SUSE-SU-2017:1346-1
- Source
- https://www.suse.com/support/update/announcement/2017/suse-su-20171346-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2017:1346-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2017:1346-1
- Upstream
- Related
- Published
- 2017-05-18T22:20:37Z
- Modified
- 2025-05-02T04:07:01.527124Z
- Summary
- Security update for SUSE Manager Proxy 3.0
- Details
-
The following security issue in spacewalk-backend has been fixed:
- Non admin or disabled user cannot make changes to a system anymore using spacewalk-channel. (bsc#1026633, CVE-2017-7470)
Additionally, the following non-security issues have been fixed:
rhnlib:
- Support all TLS versions in rpclib. (bsc#1025312)
spacewalk-backend:
- Do not fail with traceback when media.1 does not exist. (bsc#1032256)
- Create scap files dir beforehand. (bsc#1029755)
- Fix error if SPACEWALKDEBUGNO_REPORTS env variable is not present.
- Don't skip 'rhnErrataPackage' cleanup during an errata update. (bsc#1023233)
- Add support for running spacewalk-debug without creating reports. (bsc#1024714)
- Set scap store dir mod to 775 and group owner to susemanager.
- Incompletepackageimport: do import rhnPackageFile as it breaks some package installations.
- Added traceback printing to the exception block.
- Change postgresql starting commands.
spacewalk-certs-tools:
- Always restart the minion regardless of its current state. (bsc#1034956)
- Correctly honor disabling of SSL in bootstrap script. (bsc#1033383)
- Add curl dependency and move mgr-proxy-ssh* to spacewalk-proxy package.
- Exit for non-traditional bootstrap scripts. (bsc#1020904)
- Rename mgr-ssh-proxy-force-cmd -> mgr-proxy-ssh-force-cmd.
- Add mgr-proxy-ssh-force-cmd, mgr-proxy-ssh-push-init to rpm.
- Add option to configure only sshd.
- Restrictive ssh options for user mgrsshtunnel.
spacewalk-client-tools:
- Fix reboot message to use correct product name. (bsc#1031667)
spacewalk-proxy:
- Add curl dependency and move mgr-proxy-ssh* to spacewalk-proxy package.
- Lower the use-file-instead-of-memory treshold. (bsc#1030342)
spacewalk-proxy-installer:
- Do not start firewall on proxy during configuration if not already active. (bsc#1031338)
- Salt minions get repodata via a different URL; reflect by additional squid rule. (bsc#1027873)
- Only warn if parent ssh-push pub key could not be retrieved.
- Generate and auth ssh push keys for user mgrsshtunnel.
- Authorize parent salt-ssh key on proxy.
- Generate proxy ssh-push key and authorize the previous proxy in the chain.
- Generate own ssh-push key for proxy and authorize parent.
spacewalk-web:
- Remote Commands: Allow Web Socket to be opened on non-standard port.
- Improve remote cmd ui err handling.
- Show message when waiting for ssh minions times out.
- Fix remote cmd ui js err and timed out message.
- Remote cmd UI changes for salt-ssh minions.
- Fix broken help link for taskstatus. (bsc#1017422)
- Add js utility function to create Date objects in different timezones.
- Show proxy path in bootstrap UI.
- Clear proxy selection when clicking clear fields button.
- Check if proxy hostname is FQDN not name in UI.
- Show warn in bootstrap UI if proxy hostname is not a FQDN.
susemanager-sls:
- Add certificate state for CAASP.
- Add certificate state for SLES for SAP. (bsc#1031659)
- Pre-create empty top.sls with no-op. (bsc#1017754)
- Add xccdf result xslt.
- Fix mainframesysinfo module to use /proc/sysinfo on SLES11. (bsc#1025758)
- Set scap store dir mod to 775 and group owner to susemanager.
- Store uploaded scap files.
- Set minion own key owner to bootstrap sshpushsudo_user.
- Runner to generate ssh key and execute cmd via proxies.
- Change ssh bootstrap state to generate and auth keys for salt-ssh push with tunnel.
