SUSE-SU-2017:1346-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2017/suse-su-20171346-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2017:1346-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2017:1346-1
Related
  • CVE-2017-7470
Published
2017-05-18T22:20:37Z
Modified
2025-05-02T04:07:01.527124Z
Upstream
  • CVE-2017-7470
Summary
Security update for SUSE Manager Proxy 3.0
Details

The following security issue in spacewalk-backend has been fixed:

  • Non admin or disabled user cannot make changes to a system anymore using spacewalk-channel. (bsc#1026633, CVE-2017-7470)

Additionally, the following non-security issues have been fixed:

rhnlib:

  • Support all TLS versions in rpclib. (bsc#1025312)

spacewalk-backend:

  • Do not fail with traceback when media.1 does not exist. (bsc#1032256)
  • Create scap files dir beforehand. (bsc#1029755)
  • Fix error if SPACEWALKDEBUGNO_REPORTS env variable is not present.
  • Don't skip 'rhnErrataPackage' cleanup during an errata update. (bsc#1023233)
  • Add support for running spacewalk-debug without creating reports. (bsc#1024714)
  • Set scap store dir mod to 775 and group owner to susemanager.
  • Incompletepackageimport: do import rhnPackageFile as it breaks some package installations.
  • Added traceback printing to the exception block.
  • Change postgresql starting commands.

spacewalk-certs-tools:

  • Always restart the minion regardless of its current state. (bsc#1034956)
  • Correctly honor disabling of SSL in bootstrap script. (bsc#1033383)
  • Add curl dependency and move mgr-proxy-ssh* to spacewalk-proxy package.
  • Exit for non-traditional bootstrap scripts. (bsc#1020904)
  • Rename mgr-ssh-proxy-force-cmd -> mgr-proxy-ssh-force-cmd.
  • Add mgr-proxy-ssh-force-cmd, mgr-proxy-ssh-push-init to rpm.
  • Add option to configure only sshd.
  • Restrictive ssh options for user mgrsshtunnel.

spacewalk-client-tools:

  • Fix reboot message to use correct product name. (bsc#1031667)

spacewalk-proxy:

  • Add curl dependency and move mgr-proxy-ssh* to spacewalk-proxy package.
  • Lower the use-file-instead-of-memory treshold. (bsc#1030342)

spacewalk-proxy-installer:

  • Do not start firewall on proxy during configuration if not already active. (bsc#1031338)
  • Salt minions get repodata via a different URL; reflect by additional squid rule. (bsc#1027873)
  • Only warn if parent ssh-push pub key could not be retrieved.
  • Generate and auth ssh push keys for user mgrsshtunnel.
  • Authorize parent salt-ssh key on proxy.
  • Generate proxy ssh-push key and authorize the previous proxy in the chain.
  • Generate own ssh-push key for proxy and authorize parent.

spacewalk-web:

  • Remote Commands: Allow Web Socket to be opened on non-standard port.
  • Improve remote cmd ui err handling.
  • Show message when waiting for ssh minions times out.
  • Fix remote cmd ui js err and timed out message.
  • Remote cmd UI changes for salt-ssh minions.
  • Fix broken help link for taskstatus. (bsc#1017422)
  • Add js utility function to create Date objects in different timezones.
  • Show proxy path in bootstrap UI.
  • Clear proxy selection when clicking clear fields button.
  • Check if proxy hostname is FQDN not name in UI.
  • Show warn in bootstrap UI if proxy hostname is not a FQDN.

susemanager-sls:

  • Add certificate state for CAASP.
  • Add certificate state for SLES for SAP. (bsc#1031659)
  • Pre-create empty top.sls with no-op. (bsc#1017754)
  • Add xccdf result xslt.
  • Fix mainframesysinfo module to use /proc/sysinfo on SLES11. (bsc#1025758)
  • Set scap store dir mod to 775 and group owner to susemanager.
  • Store uploaded scap files.
  • Set minion own key owner to bootstrap sshpushsudo_user.
  • Runner to generate ssh key and execute cmd via proxies.
  • Change ssh bootstrap state to generate and auth keys for salt-ssh push with tunnel.
  • Authorize parent salt-ssh key on proxy.

