr-daemon-4.1.1-5.14.1 mgr-daemon-debuginfo-4.1.1-5.14.1 mgr-daemon-debugsource-4.1.1-5.14.1 mgr-osad-4.1.2-5.15.1 mgr-push-4.1.1-5.6.1 mgr-virtualization-host-4.1.1-5.14.1 python2-mgr-cfg-4.1.2-5.12.1 python2-mgr-cfg-actions-4.1.2-5.12.1 python2-mgr-cfg-client-4.1.2-5.12.1 python2-mgr-cfg-management-4.1.2-5.12.1 python2-mgr-osa-common-4.1.2-5.15.1 python2-mgr-osad-4.1.2-5.15.1 python2-mgr-push-4.1.1-5.6.1 python2-mgr-virtualization-common-4.1.1-5.14.1 python2-mgr-virtualization-host-4.1.1-5.14.1 python2-rhnlib-4.1.2-12.22.1 python2-spacewalk-check-4.1.5-27.32.1 python2-spacewalk-client-setup-4.1.5-27.32.1 python2-spacewalk-client-tools-4.1.5-27.32.1 python2-spacewalk-koan-4.1.1-9.12.1 python2-spacewalk-oscap-4.1.1-6.12.2 python2-suseRegisterInfo-4.1.2-6.9.1 python2-uyuni-common-libs-4.1.5-5.3.1 python2-zypp-plugin-spacewalk-1.0.7-27.15.1 spacecmd-4.1.4-18.63.1 spacewalk-check-4.1.5-27.32.1 spacewalk-client-setup-4.1.5-27.32.1 spacewalk-client-tools-4.1.5-27.32.1 spacewalk-koan-4.1.1-9.12.1 spacewalk-oscap-4.1.1-6.12.2 suseRegisterInfo-4.1.2-6.9.1 uyuni-base-common-4.1.1-5.3.1 zypp-plugin-spacewalk-1.0.7-27.15.1 o SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 x86_64): golang-github-prometheus-node_exporter-0.18.1-5.6.1 golang-github-wrouesnel-postgres_exporter-0.4.7-5.6.1 o SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (noarch): spacewalk-remote-utils-4.1.1-6.15.1 supportutils-plugin-susemanager-client-4.1.2-9.15.1 References: o https://bugzilla.suse.com/1113160 o https://bugzilla.suse.com/1138822 o https://bugzilla.suse.com/1142038 o https://bugzilla.suse.com/1148177 o https://bugzilla.suse.com/1153090 o https://bugzilla.suse.com/1153277 o https://bugzilla.suse.com/1154940 o https://bugzilla.suse.com/1154968 o https://bugzilla.suse.com/1155372 o https://bugzilla.suse.com/1163871 o https://bugzilla.suse.com/1165921 o https://bugzilla.suse.com/1168310 o https://bugzilla.suse.com/1171687 o https://bugzilla.suse.com/1172462 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXxfituNLKJtyKPYoAQgbaRAApVHkxupR9R1f1D7iofG9kVSn0zSS/1oF pL/Ezlr4KEhKGEPiLW+ENnoRdxeL9oRT8ZIUDLMPc3g/Yx9bX0h7vH4rLIKOGMt+ FndLkmQKki/dFu6yi+G3VyJVawrxU3aeTy+uDt5QEVCgwglwrOJn/DsLKklvHQXq y6Z60lNV2x1ejqHp6R3M3agPC5+0fQIOieK5AjFvOcZmHY0JUd+wmkGS7H/Gxrrp NKC1y5vB/HEmp8LmdB5azDq0dZ8SBxoXBg7QsOxfrz+QQjy2ANTeP/icrHEIzp5i 1b0Qxz1AW/Yvqf/iZib8IJSw3fbxflesNcihFaWgOU3QyKkyHR45a0sNW47VpB9S NGbQuIjH4fot3j8oiS7/YYuyuz3MYl4EYJO5RvzAS+4WhuRDRYFSrC9my8B7Ue5I AJd98VkhwKiSVlIY9lgf0Gutxvl3Al4RgQ7Xs+aLm96gdjjL97cSnEJ3zOjibvHr fVUWLD6fFdnPlmxvYWqo4hLz6DqFOFtBJkEe8RSYXBSRSiHigDr2nEuTyOMaGYWl jDyBTWCBCBwG3Ne3BOOPwS5eFQs6D3WQrFSx+dGD36BSMC04I6GZojhWc7WgxJae rHVs5fv8awQJZTAkR91nEL0TPDO98z5bfG7bahYENygcspbaGyzlSkTBStLVBGuB TFs2EKkGwrE= =lSkE -----END PGP SIGNATURE-----