SUSE-SU-2022:3314-1

Advisory lineage Upstream: 4 Downstream: 0
Published: 19 Sept 2022, 15:38
Last modified:04 Feb 2026, 04:02

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

19 Sept 2022, 15:38
Published
Vulnerability first disclosed
04 Feb 2026, 04:02
Last Modified
Vulnerability information updated

Description

Security update for SUSE Manager Server 4.2 This update fixes the following issues: drools: - CVE-2021-41411: XML External Entity injection in KieModuleModelImpl.java. (bsc#1200629) httpcomponents-asyncclient: - Provide maven metadata needed by other packages to build image-sync-formula: - Update to version 0.1.1661440526.b08d95b * Add option to sort boot images by version (bsc#1196729) inter-server-sync: - Version 0.2.3 * Compress exported sql data #16631 * Add gzip dependency to decompress data file during import process patterns-suse-manager: - Strictly require OpenJDK 11 (bsc#1202142) py27-compat-salt: - Add support for gpgautoimport in zypperpkg module - Fix salt.states.file.managed() for follow_symlinks=True and test=True (bsc#1199372) - Add support for name, pkgs and diff_attr parameters to upgrade function for zypper and yum (bsc#1198489) - Unify logic on using multiple requisites and add onfail_all (bsc#1198738) - Normalize package names once with pkg.installed/removed using yum (bsc#1195895) salt-netapi-client: - Declare the LICENSE file as license and not doc - Adapted for Enterprise Linux 9. - Version 0.20.0 * See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.20.0 saltboot-formula: - Update to version 0.1.1661440526.b08d95b * Fallback to local boot if the configured image is not synced * improve image url modifications - preparation for ftp/http changes spacecmd: - Version 4.2.19-1 * Process date values in spacecmd api calls (bsc#1198903) * Show correct help on calling kickstart_importjson with no arguments * Fix tracebacks on spacecmd kickstart_export (bsc#1200591) spacewalk-admin: - Version 4.2.12-1 * Add --help option to mgr-monitoring-ctl spacewalk-backend: - Version 4.2.24-1 * Make reposync use the configured http proxy with mirrorlist (bsc#1198168) * Revert proxy listChannels token caching pr#4548 * cleanup leftovers from removing unused xmlrpc endpoint spacewalk-certs-tools: - Version 4.2.18-1 * traditional stack bootstrap: install product packages (bsc#1201142) spacewalk-client-tools: - Version 4.2.20-1 * Update translation strings spacewalk-java: - Version 4.2.41-1 * Fixed date format on scheduler related messages (bsc#1195455) * Support inherited values for kernel options from Cobbler API (bsc#1199913) * Add channel availability check for product migration (bsc#1200296) * Check if system has all formulas correctly assigned (bsc#1201607) * Remove group formula assignments and data on group delete (bsc#1201606) * Fix sync for external repositories (bsc#1201753) * fix state.apply result parsing in test mode (bsc#1201913) * Reduce the length of image channel URL (bsc#1201220) * Calculate dependencies between cloned channels of vendor channels (bsc#1201626) * fix symlinks pointing to ongres-stringprep * Modify parameter type when communicating with the search server (bsc#1187028) * Fix initial profile and build host on Image Build page (bsc#1199659) * Fix the confirm message on the refresh action by adding a link to pending actions on it (bsc#1172705) * require new salt-netapi-client version * Clean grub2 reinstall entry in autoyast snippet (bsc#1199950) spacewalk-search: - Version 4.2.8-1 * Add methods to handle session id as String spacewalk-web: - Version 4.2.29-1 * CVE-2021-43138: Obtain privileges via the `mapValues()` method. (bsc#1200480) * CVE-2021-42740: Command injection in the shell-quote package. (bsc#1203287) * CVE-2022-31129: Denial-of-Service moment: inefficient parsing algorithm (bsc#1203288) * Fix table header layout for unselectable tables * Fix initial profile and build host on Image Build page (bsc#1199659) subscription-matcher: - Added Guava maximum version requirement. susemanager: - Version 4.2.37-1 * mark new dependencies for python-py optional in bootstrap repo to fix generation for