SUSE-RU-2015:0393-1
- Source
- https://www.suse.com/support/update/announcement/2015/suse-ru-20150393-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-RU-2015:0393-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-RU-2015:0393-1
- Related
- Published
- 2015-02-06T14:03:47Z
- Modified
- 2025-05-02T04:04:08.567118Z
- Upstream
- Summary
- Recommended update for SUSE Manager Server 2.1
- Details
-
This collective update for SUSE Manager Server 2.1 provides the following new features:
* ISS: export/import information about cloned channels to support Service Pack migration on ISS slaves. (FATE#317789) * New API calls: system.scheduleSPMigration(), system.scheduleDistUpgrade(). (FATE#314785, FATE#314340)Additionally, several issues have been fixed:
cobbler:
* Fix re-installation on SLE with static network configuration. (bsc#883487) * Add RHEL 7 as a valid operating system version.smdba:
* Archival of PosgreSQL transaction log does not recover in case of no space left on device. (bsc#915140)sm-ncc-sync-data:
* Add support for RES7 in SUSE Manager. (bsc#897723, bsc#893608)spacewalk-backend:
* Convert mtime to localtime to prevent invalid times because of DST. (bsc#914437) * Do not exit with error if a vendor channel has no URL associated. (bsc#914260) * Copy all SUSE Manager logfiles into spacewalk-debug. * Exclude old backup-logs from spacewalk-debug to reduce size. * Fix ISS export with unset patch severity. * Convert empty string to null for DMI values. (bsc#911272) * Fixed double-counting of systems subscribed to more than one channel.spacewalk-certs-tools:
* Do not allow registering a SUSE Manager server against itself. (bsc#841731)spacewalk-java:
* Fix auditlog config yaml syntax. (bsc#913221) * Show Proxy tab if system is a proxy even when assigned to cloned channels. (bsc#913939) * Fixed uncaught error which prevent correct error handling. (bsc#858971) * Fix NPE by setting max_members to 0 instead of NULL. (bsc#912035) * Fix more cross-site-scripting (XSS) issues. (CVE-2014-7811, bsc#902915) * Fix basic authentication for HTTP proxies. (bsc#912057) * Accept repos with same SCC ID and different URLs. (bsc#911808) * Avoid mgr-sync-refresh failure because clear_log_id was not called. (bsc#911166) * Fix cross-site-scripting (XSS) issue in system-group (CVE-2014-7812, bsc#912886) * Fix 'Select All' buttons display on rhn:list and make it consistent with new rl:list. (bsc#909724) * Fix List tag missing submit parameter for 'Select All' and others. (bnc#909724) * Sort filelist in configfile.compare event history alphabetically. (bsc#910243) * Allow parenthesis in system group description. (bsc#903064) * Provide new API documentation in PDF format. (bsc#896029) * Update the example scripts section. (bsc#896029) * Fixed wording issues on package lock page. (bsc#880022) * Make text more clear for package profile sync. (bsc#884350)spacewalk-web:
* Show Proxy tab if system is a proxy even when assigned to cloned channels. (bsc#913939)supportutils-plugin-susemanager:
* Write current service and repository configuration into supportconfig.susemanager-jspen, susemanager-manualsen:
* Update text and image files (bsc#910494). * Firewall rules are incomplete - ssh-push and ssh-push-tunnel settings missing. (bsc#904703). * Document SP migration and ISS. (bsc#913215, partially). * Fix 'beta packages' mentioned in documentation. (bsc#886421). * User guide: Snapshots: clarify snaphot usage. (bsc#906851). * Document maximal supported configuration file limit. (bsc#910482).susemanager-schema:
* Fix NPE by setting max_members to 0 instead of NULL. (bsc#912035) * Fix old migration for future reference. (bsc#911180) * Avoid NPE when migrating to SCC on Oracle migrated from 1.7. (bsc#911180) * Fixed double-counting systems subscribed to more than one channel.susemanager:
* Ask for the authentication beforehand. (bsc#908317) * Bring back the ability to save credentials to the configuration file. * Bring back token verification availability. * Never ask for user credentials when scheduling a refresh.susemanager-sync-data:
* Added support for RES7 in SUSE Manager. (bsc#897723, bsc#893608)tanukiwrapper:
* Allow more than 4G as -Xmx option. (bsc#914900)How to apply this update:
- Log in as root user to the SUSE Manager server.
- Stop the Spacewalk service: spacewalk-service stop
- Apply the patch using either zypper patch or YaST Online Update.
- Upgrade the database schema with spacewalk-schema-upgrade
- Start the Spacewalk service: spacewalk-service start
Security Issues:
* CVE-2014-7811 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7811> * CVE-2014-7812 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7812> - References
-
- https://www.suse.com/support/update/announcement//suse-ru-20150393-1/
- https://bugzilla.suse.com/841731
- https://bugzilla.suse.com/858971
- https://bugzilla.suse.com/880022
- https://bugzilla.suse.com/883487
- https://bugzilla.suse.com/884350
- https://bugzilla.suse.com/886421
- https://bugzilla.suse.com/893608
- https://bugzilla.suse.com/896029
- https://bugzilla.suse.com/897723
- https://bugzilla.suse.com/902915
- https://bugzilla.suse.com/903064
- https://bugzilla.suse.com/904703
- https://bugzilla.suse.com/906851
- https://bugzilla.suse.com/908317
- https://bugzilla.suse.com/909724
- https://bugzilla.suse.com/910243
- https://bugzilla.suse.com/910482
- https://bugzilla.suse.com/910494
- https://bugzilla.suse.com/911166
- https://bugzilla.suse.com/911180
- https://bugzilla.suse.com/911272
- https://bugzilla.suse.com/911808
- https://bugzilla.suse.com/912035
- https://bugzilla.suse.com/912057
- https://bugzilla.suse.com/912886
- https://bugzilla.suse.com/913215
- https://bugzilla.suse.com/913221
- https://bugzilla.suse.com/913939
- https://bugzilla.suse.com/914260
- https://bugzilla.suse.com/914437
- https://bugzilla.suse.com/914900
- https://bugzilla.suse.com/915140
- https://www.suse.com/security/cve/CVE-2014-7811
- https://www.suse.com/security/cve/CVE-2014-7812