How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start

References

Affected packages

SUSE:Manager Proxy 3.0 / rhnlib

Package

Name
rhnlib
Purl
pkg:rpm/suse/rhnlib&distro=SUSE%20Manager%20Proxy%203.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.84.4-6.1

Ecosystem specific 

{
    "binaries": [
        {
            "spacewalk-certs-tools": "2.5.1.8-17.1",
            "spacewalk-proxy-management": "2.5.1.7-15.1",
            "susemanager-sls": "0.1.20-23.1",
            "spacewalk-proxy-salt": "2.5.1.7-15.1",
            "spacewalk-check": "2.5.13.8-17.2",
            "spacewalk-proxy-redirect": "2.5.1.7-15.1",
            "rhnlib": "2.5.84.4-6.1",
            "spacewalk-proxy-common": "2.5.1.7-15.1",
            "spacewalk-base-minimal": "2.5.7.15-21.1",
            "spacewalk-client-setup": "2.5.13.8-17.2",
            "spacewalk-backend": "2.5.24.9-22.1",
            "spacewalk-client-tools": "2.5.13.8-17.2",
            "spacewalk-proxy-installer": "2.5.2.5-6.1",
            "spacewalk-proxy-broker": "2.5.1.7-15.1",
            "spacewalk-base-minimal-config": "2.5.7.15-21.1",
            "spacewalk-backend-libs": "2.5.24.9-22.1",
            "spacewalk-proxy-package-manager": "2.5.1.7-15.1"
        }
    ]
}

SUSE:Manager Proxy 3.0 / spacewalk-backend

Package

Name
spacewalk-backend
Purl
pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Proxy%203.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.24.9-22.1

Ecosystem specific 

{
    "binaries": [
        {
            "spacewalk-certs-tools": "2.5.1.8-17.1",
            "spacewalk-proxy-management": "2.5.1.7-15.1",
            "susemanager-sls": "0.1.20-23.1",
            "spacewalk-proxy-salt": "2.5.1.7-15.1",
            "spacewalk-check": "2.5.13.8-17.2",
            "spacewalk-proxy-redirect": "2.5.1.7-15.1",
            "rhnlib": "2.5.84.4-6.1",
            "spacewalk-proxy-common": "2.5.1.7-15.1",
            "spacewalk-base-minimal": "2.5.7.15-21.1",
            "spacewalk-client-setup": "2.5.13.8-17.2",
            "spacewalk-backend": "2.5.24.9-22.1",
            "spacewalk-client-tools": "2.5.13.8-17.2",
            "spacewalk-proxy-installer": "2.5.2.5-6.1",
            "spacewalk-proxy-broker": "2.5.1.7-15.1",
            "spacewalk-base-minimal-config": "2.5.7.15-21.1",
            "spacewalk-backend-libs": "2.5.24.9-22.1",
            "spacewalk-proxy-package-manager": "2.5.1.7-15.1"
        }
    ]
}

SUSE:Manager Proxy 3.0 / spacewalk-certs-tools

Package

Name
spacewalk-certs-tools
Purl
pkg:rpm/suse/spacewalk-certs-tools&distro=SUSE%20Manager%20Proxy%203.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.1.8-17.1