older service packs (bsc#1203449) - Version 4.2.36-1 * add missing packages on SLES 15 * remove server-migrator.sh from SUSE Manager installations (bsc#1202728) * mgr-create-bootstrap-repo: flush directory also when called for a specific label (bsc#1200573) * add missing packages on SLES 12 SP5 bootstrap repo (bsc#1201918) * remove python-tornado from bootstrap repo, since no longer required for salt version >= 3000 * add openSUSE 15.4 product (bsc#1201527) * add clients tool product to generate bootstrap repo on openSUSE 15.x (bsc#1201189) susemanager-doc-indexes: - Documented mandatory channels in the Disconnected Setup chapter of the Administration Guide (bsc#1202464) - Documented how to onboard Ubuntu clients with the Salt bundle as a regular user - Documented how to onboard Debian clients with the Salt bundle or plain Salt as a regular user - Fixed the names of updates channels for Leap - Fixed errors in OpenSCAP chapter of Administration Guide - Added exact command to create the bootstrap repo for Salt bundle and about how to disable salt-thin - Removed CentOS 8 from the list of supported client systems - Extend the notes about using noexec option for /tmp and /var/tmp (bsc#1201210) - Reverted single snippet change for two separate books - Added extend Salt Bundle functionality with Python packages using pip - Add missing part of the description to enable optional support of the Salt Bundle with Salt SSH - Added exact command to create the bootstrap repo for salt bundle and about how to disable salt-thin - Salt Configuration Modules are no longer Technology Preview in Salt Guide. - Fixed Ubuntu 18 Client registration in Client Configuration Guide (bsc#1201224) - Added ports 1232 and 1233 in the Ports section of the Installation and Upgrade Guide; required for Salt SSH Push (bsc#1200532) - In the Custom Channel section of the Administration Guide add a note about synchronizing repositories regularly. - Removed SUSE Linux Enterprise 11 from the list of supported client systems susemanager-docs_en: - Documented mandatory channels in the Disconnected Setup chapter of the Administration Guide (bsc#1202464) - Documented how to onboard Ubuntu clients with the Salt bundle as a regular user - Documented how to onboard Debian clients with the Salt bundle or plain Salt as a regular user - Fixed the names of updates channels for Leap - Fixed errors in OpenSCAP chapter of Administration Guide - Added exact command to create the bootstrap repo for Salt bundle and about how to disable salt-thin - Removed CentOS 8 from the list of supported client systems - Extend the notes about using noexec option for /tmp and /var/tmp (bsc#1201210) - Reverted single snippet change for two separate books - Added extend Salt Bundle functionality with Python packages using pip - Add missing part of the description to enable optional support of the Salt Bundle with Salt SSH - Added exact command to create the bootstrap repo for salt bundle and about how to disable salt-thin - Salt Configuration Modules are no longer Technology Preview in Salt Guide. - Fixed Ubuntu 18 Client registration in Client Configuration Guide (bsc#1201224) - Added ports 1232 and 1233 in the Ports section of the Installation and Upgrade Guide; required for Salt SSH Push (bsc#1200532) - In the Custom Channel section of the Administration Guide add a note about synchronizing repositories regularly. - Removed SUSE Linux Enterprise 11 from the list of supported client systems susemanager-schema: - Version 4.2.24-1 * Fix migration of image actions (bsc#1202272) susemanager-sls: - Version 4.2.27-1 * Copy grains file with util.mgr_switch_to_venv_minion state apply * Remove the message 'rpm: command not found' on using Salt SSH with Debian based systems which has no Salt Bundle * Prevent possible tracebacks on calling module.run from mgrcompat by setting proper globals with using LazyLoader * Fix deploy of SLE Micro CA Certificate (bsc#1200276) uyuni-common-libs: - Version 4.2.7-1 * Do not allow creating path if nonexistent user or group in fileutils. How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start`