- Authorize parent salt-ssh key on proxy.
How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start
- References
-
- https://www.suse.com/support/update/announcement/2017/suse-su-20171346-1/
- https://bugzilla.suse.com/1017422
- https://bugzilla.suse.com/1017754
- https://bugzilla.suse.com/1020904
- https://bugzilla.suse.com/1023233
- https://bugzilla.suse.com/1024714
- https://bugzilla.suse.com/1025312
- https://bugzilla.suse.com/1025758
- https://bugzilla.suse.com/1026633
- https://bugzilla.suse.com/1027873
- https://bugzilla.suse.com/1029755
- https://bugzilla.suse.com/1030342
- https://bugzilla.suse.com/1031338
- https://bugzilla.suse.com/1031659
- https://bugzilla.suse.com/1031667
- https://bugzilla.suse.com/1032256
- https://bugzilla.suse.com/1033383
- https://bugzilla.suse.com/1034956
- https://www.suse.com/security/cve/CVE-2017-7470
Affected packages
SUSE:Manager Proxy 3.0
rhnlib
Package
- Name
- rhnlib
- Purl
- pkg:rpm/suse/rhnlib&distro=SUSE%20Manager%20Proxy%203.0
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.5.84.4-6.1
Ecosystem specific
{
"binaries": [
{
"spacewalk-backend": "2.5.24.9-22.1",
"spacewalk-base-minimal": "2.5.7.15-21.1",
"spacewalk-proxy-package-manager": "2.5.1.7-15.1",
"spacewalk-proxy-salt": "2.5.1.7-15.1",
"spacewalk-proxy-redirect": "2.5.1.7-15.1",
"spacewalk-check": "2.5.13.8-17.2",
"spacewalk-proxy-management": "2.5.1.7-15.1",
"susemanager-sls": "0.1.20-23.1",
"spacewalk-base-minimal-config": "2.5.7.15-21.1",
"spacewalk-client-tools": "2.5.13.8-17.2",
"spacewalk-proxy-broker": "2.5.1.7-15.1",
"rhnlib": "2.5.84.4-6.1",
"spacewalk-proxy-common": "2.5.1.7-15.1",
"spacewalk-backend-libs": "2.5.24.9-22.1",
"spacewalk-client-setup": "2.5.13.8-17.2",
"spacewalk-certs-tools": "2.5.1.8-17.1",
"spacewalk-proxy-installer": "2.5.2.5-6.1"
}
]
}spacewalk-backend
Package
- Name
- spacewalk-backend
- Purl
- pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Proxy%203.0
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.5.24.9-22.1
Ecosystem specific
{
"binaries": [
{
"spacewalk-backend": "2.5.24.9-22.1",
"spacewalk-base-minimal": "2.5.7.15-21.1",
"spacewalk-proxy-package-manager": "2.5.1.7-15.1",
"spacewalk-proxy-salt": "2.5.1.7-15.1",
"spacewalk-proxy-redirect": "2.5.1.7-15.1",
"spacewalk-check": "2.5.13.8-17.2",
"spacewalk-proxy-management": "2.5.1.7-15.1",
"susemanager-sls": "0.1.20-23.1",
"spacewalk-base-minimal-config": "2.5.7.15-21.1",
"spacewalk-client-tools": "2.5.13.8-17.2",
"spacewalk-proxy-broker": "2.5.1.7-15.1",
"rhnlib": "2.5.84.4-6.1",
"spacewalk-proxy-common": "2.5.1.7-15.1",
"spacewalk-backend-libs": "2.5.24.9-22.1",
"spacewalk-client-setup": "2.5.13.8-17.2",
"spacewalk-certs-tools": "2.5.1.8-17.1",
"spacewalk-proxy-installer": "2.5.2.5-6.1"
}
]
}spacewalk-certs-tools
Package
- Name
- spacewalk-certs-tools
