SUSE-SU-2017:2266-1
- Source
- https://www.suse.com/support/update/announcement/2017/suse-su-20172266-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2017:2266-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2017:2266-1
- Upstream
- Related
- Published
- 2017-08-25T11:42:12Z
- Modified
- 2026-03-11T06:36:08.343889Z
- Summary
- Security update for SUSE Manager Proxy 3.1
- Details
-
This update for SUSE Manager Proxy 3.1 provides several fixes and improvements:
The following security issues have been fixed:
jabberd:
- Fix offered SASL mechanism check. (bsc#1047282, CVE-2017-10807)
Additionally, the following non-security issues have been fixed:
jabberd:
- Fix memory leak in pgsql storage driver.
- Fix two double-frees caused by dangling pointers.
- wss:// (WebSocket over SSL) support in c2s.
- Allow BareJID S10N packets.
- SQLite postconnect SQL support.
- Support WebSocket fragmented packets.
- Module to verify users using e-mail.
- Use OpenSSL functions for base64 en/decoding when available.
- Option to dump packet-filter matched packets to file.
- bcrypt support for PostgreSQL and MySQL storage.
- Option to set authreg module per realm.
- WebSocket C2S SX plugin.
- Support for RSA/DH/ECDH key agreement.
- For a detailed description of all fixes, please refer to the changelog.
osad:
- Reduce maximal size of osad log before rotating.
- Perform osad restart in posttrans. (bsc#1039913)
spacewalk-backend:
- Make master_label static to keep its value when retrying. (bsc#1038321)
- Adapt for the new gpgcheck flag for the channels.
spacewalk-certs-tools:
- Improve text for bootstrap. (bsc#1032324)
spacewalk-proxy:
- Use query string in upstream HEAD requests. (bsc#1036260)
spacewalk-web:
- Fix overlapping of elements. (bsc#1031143)
- Fix formulas action buttons position. (bsc#1047513)
- Do not show old messages. (bsc#1043831)
- Add a dynamic counter of the remaining textarea length.
- Confirm if navigating away while bootstrapping.
spacewalksd:
- Fix permissions of PID files in spacewalksd. (bsc#1049936)
zypp-plugin-spacewalk:
- Fix setting pkg_gpgcheck.
- Make pkg_gpgcheck configurable.
How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start
- References
-
- https://www.suse.com/support/update/announcement/2017/suse-su-20172266-1/
- https://bugzilla.suse.com/1031143
- https://bugzilla.suse.com/1032324
- https://bugzilla.suse.com/1036260
- https://bugzilla.suse.com/1038321
- https://bugzilla.suse.com/1039913
- https://bugzilla.suse.com/1043831
- https://bugzilla.suse.com/1047282
- https://bugzilla.suse.com/1047513
- https://bugzilla.suse.com/1049936
- https://bugzilla.suse.com/1052039
- https://www.suse.com/security/cve/CVE-2017-10807
Affected packages
SUSE:Manager Proxy 3.1
jabberd
Package
- Name
- jabberd
- Purl
- pkg:rpm/suse/jabberd&distro=SUSE%20Manager%20Proxy%203.1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.6.1-3.3.1
Ecosystem specific
{
"binaries": [
{
"spacewalk-proxy-salt": "2.7.1.4-2.3.1",
"supportutils-plugin-susemanager-client": "3.1.2-2.3.1",
"spacewalk-proxy-management": "2.7.1.4-2.3.1",
"spacewalk-base-minimal-config": "2.7.1.10-2.3.1",
"spacewalk-certs-tools": "2.7.0.7-2.3.1",
"jabberd-db": "2.6.1-3.3.1",
"rhnpush": "5.5.104.3-2.3.2",
"spacewalk-base-minimal": "2.7.1.10-2.3.1",
