Security update for SUSE Manager Server 2.1 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:1367-1 Final 1 1 2016-05-19T20:37:06Z current 2016-05-19T20:37:06Z 2016-05-19T20:37:06Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for SUSE Manager Server 2.1 This update for SUSE Manager Server 2.1 fixes the following issues: cobbler: - Add logrotate file for cobbler (bsc#976826) - Fix cobbler yaboot handling (bsc#968406, bsc#966622) osad: - Fix file permissions (bsc#970550) rhnlib: - Use TLSv1_METHOD in SSL Context (bsc#970989) spacewalk-backend: - Mgr_ncc_sync: Adapt to bulk scheduling introduced in scheduleSingleSatRepoSync spacewalk-branding: - Fix link to 'Schedule patch updates' (bsc#973432) - Fix link to scheduled action for SP migration (bsc#968257, bsc#974315) - Fix: 'Advanced Search' title consistency spacewalk-certs-tools: - Fix file permissions (bsc#970550) spacewalk-java: - Recreate upgrade paths on every refresh (bsc#978166) - Call cobbler sync after cobbler command is finished (bsc#966890) - Under high load, the service wrapper may incorrectly interpret the inability to get a response in time from taskomatic and kill it (bsc#962253) - Log permissions problems on channel access while SP migration (bsc#970223) - Unittests: support SLE-POS 11 SP3 as addon for SLES 11 SP4 (bsc#976194) - Mgr-sync: use bulk channel reposync (bsc#961002) - Double the backslashes when reading the config files from java (bsc#958923) - When generating repo metadata for a cloned channel, recursively fetch keywords from the original channel (bsc#970901) - Better logging for SP Migration feature (bsc#970223) - Fix: 'Advanced Search' title consistency - CVE-2015-0284: XSS when altering user details and going somewhere where you are choosing user (bsc#922740) - CVE-2016-3079, CVE-2016-2103, CVE-2016-2104, CVE-2016-3097: Fix multiple XSS vulnerabilities (bsc#973162, bsc#974011, bsc#974010, bsc#973550) - BugFix: 'Systems > Advanced Search' title and description consistency (bsc#966737) - Fix: correct behavior with visibility conditions of sub-tabs in Systems/Misc page - BugFix: add missing url mapping (bsc#961565) - Fix kernel and initrd pathes for creating autoinstallation tries (bsc#966622) - Fix tests for HAE-GEO on SLES 4 SAP (bsc#970425) - Add unit tests for SLE-Live-Patching12 (bsc#924298) spacewalk-utils: - Bugfix: don't repeat channel labels - Taskotop: a utility to monitor what Taskomatic is doing - Fix file permissions (bsc#970550) suseRegisterInfo: - Fix file permissions (bsc#970550) susemanager: - Add packages to bootstrap repo (bsc#971237) - Mgr-sync: use bulk channel reposync (bsc#961002) - Mgr_ncc_sync: adapt to bulk scheduling introduced in scheduleSingleSatRepoSync - Add SLES 4 SAP to mgr-create-bootstap-repo as an option (bsc#972341) - Put packages only available in SLE12 SP1 in a seperate list (bsc#970672) - Fix file permissions (bsc#970550) susemanager-sync-data: - Support SLE-POS 11 SP3 as addon for SLES 11 SP4 (bsc#976194) - HAE-GEO is an addon product for SLES 4 SAP (bsc#970425) - Add support for SLE-Live-Patching12 (bsc#924298, bsc#968851) susemanager-tftpsync: - Rename change_tftpd_proxies.py to sync_post_tftpd_proxies.py and change trigger type (bsc#966890) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-service start The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sleman21-suse-manager-21-201605-12567 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20161367-1/ Link for SUSE-SU-2016:1367-1 https://lists.suse.com/pipermail/sle-security-updates/2016-May/002076.html