Affected Systems

  • susedrools&distro=SUSE Manager Server Module 4.2

    < 7.17.0-150300.4.6.2

  • susehttpcomponents-asyncclient&distro=SUSE Manager Server Module 4.2

    < 4.1.4-150300.3.3.2

  • suseimage-sync-formula&distro=SUSE Manager Server Module 4.2

    < 0.1.1661440526.b08d95b-150300.3.3.2

  • suseinter-server-sync&distro=SUSE Manager Server Module 4.2

    < 0.2.3-150300.8.22.2

  • susemgr-daemon&distro=SUSE Manager Proxy Module 4.2

    < 4.2.10-150300.2.9.4

  • susepatterns-suse-manager&distro=SUSE Manager Proxy Module 4.2

    < 4.2-150300.4.12.2

  • susepatterns-suse-manager&distro=SUSE Manager Server Module 4.2

    < 4.2-150300.4.12.2

  • susepy27-compat-salt&distro=SUSE Manager Server Module 4.2

    < 3000.3-150300.7.7.23.2

  • susesalt-netapi-client&distro=SUSE Manager Server Module 4.2

    < 0.20.0-150300.3.9.4

  • susesaltboot-formula&distro=SUSE Manager Server Module 4.2

    < 0.1.1661440526.b08d95b-150300.3.12.2

  • susespacecmd&distro=SUSE Manager Proxy Module 4.2

    < 4.2.19-150300.4.27.2

  • susespacecmd&distro=SUSE Manager Server Module 4.2

    < 4.2.19-150300.4.27.2

  • susespacewalk-admin&distro=SUSE Manager Server Module 4.2

    < 4.2.12-150300.3.15.3

  • susespacewalk-backend&distro=SUSE Manager Proxy Module 4.2

    < 4.2.24-150300.4.29.5

  • susespacewalk-backend&distro=SUSE Manager Server Module 4.2

    < 4.2.24-150300.4.29.5

  • susespacewalk-certs-tools&distro=SUSE Manager Proxy Module 4.2

    < 4.2.18-150300.3.24.3

  • susespacewalk-certs-tools&distro=SUSE Manager Server Module 4.2

    < 4.2.18-150300.3.24.3

  • susespacewalk-client-tools&distro=SUSE Manager Proxy Module 4.2

    < 4.2.20-150300.4.24.3

  • susespacewalk-client-tools&distro=SUSE Manager Server Module 4.2

    < 4.2.20-150300.4.24.3

  • susespacewalk-java&distro=SUSE Manager Server Module 4.2

    < 4.2.41-150300.3.43.5

  • susespacewalk-proxy&distro=SUSE Manager Proxy Module 4.2

    < 4.2.12-150300.3.21.3

  • susespacewalk-search&distro=SUSE Manager Server Module 4.2

    < 4.2.8-150300.3.12.2

  • susespacewalk-web&distro=SUSE Manager Proxy Module 4.2

    < 4.2.29-150300.3.27.3

  • susespacewalk-web&distro=SUSE Manager Server Module 4.2

    < 4.2.29-150300.3.27.3

  • susesubscription-matcher&distro=SUSE Manager Server Module 4.2

    < 0.29-150300.6.12.2

  • susesusemanager-doc-indexes&distro=SUSE Manager Server Module 4.2

    < 4.2-150300.12.33.4

  • susesusemanager-docs_en&distro=SUSE Manager Server Module 4.2

    < 4.2-150300.12.33.2

  • susesusemanager-schema&distro=SUSE Manager Server Module 4.2

    < 4.2.24-150300.3.27.3

  • susesusemanager-sls&distro=SUSE Manager Server Module 4.2

    < 4.2.27-150300.3.33.4

  • susesusemanager-tftpsync-recv&distro=SUSE Manager Proxy Module 4.2

    < 4.2.5-150300.3.6.2

  • susesusemanager&distro=SUSE Manager Server Module 4.2

    < 4.2.37-150300.3.41.1

  • suseuyuni-common-libs&distro=SUSE Manager Proxy Module 4.2

    < 4.2.7-150300.3.9.2

  • suseuyuni-common-libs&distro=SUSE Manager Server Module 4.2

    < 4.2.7-150300.3.9.2

References (44)