"osad": "5.11.80.3-2.3.1",
"jabberd-sqlite": "2.6.1-3.3.1",
"zypp-plugin-spacewalk": "0.9.16-2.3.1",
"spacewalksd": "5.0.26.3-2.3.1",
"spacewalk-proxy-package-manager": "2.7.1.4-2.3.1",
"spacewalk-backend": "2.7.73.7-2.3.1",
"spacewalk-proxy-redirect": "2.7.1.4-2.3.1",
"jabberd": "2.6.1-3.3.1",
"osa-common": "5.11.80.3-2.3.1",
"spacewalk-proxy-broker": "2.7.1.4-2.3.1",
"spacewalk-backend-libs": "2.7.73.7-2.3.1",
"spacewalk-proxy-common": "2.7.1.4-2.3.1"
}
]
}osad
Package
- Name
- osad
- Purl
- pkg:rpm/suse/osad&distro=SUSE%20Manager%20Proxy%203.1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.11.80.3-2.3.1
Ecosystem specific
{
"binaries": [
{
"spacewalk-proxy-salt": "2.7.1.4-2.3.1",
"supportutils-plugin-susemanager-client": "3.1.2-2.3.1",
"spacewalk-proxy-management": "2.7.1.4-2.3.1",
"spacewalk-base-minimal-config": "2.7.1.10-2.3.1",
"spacewalk-certs-tools": "2.7.0.7-2.3.1",
"jabberd-db": "2.6.1-3.3.1",
"rhnpush": "5.5.104.3-2.3.2",
"spacewalk-base-minimal": "2.7.1.10-2.3.1",
"osad": "5.11.80.3-2.3.1",
"jabberd-sqlite": "2.6.1-3.3.1",
"zypp-plugin-spacewalk": "0.9.16-2.3.1",
"spacewalksd": "5.0.26.3-2.3.1",
"spacewalk-proxy-package-manager": "2.7.1.4-2.3.1",
"spacewalk-backend": "2.7.73.7-2.3.1",
"spacewalk-proxy-redirect": "2.7.1.4-2.3.1",
"jabberd": "2.6.1-3.3.1",
"osa-common": "5.11.80.3-2.3.1",
"spacewalk-proxy-broker": "2.7.1.4-2.3.1",
"spacewalk-backend-libs": "2.7.73.7-2.3.1",
"spacewalk-proxy-common": "2.7.1.4-2.3.1"
}
]
}rhnpush
Package
- Name
- rhnpush
- Purl
- pkg:rpm/suse/rhnpush&distro=SUSE%20Manager%20Proxy%203.1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.5.104.3-2.3.2
Ecosystem specific
{
"binaries": [
{
"spacewalk-proxy-salt": "2.7.1.4-2.3.1",
"supportutils-plugin-susemanager-client": "3.1.2-2.3.1",
"spacewalk-proxy-management": "2.7.1.4-2.3.1",
"spacewalk-base-minimal-config": "2.7.1.10-2.3.1",
"spacewalk-certs-tools": "2.7.0.7-2.3.1",
"jabberd-db": "2.6.1-3.3.1",
"rhnpush": "5.5.104.3-2.3.2",
"spacewalk-base-minimal": "2.7.1.10-2.3.1",
"osad": "5.11.80.3-2.3.1",
"jabberd-sqlite": "2.6.1-3.3.1",
"zypp-plugin-spacewalk": "0.9.16-2.3.1",
"spacewalksd": "5.0.26.3-2.3.1",
"spacewalk-proxy-package-manager": "2.7.1.4-2.3.1",
"spacewalk-backend": "2.7.73.7-2.3.1",
"spacewalk-proxy-redirect": "2.7.1.4-2.3.1",
"jabberd": "2.6.1-3.3.1",
"osa-common": "5.11.80.3-2.3.1",
"spacewalk-proxy-broker": "2.7.1.4-2.3.1",
"spacewalk-backend-libs": "2.7.73.7-2.3.1",
"spacewalk-proxy-common": "2.7.1.4-2.3.1"
}
]
}spacewalk-backend
Package
- Name
- spacewalk-backend
- Purl
- pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Proxy%203.1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.7.73.7-2.3.1
Ecosystem specific
{
"binaries": [
{
"spacewalk-proxy-salt": "2.7.1.4-2.3.1",
"supportutils-plugin-susemanager-client": "3.1.2-2.3.1",
"spacewalk-proxy-management": "2.7.1.4-2.3.1",
"spacewalk-base-minimal-config": "2.7.1.10-2.3.1",
"spacewalk-certs-tools": "2.7.0.7-2.3.1",
"jabberd-db": "2.6.1-3.3.1",
"rhnpush": "5.5.104.3-2.3.2",
"spacewalk-base-minimal": "2.7.1.10-2.3.1",
"osad": "5.11.80.3-2.3.1",
"jabberd-sqlite": "2.6.1-3.3.1",
"zypp-plugin-spacewalk": "0.9.16-2.3.1",
"spacewalksd": "5.0.26.3-2.3.1",
"spacewalk-proxy-package-manager": "2.7.1.4-2.3.1",
"spacewalk-backend": "2.7.73.7-2.3.1",