Ecosystem specific 

{
    "binaries": [
        {
            "spacewalk-certs-tools": "2.5.1.8-17.1",
            "spacewalk-proxy-management": "2.5.1.7-15.1",
            "susemanager-sls": "0.1.20-23.1",
            "spacewalk-proxy-salt": "2.5.1.7-15.1",
            "spacewalk-check": "2.5.13.8-17.2",
            "spacewalk-proxy-redirect": "2.5.1.7-15.1",
            "rhnlib": "2.5.84.4-6.1",
            "spacewalk-proxy-common": "2.5.1.7-15.1",
            "spacewalk-base-minimal": "2.5.7.15-21.1",
            "spacewalk-client-setup": "2.5.13.8-17.2",
            "spacewalk-backend": "2.5.24.9-22.1",
            "spacewalk-client-tools": "2.5.13.8-17.2",
            "spacewalk-proxy-installer": "2.5.2.5-6.1",
            "spacewalk-proxy-broker": "2.5.1.7-15.1",
            "spacewalk-base-minimal-config": "2.5.7.15-21.1",
            "spacewalk-backend-libs": "2.5.24.9-22.1",
            "spacewalk-proxy-package-manager": "2.5.1.7-15.1"
        }
    ]
}

SUSE:Manager Proxy 3.0 / spacewalk-client-tools

Package

Name
spacewalk-client-tools
Purl
pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Proxy%203.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.13.8-17.2

Ecosystem specific 

{
    "binaries": [
        {
            "spacewalk-certs-tools": "2.5.1.8-17.1",
            "spacewalk-proxy-management": "2.5.1.7-15.1",
            "susemanager-sls": "0.1.20-23.1",
            "spacewalk-proxy-salt": "2.5.1.7-15.1",
            "spacewalk-check": "2.5.13.8-17.2",
            "spacewalk-proxy-redirect": "2.5.1.7-15.1",
            "rhnlib": "2.5.84.4-6.1",
            "spacewalk-proxy-common": "2.5.1.7-15.1",
            "spacewalk-base-minimal": "2.5.7.15-21.1",
            "spacewalk-client-setup": "2.5.13.8-17.2",
            "spacewalk-backend": "2.5.24.9-22.1",
            "spacewalk-client-tools": "2.5.13.8-17.2",
            "spacewalk-proxy-installer": "2.5.2.5-6.1",
            "spacewalk-proxy-broker": "2.5.1.7-15.1",
            "spacewalk-base-minimal-config": "2.5.7.15-21.1",
            "spacewalk-backend-libs": "2.5.24.9-22.1",
            "spacewalk-proxy-package-manager": "2.5.1.7-15.1"
        }
    ]
}

SUSE:Manager Proxy 3.0 / spacewalk-proxy

Package

Name
spacewalk-proxy
Purl
pkg:rpm/suse/spacewalk-proxy&distro=SUSE%20Manager%20Proxy%203.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.1.7-15.1

Ecosystem specific 

{
    "binaries": [
        {
            "spacewalk-certs-tools": "2.5.1.8-17.1",
            "spacewalk-proxy-management": "2.5.1.7-15.1",
            "susemanager-sls": "0.1.20-23.1",
            "spacewalk-proxy-salt": "2.5.1.7-15.1",
            "spacewalk-check": "2.5.13.8-17.2",
            "spacewalk-proxy-redirect": "2.5.1.7-15.1",
            "rhnlib": "2.5.84.4-6.1",
            "spacewalk-proxy-common": "2.5.1.7-15.1",
            "spacewalk-base-minimal": "2.5.7.15-21.1",
            "spacewalk-client-setup": "2.5.13.8-17.2",
            "spacewalk-backend": "2.5.24.9-22.1",
            "spacewalk-client-tools": "2.5.13.8-17.2",
            "spacewalk-proxy-installer": "2.5.2.5-6.1",
            "spacewalk-proxy-broker": "2.5.1.7-15.1",
            "spacewalk-base-minimal-config": "2.5.7.15-21.1",
            "spacewalk-backend-libs": "2.5.24.9-22.1",
            "spacewalk-proxy-package-manager": "2.5.1.7-15.1"
        }
    ]
}

SUSE:Manager Proxy 3.0 / spacewalk-proxy-installer

Package

Name
spacewalk-proxy-installer
Purl
pkg:rpm/suse/spacewalk-proxy-installer&distro=SUSE%20Manager%20Proxy%203.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.2.5-6.1