- Purl
- pkg:rpm/suse/spacewalk-certs-tools&distro=SUSE%20Manager%20Proxy%203.0
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.5.1.8-17.1
Ecosystem specific
{
"binaries": [
{
"spacewalk-backend": "2.5.24.9-22.1",
"spacewalk-base-minimal": "2.5.7.15-21.1",
"spacewalk-proxy-package-manager": "2.5.1.7-15.1",
"spacewalk-proxy-salt": "2.5.1.7-15.1",
"spacewalk-proxy-redirect": "2.5.1.7-15.1",
"spacewalk-check": "2.5.13.8-17.2",
"spacewalk-proxy-management": "2.5.1.7-15.1",
"susemanager-sls": "0.1.20-23.1",
"spacewalk-base-minimal-config": "2.5.7.15-21.1",
"spacewalk-client-tools": "2.5.13.8-17.2",
"spacewalk-proxy-broker": "2.5.1.7-15.1",
"rhnlib": "2.5.84.4-6.1",
"spacewalk-proxy-common": "2.5.1.7-15.1",
"spacewalk-backend-libs": "2.5.24.9-22.1",
"spacewalk-client-setup": "2.5.13.8-17.2",
"spacewalk-certs-tools": "2.5.1.8-17.1",
"spacewalk-proxy-installer": "2.5.2.5-6.1"
}
]
}spacewalk-client-tools
Package
- Name
- spacewalk-client-tools
- Purl
- pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Proxy%203.0
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.5.13.8-17.2
Ecosystem specific
{
"binaries": [
{
"spacewalk-backend": "2.5.24.9-22.1",
"spacewalk-base-minimal": "2.5.7.15-21.1",
"spacewalk-proxy-package-manager": "2.5.1.7-15.1",
"spacewalk-proxy-salt": "2.5.1.7-15.1",
"spacewalk-proxy-redirect": "2.5.1.7-15.1",
"spacewalk-check": "2.5.13.8-17.2",
"spacewalk-proxy-management": "2.5.1.7-15.1",
"susemanager-sls": "0.1.20-23.1",
"spacewalk-base-minimal-config": "2.5.7.15-21.1",
"spacewalk-client-tools": "2.5.13.8-17.2",
"spacewalk-proxy-broker": "2.5.1.7-15.1",
"rhnlib": "2.5.84.4-6.1",
"spacewalk-proxy-common": "2.5.1.7-15.1",
"spacewalk-backend-libs": "2.5.24.9-22.1",
"spacewalk-client-setup": "2.5.13.8-17.2",
"spacewalk-certs-tools": "2.5.1.8-17.1",
"spacewalk-proxy-installer": "2.5.2.5-6.1"
}
]
}spacewalk-proxy
Package
- Name
- spacewalk-proxy
- Purl
- pkg:rpm/suse/spacewalk-proxy&distro=SUSE%20Manager%20Proxy%203.0
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.5.1.7-15.1
Ecosystem specific
{
"binaries": [
{
"spacewalk-backend": "2.5.24.9-22.1",
"spacewalk-base-minimal": "2.5.7.15-21.1",
"spacewalk-proxy-package-manager": "2.5.1.7-15.1",
"spacewalk-proxy-salt": "2.5.1.7-15.1",
"spacewalk-proxy-redirect": "2.5.1.7-15.1",
"spacewalk-check": "2.5.13.8-17.2",
"spacewalk-proxy-management": "2.5.1.7-15.1",
"susemanager-sls": "0.1.20-23.1",
"spacewalk-base-minimal-config": "2.5.7.15-21.1",
"spacewalk-client-tools": "2.5.13.8-17.2",
"spacewalk-proxy-broker": "2.5.1.7-15.1",
"rhnlib": "2.5.84.4-6.1",
"spacewalk-proxy-common": "2.5.1.7-15.1",
"spacewalk-backend-libs": "2.5.24.9-22.1",
"spacewalk-client-setup": "2.5.13.8-17.2",
"spacewalk-certs-tools": "2.5.1.8-17.1",
"spacewalk-proxy-installer": "2.5.2.5-6.1"
}
]
}spacewalk-proxy-installer