"spacewalk-proxy-redirect": "2.7.1.4-2.3.1",
"jabberd": "2.6.1-3.3.1",
"osa-common": "5.11.80.3-2.3.1",
"spacewalk-proxy-broker": "2.7.1.4-2.3.1",
"spacewalk-backend-libs": "2.7.73.7-2.3.1",
"spacewalk-proxy-common": "2.7.1.4-2.3.1"
}
]
}spacewalk-certs-tools
Package
- Name
- spacewalk-certs-tools
- Purl
- pkg:rpm/suse/spacewalk-certs-tools&distro=SUSE%20Manager%20Proxy%203.1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.7.0.7-2.3.1
Ecosystem specific
{
"binaries": [
{
"spacewalk-proxy-salt": "2.7.1.4-2.3.1",
"supportutils-plugin-susemanager-client": "3.1.2-2.3.1",
"spacewalk-proxy-management": "2.7.1.4-2.3.1",
"spacewalk-base-minimal-config": "2.7.1.10-2.3.1",
"spacewalk-certs-tools": "2.7.0.7-2.3.1",
"jabberd-db": "2.6.1-3.3.1",
"rhnpush": "5.5.104.3-2.3.2",
"spacewalk-base-minimal": "2.7.1.10-2.3.1",
"osad": "5.11.80.3-2.3.1",
"jabberd-sqlite": "2.6.1-3.3.1",
"zypp-plugin-spacewalk": "0.9.16-2.3.1",
"spacewalksd": "5.0.26.3-2.3.1",
"spacewalk-proxy-package-manager": "2.7.1.4-2.3.1",
"spacewalk-backend": "2.7.73.7-2.3.1",
"spacewalk-proxy-redirect": "2.7.1.4-2.3.1",
"jabberd": "2.6.1-3.3.1",
"osa-common": "5.11.80.3-2.3.1",
"spacewalk-proxy-broker": "2.7.1.4-2.3.1",
"spacewalk-backend-libs": "2.7.73.7-2.3.1",
"spacewalk-proxy-common": "2.7.1.4-2.3.1"
}
]
}spacewalk-proxy
Package
- Name
- spacewalk-proxy
- Purl
- pkg:rpm/suse/spacewalk-proxy&distro=SUSE%20Manager%20Proxy%203.1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.7.1.4-2.3.1
Ecosystem specific
{
"binaries": [
{
"spacewalk-proxy-salt": "2.7.1.4-2.3.1",
"supportutils-plugin-susemanager-client": "3.1.2-2.3.1",
"spacewalk-proxy-management": "2.7.1.4-2.3.1",
"spacewalk-base-minimal-config": "2.7.1.10-2.3.1",
"spacewalk-certs-tools": "2.7.0.7-2.3.1",
"jabberd-db": "2.6.1-3.3.1",
"rhnpush": "5.5.104.3-2.3.2",
"spacewalk-base-minimal": "2.7.1.10-2.3.1",
"osad": "5.11.80.3-2.3.1",
"jabberd-sqlite": "2.6.1-3.3.1",
"zypp-plugin-spacewalk": "0.9.16-2.3.1",
"spacewalksd": "5.0.26.3-2.3.1",
"spacewalk-proxy-package-manager": "2.7.1.4-2.3.1",
"spacewalk-backend": "2.7.73.7-2.3.1",
"spacewalk-proxy-redirect": "2.7.1.4-2.3.1",
"jabberd": "2.6.1-3.3.1",
"osa-common": "5.11.80.3-2.3.1",
"spacewalk-proxy-broker": "2.7.1.4-2.3.1",
"spacewalk-backend-libs": "2.7.73.7-2.3.1",
"spacewalk-proxy-common": "2.7.1.4-2.3.1"
}
]
}spacewalk-web
Package
- Name
- spacewalk-web
- Purl
- pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Proxy%203.1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.7.1.10-2.3.1
Ecosystem specific
{
"binaries": [
{
"spacewalk-proxy-salt": "2.7.1.4-2.3.1",
"supportutils-plugin-susemanager-client": "3.1.2-2.3.1",
"spacewalk-proxy-management": "2.7.1.4-2.3.1",
"spacewalk-base-minimal-config": "2.7.1.10-2.3.1",
"spacewalk-certs-tools": "2.7.0.7-2.3.1",
"jabberd-db": "2.6.1-3.3.1",
"rhnpush": "5.5.104.3-2.3.2",
"spacewalk-base-minimal": "2.7.1.10-2.3.1",
"osad": "5.11.80.3-2.3.1",
"jabberd-sqlite": "2.6.1-3.3.1",
"zypp-plugin-spacewalk": "0.9.16-2.3.1",
"spacewalksd": "5.0.26.3-2.3.1",
"spacewalk-proxy-package-manager": "2.7.1.4-2.3.1",
"spacewalk-backend": "2.7.73.7-2.3.1",
"spacewalk-proxy-redirect": "2.7.1.4-2.3.1",
"jabberd": "2.6.1-3.3.1",
"osa-common": "5.11.80.3-2.3.1",
"spacewalk-proxy-broker": "2.7.1.4-2.3.1",
