SUSE Manager (important)

2011-06-2012:08:14

lists.opensuse.org

EPSS

0.003

Percentile

65.6%

JSON

This security update of SUSE Manager fixes the following
vulnerabilities/add the following improvements:

CVE-2009-4139: A cross-site request forgery (CSRF)
attack can be used to execute web-actions within the SUSE
Manager web user interface with the privileges of the
attacked user.
CVE-2011-1594: Open Redirect bug at the login page
(Phishing)
using secure SSL ciphersuites only
added a "password strength meter"

Additionally the following non-security issues were fixed
too:

iso8859-1 handling of file names contained in packages
fix encoding of summary and description of a package
if it is wrong
improve error message when gpg key is wrong or missing
do not trigger a resync is file is missing, can cause
endless loop
do not send tracebacks as email if reposync failed
fix errata export/import for sync
handle sync with older spacewalk server which do not
support weak dependencies
remove misleading information about Changing SUSE
Manager hostname
fix monitoring related path name reference
fix malformed url error from pycurl when trying to
download products and subscriptions with --from-dir and
other minor issues
added proxy authentication to ncc-sync
fixed a syntax error on redirects when debugging is
turned on
implement disconnected population of vendor channels
use pycurl instead of urllib for remote requests
catch cannot connect to database error
fix parsing the proxy user from curlrc

How to apply this update:

Log in as root user to the SUSE Manager server. 2.
Stop the Spacewalk service: spacewalk-service stop 3. Apply
the patch using either zypper patch or YaST Online Update.
Start the Spacewalk service: spacewalk-service start

OSVersionArchitecturePackageVersionFilename
SUSE Manager 1.2 for SLE11.1x86_64spacewalk-backend-server< 1.2.74-0.30.3spacewalk-backend-server-1.2.74-0.30.3.x86_64.rpm
SUSE Manager 1.2 for SLE11.1noarchsusemanager-manuals_en< 1.2-0.34.1susemanager-manuals_en-1.2-0.34.1.noarch.rpm
SUSE Manager 1.2 for SLE11.1x86_64spacewalk-backend-package-push-server< 1.2.74-0.30.3spacewalk-backend-package-push-server-1.2.74-0.30.3.x86_64.rpm
SUSE Manager 1.2 for SLE11.1noarchspacewalk-setup< 1.2.16-0.18.1spacewalk-setup-1.2.16-0.18.1.noarch.rpm
SUSE Manager 1.2 for SLE11.1x86_64spacewalk-backend-sql-oracle< 1.2.74-0.30.3spacewalk-backend-sql-oracle-1.2.74-0.30.3.x86_64.rpm
SUSE Manager 1.2 for SLE11.1noarchspacewalk-base-minimal< 1.2.31-0.25.1spacewalk-base-minimal-1.2.31-0.25.1.noarch.rpm
SUSE Manager 1.2 for SLE11.1x86_64spacewalk-backend-xml-export-libs< 1.2.74-0.30.3spacewalk-backend-xml-export-libs-1.2.74-0.30.3.x86_64.rpm
SUSE Manager 1.2 for SLE11.1x86_64spacewalk-backend-xmlrpc< 1.2.74-0.30.3spacewalk-backend-xmlrpc-1.2.74-0.30.3.x86_64.rpm
SUSE Manager 1.2 for SLE11.1noarchspacewalk-java-oracle< 1.2.115-0.42.1spacewalk-java-oracle-1.2.115-0.42.1.noarch.rpm
SUSE Manager 1.2 for SLE11.1noarchspacewalk-sniglets< 1.2.31-0.25.1spacewalk-sniglets-1.2.31-0.25.1.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
SUSE Manager 1.2 for SLE	11.1	x86_64	spacewalk-backend-server	< 1.2.74-0.30.3	spacewalk-backend-server-1.2.74-0.30.3.x86_64.rpm
SUSE Manager 1.2 for SLE	11.1	noarch	susemanager-manuals_en	< 1.2-0.34.1	susemanager-manuals_en-1.2-0.34.1.noarch.rpm
SUSE Manager 1.2 for SLE	11.1	x86_64	spacewalk-backend-package-push-server	< 1.2.74-0.30.3	spacewalk-backend-package-push-server-1.2.74-0.30.3.x86_64.rpm
SUSE Manager 1.2 for SLE	11.1	noarch	spacewalk-setup	< 1.2.16-0.18.1	spacewalk-setup-1.2.16-0.18.1.noarch.rpm
SUSE Manager 1.2 for SLE	11.1	x86_64	spacewalk-backend-sql-oracle	< 1.2.74-0.30.3	spacewalk-backend-sql-oracle-1.2.74-0.30.3.x86_64.rpm
SUSE Manager 1.2 for SLE	11.1	noarch	spacewalk-base-minimal	< 1.2.31-0.25.1	spacewalk-base-minimal-1.2.31-0.25.1.noarch.rpm
SUSE Manager 1.2 for SLE	11.1	x86_64	spacewalk-backend-xml-export-libs	< 1.2.74-0.30.3	spacewalk-backend-xml-export-libs-1.2.74-0.30.3.x86_64.rpm
SUSE Manager 1.2 for SLE	11.1	x86_64	spacewalk-backend-xmlrpc	< 1.2.74-0.30.3	spacewalk-backend-xmlrpc-1.2.74-0.30.3.x86_64.rpm
SUSE Manager 1.2 for SLE	11.1	noarch	spacewalk-java-oracle	< 1.2.115-0.42.1	spacewalk-java-oracle-1.2.115-0.42.1.noarch.rpm
SUSE Manager 1.2 for SLE	11.1	noarch	spacewalk-sniglets	< 1.2.31-0.25.1	spacewalk-sniglets-1.2.31-0.25.1.noarch.rpm