Package
- Name
- spacewalk-proxy-installer
- Purl
- pkg:rpm/suse/spacewalk-proxy-installer&distro=SUSE%20Manager%20Proxy%203.0
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.5.2.5-6.1
Ecosystem specific
{
"binaries": [
{
"spacewalk-backend": "2.5.24.9-22.1",
"spacewalk-base-minimal": "2.5.7.15-21.1",
"spacewalk-proxy-package-manager": "2.5.1.7-15.1",
"spacewalk-proxy-salt": "2.5.1.7-15.1",
"spacewalk-proxy-redirect": "2.5.1.7-15.1",
"spacewalk-check": "2.5.13.8-17.2",
"spacewalk-proxy-management": "2.5.1.7-15.1",
"susemanager-sls": "0.1.20-23.1",
"spacewalk-base-minimal-config": "2.5.7.15-21.1",
"spacewalk-client-tools": "2.5.13.8-17.2",
"spacewalk-proxy-broker": "2.5.1.7-15.1",
"rhnlib": "2.5.84.4-6.1",
"spacewalk-proxy-common": "2.5.1.7-15.1",
"spacewalk-backend-libs": "2.5.24.9-22.1",
"spacewalk-client-setup": "2.5.13.8-17.2",
"spacewalk-certs-tools": "2.5.1.8-17.1",
"spacewalk-proxy-installer": "2.5.2.5-6.1"
}
]
}spacewalk-web
Package
- Name
- spacewalk-web
- Purl
- pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Proxy%203.0
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.5.7.15-21.1
Ecosystem specific
{
"binaries": [
{
"spacewalk-backend": "2.5.24.9-22.1",
"spacewalk-base-minimal": "2.5.7.15-21.1",
"spacewalk-proxy-package-manager": "2.5.1.7-15.1",
"spacewalk-proxy-salt": "2.5.1.7-15.1",
"spacewalk-proxy-redirect": "2.5.1.7-15.1",
"spacewalk-check": "2.5.13.8-17.2",
"spacewalk-proxy-management": "2.5.1.7-15.1",
"susemanager-sls": "0.1.20-23.1",
"spacewalk-base-minimal-config": "2.5.7.15-21.1",
"spacewalk-client-tools": "2.5.13.8-17.2",
"spacewalk-proxy-broker": "2.5.1.7-15.1",
"rhnlib": "2.5.84.4-6.1",
"spacewalk-proxy-common": "2.5.1.7-15.1",
"spacewalk-backend-libs": "2.5.24.9-22.1",
"spacewalk-client-setup": "2.5.13.8-17.2",
"spacewalk-certs-tools": "2.5.1.8-17.1",
"spacewalk-proxy-installer": "2.5.2.5-6.1"
}
]
}susemanager-sls
Package
- Name
- susemanager-sls
- Purl
- pkg:rpm/suse/susemanager-sls&distro=SUSE%20Manager%20Proxy%203.0
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.1.20-23.1
Ecosystem specific
{
"binaries": [
{
"spacewalk-backend": "2.5.24.9-22.1",
"spacewalk-base-minimal": "2.5.7.15-21.1",
"spacewalk-proxy-package-manager": "2.5.1.7-15.1",
"spacewalk-proxy-salt": "2.5.1.7-15.1",
"spacewalk-proxy-redirect": "2.5.1.7-15.1",
"spacewalk-check": "2.5.13.8-17.2",
"spacewalk-proxy-management": "2.5.1.7-15.1",
"susemanager-sls": "0.1.20-23.1",
"spacewalk-base-minimal-config": "2.5.7.15-21.1",
"spacewalk-client-tools": "2.5.13.8-17.2",
"spacewalk-proxy-broker": "2.5.1.7-15.1",
"rhnlib": "2.5.84.4-6.1",
"spacewalk-proxy-common": "2.5.1.7-15.1",
"spacewalk-backend-libs": "2.5.24.9-22.1",
"spacewalk-client-setup": "2.5.13.8-17.2",
"spacewalk-certs-tools": "2.5.1.8-17.1",
"spacewalk-proxy-installer": "2.5.2.5-6.1"
}
]
}