"spacewalk-backend-libs": "2.7.73.7-2.3.1",
"spacewalk-proxy-common": "2.7.1.4-2.3.1"
}
]
}spacewalksd
Package
- Name
- spacewalksd
- Purl
- pkg:rpm/suse/spacewalksd&distro=SUSE%20Manager%20Proxy%203.1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.0.26.3-2.3.1
Ecosystem specific
{
"binaries": [
{
"spacewalk-proxy-salt": "2.7.1.4-2.3.1",
"supportutils-plugin-susemanager-client": "3.1.2-2.3.1",
"spacewalk-proxy-management": "2.7.1.4-2.3.1",
"spacewalk-base-minimal-config": "2.7.1.10-2.3.1",
"spacewalk-certs-tools": "2.7.0.7-2.3.1",
"jabberd-db": "2.6.1-3.3.1",
"rhnpush": "5.5.104.3-2.3.2",
"spacewalk-base-minimal": "2.7.1.10-2.3.1",
"osad": "5.11.80.3-2.3.1",
"jabberd-sqlite": "2.6.1-3.3.1",
"zypp-plugin-spacewalk": "0.9.16-2.3.1",
"spacewalksd": "5.0.26.3-2.3.1",
"spacewalk-proxy-package-manager": "2.7.1.4-2.3.1",
"spacewalk-backend": "2.7.73.7-2.3.1",
"spacewalk-proxy-redirect": "2.7.1.4-2.3.1",
"jabberd": "2.6.1-3.3.1",
"osa-common": "5.11.80.3-2.3.1",
"spacewalk-proxy-broker": "2.7.1.4-2.3.1",
"spacewalk-backend-libs": "2.7.73.7-2.3.1",
"spacewalk-proxy-common": "2.7.1.4-2.3.1"
}
]
}supportutils-plugin-susemanager-client
Package
- Name
- supportutils-plugin-susemanager-client
- Purl
- pkg:rpm/suse/supportutils-plugin-susemanager-client&distro=SUSE%20Manager%20Proxy%203.1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.1.2-2.3.1
Ecosystem specific
{
"binaries": [
{
"spacewalk-proxy-salt": "2.7.1.4-2.3.1",
"supportutils-plugin-susemanager-client": "3.1.2-2.3.1",
"spacewalk-proxy-management": "2.7.1.4-2.3.1",
"spacewalk-base-minimal-config": "2.7.1.10-2.3.1",
"spacewalk-certs-tools": "2.7.0.7-2.3.1",
"jabberd-db": "2.6.1-3.3.1",
"rhnpush": "5.5.104.3-2.3.2",
"spacewalk-base-minimal": "2.7.1.10-2.3.1",
"osad": "5.11.80.3-2.3.1",
"jabberd-sqlite": "2.6.1-3.3.1",
"zypp-plugin-spacewalk": "0.9.16-2.3.1",
"spacewalksd": "5.0.26.3-2.3.1",
"spacewalk-proxy-package-manager": "2.7.1.4-2.3.1",
"spacewalk-backend": "2.7.73.7-2.3.1",
"spacewalk-proxy-redirect": "2.7.1.4-2.3.1",
"jabberd": "2.6.1-3.3.1",
"osa-common": "5.11.80.3-2.3.1",
"spacewalk-proxy-broker": "2.7.1.4-2.3.1",
"spacewalk-backend-libs": "2.7.73.7-2.3.1",
"spacewalk-proxy-common": "2.7.1.4-2.3.1"
}
]
}zypp-plugin-spacewalk
Package
- Name
- zypp-plugin-spacewalk
- Purl
- pkg:rpm/suse/zypp-plugin-spacewalk&distro=SUSE%20Manager%20Proxy%203.1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.9.16-2.3.1
Ecosystem specific
{
"binaries": [
{
"spacewalk-proxy-salt": "2.7.1.4-2.3.1",
"supportutils-plugin-susemanager-client": "3.1.2-2.3.1",
"spacewalk-proxy-management": "2.7.1.4-2.3.1",
"spacewalk-base-minimal-config": "2.7.1.10-2.3.1",
"spacewalk-certs-tools": "2.7.0.7-2.3.1",
"jabberd-db": "2.6.1-3.3.1",
"rhnpush": "5.5.104.3-2.3.2",
"spacewalk-base-minimal": "2.7.1.10-2.3.1",
"osad": "5.11.80.3-2.3.1",
"jabberd-sqlite": "2.6.1-3.3.1",
"zypp-plugin-spacewalk": "0.9.16-2.3.1",
"spacewalksd": "5.0.26.3-2.3.1",
"spacewalk-proxy-package-manager": "2.7.1.4-2.3.1",
"spacewalk-backend": "2.7.73.7-2.3.1",
"spacewalk-proxy-redirect": "2.7.1.4-2.3.1",
"jabberd": "2.6.1-3.3.1",
"osa-common": "5.11.80.3-2.3.1",
"spacewalk-proxy-broker": "2.7.1.4-2.3.1",
"spacewalk-backend-libs": "2.7.73.7-2.3.1",
"spacewalk-proxy-common": "2.7.1.4-2.3.1"
}
]
}