File _patchinfo of Package patchinfo.25975
<patchinfo incident="25975">
<issue tracker="cve" id="2021-42740"/>
<issue tracker="cve" id="2021-41411"/>
<issue tracker="cve" id="2022-31129"/>
<issue tracker="cve" id="2021-43138"/>
<issue tracker="bnc" id="1201189">openSUSE Leap mgr-create-boostrap-repo fail</issue>
<issue tracker="bnc" id="1172705">SSM - After scheduling SW or HW refresh action, information shown does not contain link to scheduled action</issue>
<issue tracker="bnc" id="1198738">L3-Question: onfail works differently on salt 3000 and 3002</issue>
<issue tracker="bnc" id="1202464">Doc Bug: SUMA Disconnected Setup and Mandatory SUMA Client Tools Channels</issue>
<issue tracker="bnc" id="1187028">Package search in SUMA web interface stopped working</issue>
<issue tracker="bnc" id="1200480">VUL-0: CVE-2021-43138: spacewalk-web: a malicious user can obtain privileges via the mapValues() method</issue>
<issue tracker="bnc" id="1201607">when editing a formular in a system that is assigned via system-group creates a json file that is not cleaned up</issue>
<issue tracker="bnc" id="1201224">ubuntu 18 doc says to use mgr-sync for child channels which is wrong</issue>
<issue tracker="bnc" id="1200276">SLE Micro regression: the server CA certificate don't get deployed during registration</issue>
<issue tracker="bnc" id="1198168">L3: Nightly reposync</issue>
<issue tracker="bnc" id="1200532">Ports for SSH push are not documented</issue>
<issue tracker="bnc" id="1202272">Unable to delete Image Profile</issue>
<issue tracker="bnc" id="1203287">VUL-0: CVE-2021-42740: spacewalk-web: command injection in the shell-quote package</issue>
<issue tracker="bnc" id="1201527">Missing opensuse 15.4 option for bootstrap repo</issue>
<issue tracker="bnc" id="1201210">onboarding with webUI fails - unable to parse venv file</issue>
<issue tracker="bnc" id="1203288">VUL-0: CVE-2022-31129: spacewalk-web: moment: inefficient parsing algorithm resulting in DoS</issue>
<issue tracker="bnc" id="1196729">Symlinks don't update when new image is synced to Branch Server</issue>
<issue tracker="bnc" id="1200591">spacecmd kickstart_export fails with traceback for RHEL kickstart files</issue>
<issue tracker="bnc" id="1201606">pillar data for system-group will not be removed when system-group is deleted</issue>
<issue tracker="bnc" id="1198489">Salt function 'pkg.upgrade' ignores 'name=<pacakge>' or 'pkgs=<package>' argument</issue>
<issue tracker="bnc" id="1201913">HighState triggered via API or WebUI in TEST mode times out, return never reaches SUSE Manager</issue>
<issue tracker="bnc" id="1201918">Possibly missing packages in bootstrap repo for SLES 12 SP5</issue>
<issue tracker="bnc" id="1202728">Unable to migrate suse manager 4.2.5 to suse manager 4.3: nothing provides python3-urlgrabber</issue>
<issue tracker="bnc" id="1200573">option --flush of mgr-create-bootstrap-repo does not work as expected</issue>
<issue tracker="bnc" id="1202724">Channel subscription via SSM takes 40 minutes for the metadata to be accessible from the client</issue>
<issue tracker="bnc" id="1195895">Failed to install Package with .ARCH in the name</issue>
<issue tracker="bnc" id="1203449">missing packages in bootstrap repos for 15 15SP1 15SP2</issue>
<issue tracker="bnc" id="1201142">Needed modules are not installed during bootstrapping</issue>
<issue tracker="bnc" id="1199913">SUSE Manager Autoinstallation Profile Kernel Options sorting.</issue>
<issue tracker="bnc" id="1199950">Default templates for autoyast autoinstallation upgrade profiles do not include a cleanup for grub entries</issue>
<issue tracker="bnc" id="1199659">Running image build from Images -> Profiles page is not selecting image profile on Build page</issue>
<issue tracker="bnc" id="1202142">Yast2 setup fails</issue>
<issue tracker="bnc" id="1199372">salt wrong return value for test=true if state contains "contents"</issue>
<issue tracker="bnc" id="1201753">SLE Workstation channel not listed in SUMA Disconnected setup</issue>
<issue tracker="bnc" id="1200296">ISSv2 seemingly not syncing product information. Therefore customer is unable to see target migrations with SP Migration in peripherals.</issue>
<issue tracker="bnc" id="1200629">VUL-0: CVE-2021-41411: drools: XXE injection in KieModuleMarshaller.java</issue>
<issue tracker="bnc" id="1201626">Adding "SLE-Module-DevTools15" channels as part of CLM to minion fails due to missing dependency</issue>
<issue tracker="bnc" id="1198903">Spacecmd api calls with date values do not get processed</issue>
<issue tracker="bnc" id="1201220">With "all repos" - argument list too long: '/bin/sh'</issue>
<issue tracker="bnc" id="1195455">Inconsistent time format between pop ups and scheduler</issue>
<packager>jordimassaguerpla</packager>
<rating>critical</rating>
<category>security</category>
<summary>Security update for release-notes-susemanager, release-notes-susemanager-proxy</summary>
<description>This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues:
Release notes for SUSE Manager:
- Update to SUSE:Manager 4.2.9
* Notification about SUSE Manager end-of-life has been added
* CVEs fixed: CVE-2021-43138, CVE-2021-42740, CVE-2022-31129, CVE-2021-41411
* Bugs mentioned:
bsc#1172705, bsc#1187028, bsc#1195455, bsc#1195895, bsc#1196729
bsc#1198168, bsc#1198489, bsc#1198738, bsc#1198903, bsc#1199372
bsc#1199659, bsc#1199913, bsc#1199950, bsc#1200276, bsc#1200296
bsc#1200480, bsc#1200532, bsc#1200573, bsc#1200591, bsc#1200629
bsc#1201142, bsc#1201189, bsc#1201210, bsc#1201220, bsc#1201224
bsc#1201527, bsc#1201606, bsc#1201607, bsc#1201626, bsc#1201753
bsc#1201913, bsc#1201918, bsc#1202142, bsc#1202272, bsc#1202464
bsc#1202728, bsc#1203287, bsc#1203288, bsc#1203449
Release notes for SUSE Manager Proxy:
- Update to SUSE Manager 4.2.9
* CVEs fixed: CVE-2021-43138, CVE-2021-42740, CVE-2022-31129
* Bugs mentioned:
bsc#1198168, bsc#1198903, bsc#1199659, bsc#1200480, bsc#1200591
bsc#1201142, bsc#1202142, bsc#1202724
</description>
</patchinfo>