Ecosystem specific 

{
    "binaries": [
        {
            "spacewalk-certs-tools": "2.5.1.8-17.1",
            "spacewalk-proxy-management": "2.5.1.7-15.1",
            "susemanager-sls": "0.1.20-23.1",
            "spacewalk-proxy-salt": "2.5.1.7-15.1",
            "spacewalk-check": "2.5.13.8-17.2",
            "spacewalk-proxy-redirect": "2.5.1.7-15.1",
            "rhnlib": "2.5.84.4-6.1",
            "spacewalk-proxy-common": "2.5.1.7-15.1",
            "spacewalk-base-minimal": "2.5.7.15-21.1",
            "spacewalk-client-setup": "2.5.13.8-17.2",
            "spacewalk-backend": "2.5.24.9-22.1",
            "spacewalk-client-tools": "2.5.13.8-17.2",
            "spacewalk-proxy-installer": "2.5.2.5-6.1",
            "spacewalk-proxy-broker": "2.5.1.7-15.1",
            "spacewalk-base-minimal-config": "2.5.7.15-21.1",
            "spacewalk-backend-libs": "2.5.24.9-22.1",
            "spacewalk-proxy-package-manager": "2.5.1.7-15.1"
        }
    ]
}

SUSE:Manager Proxy 3.0 / spacewalk-web

Package

Name
spacewalk-web
Purl
pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Proxy%203.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.7.15-21.1

Ecosystem specific 

{
    "binaries": [
        {
            "spacewalk-certs-tools": "2.5.1.8-17.1",
            "spacewalk-proxy-management": "2.5.1.7-15.1",
            "susemanager-sls": "0.1.20-23.1",
            "spacewalk-proxy-salt": "2.5.1.7-15.1",
            "spacewalk-check": "2.5.13.8-17.2",
            "spacewalk-proxy-redirect": "2.5.1.7-15.1",
            "rhnlib": "2.5.84.4-6.1",
            "spacewalk-proxy-common": "2.5.1.7-15.1",
            "spacewalk-base-minimal": "2.5.7.15-21.1",
            "spacewalk-client-setup": "2.5.13.8-17.2",
            "spacewalk-backend": "2.5.24.9-22.1",
            "spacewalk-client-tools": "2.5.13.8-17.2",
            "spacewalk-proxy-installer": "2.5.2.5-6.1",
            "spacewalk-proxy-broker": "2.5.1.7-15.1",
            "spacewalk-base-minimal-config": "2.5.7.15-21.1",
            "spacewalk-backend-libs": "2.5.24.9-22.1",
            "spacewalk-proxy-package-manager": "2.5.1.7-15.1"
        }
    ]
}

SUSE:Manager Proxy 3.0 / susemanager-sls

Package

Name
susemanager-sls
Purl
pkg:rpm/suse/susemanager-sls&distro=SUSE%20Manager%20Proxy%203.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.1.20-23.1

Ecosystem specific 

{
    "binaries": [
        {
            "spacewalk-certs-tools": "2.5.1.8-17.1",
            "spacewalk-proxy-management": "2.5.1.7-15.1",
            "susemanager-sls": "0.1.20-23.1",
            "spacewalk-proxy-salt": "2.5.1.7-15.1",
            "spacewalk-check": "2.5.13.8-17.2",
            "spacewalk-proxy-redirect": "2.5.1.7-15.1",
            "rhnlib": "2.5.84.4-6.1",
            "spacewalk-proxy-common": "2.5.1.7-15.1",
            "spacewalk-base-minimal": "2.5.7.15-21.1",
            "spacewalk-client-setup": "2.5.13.8-17.2",
            "spacewalk-backend": "2.5.24.9-22.1",
            "spacewalk-client-tools": "2.5.13.8-17.2",
            "spacewalk-proxy-installer": "2.5.2.5-6.1",
            "spacewalk-proxy-broker": "2.5.1.7-15.1",
            "spacewalk-base-minimal-config": "2.5.7.15-21.1",
            "spacewalk-backend-libs": "2.5.24.9-22.1",
            "spacewalk-proxy-package-manager": "2.5.1.7-15.1"
        }
    ]
}