E-Mail link for SUSE-SU-2016:1367-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/922740 SUSE Bug 922740 https://bugzilla.suse.com/924298 SUSE Bug 924298 https://bugzilla.suse.com/958923 SUSE Bug 958923 https://bugzilla.suse.com/961002 SUSE Bug 961002 https://bugzilla.suse.com/961565 SUSE Bug 961565 https://bugzilla.suse.com/962253 SUSE Bug 962253 https://bugzilla.suse.com/966622 SUSE Bug 966622 https://bugzilla.suse.com/966737 SUSE Bug 966737 https://bugzilla.suse.com/966890 SUSE Bug 966890 https://bugzilla.suse.com/968257 SUSE Bug 968257 https://bugzilla.suse.com/968406 SUSE Bug 968406 https://bugzilla.suse.com/968851 SUSE Bug 968851 https://bugzilla.suse.com/970223 SUSE Bug 970223 https://bugzilla.suse.com/970425 SUSE Bug 970425 https://bugzilla.suse.com/970550 SUSE Bug 970550 https://bugzilla.suse.com/970672 SUSE Bug 970672 https://bugzilla.suse.com/970901 SUSE Bug 970901 https://bugzilla.suse.com/970989 SUSE Bug 970989 https://bugzilla.suse.com/971237 SUSE Bug 971237 https://bugzilla.suse.com/972341 SUSE Bug 972341 https://bugzilla.suse.com/973162 SUSE Bug 973162 https://bugzilla.suse.com/973432 SUSE Bug 973432 https://bugzilla.suse.com/973550 SUSE Bug 973550 https://bugzilla.suse.com/974010 SUSE Bug 974010 https://bugzilla.suse.com/974011 SUSE Bug 974011 https://bugzilla.suse.com/974315 SUSE Bug 974315 https://bugzilla.suse.com/976194 SUSE Bug 976194 https://bugzilla.suse.com/976826 SUSE Bug 976826 https://bugzilla.suse.com/978166 SUSE Bug 978166 https://www.suse.com/security/cve/CVE-2015-0284/ SUSE CVE CVE-2015-0284 page https://www.suse.com/security/cve/CVE-2016-2103/ SUSE CVE CVE-2016-2103 page https://www.suse.com/security/cve/CVE-2016-2104/ SUSE CVE CVE-2016-2104 page https://www.suse.com/security/cve/CVE-2016-3079/ SUSE CVE CVE-2016-3079 page https://www.suse.com/security/cve/CVE-2016-3097/ SUSE CVE CVE-2016-3097 page SUSE Manager 2.1 cobbler-2.2.2-0.61.2 osa-dispatcher-5.11.33.11-15.2 rhnlib-2.5.69.8-11.2 spacewalk-backend-2.1.55.25-24.5 spacewalk-backend-app-2.1.55.25-24.5 spacewalk-backend-applet-2.1.55.25-24.5 spacewalk-backend-config-files-2.1.55.25-24.5 spacewalk-backend-config-files-common-2.1.55.25-24.5 spacewalk-backend-config-files-tool-2.1.55.25-24.5 spacewalk-backend-iss-2.1.55.25-24.5 spacewalk-backend-iss-export-2.1.55.25-24.5 spacewalk-backend-libs-2.1.55.25-24.5 spacewalk-backend-package-push-server-2.1.55.25-24.5 spacewalk-backend-server-2.1.55.25-24.5 spacewalk-backend-sql-2.1.55.25-24.5 spacewalk-backend-sql-oracle-2.1.55.25-24.5 spacewalk-backend-sql-postgresql-2.1.55.25-24.5 spacewalk-backend-tools-2.1.55.25-24.5 spacewalk-backend-xml-export-libs-2.1.55.25-24.5 spacewalk-backend-xmlrpc-2.1.55.25-24.5 spacewalk-branding-2.1.33.16-18.2 spacewalk-certs-tools-2.1.6.10-18.3 spacewalk-java-2.1.165.23-20.1 spacewalk-java-config-2.1.165.23-20.1 spacewalk-java-lib-2.1.165.23-20.1 spacewalk-java-oracle-2.1.165.23-20.1 spacewalk-java-postgresql-2.1.165.23-20.1 spacewalk-taskomatic-2.1.165.23-20.1 spacewalk-utils-2.1.27.15-12.7 suseRegisterInfo-2.1.12-14.2 susemanager-2.1.24-23.1 susemanager-sync-data-2.1.15-30.2 susemanager-tftpsync-2.1.2-11.2 susemanager-tools-2.1.24-23.1 cobbler-2.2.2-0.61.2 as a component of SUSE Manager 2.1 osa-dispatcher-5.11.33.11-15.2 as a component of SUSE Manager 2.1 rhnlib-2.5.69.8-11.2 as a component of SUSE Manager 2.1 spacewalk-backend-2.1.55.25-24.5 as a component of SUSE Manager 2.1 spacewalk-backend-app-2.1.55.25-24.5 as a component of SUSE Manager 2.1 spacewalk-backend-applet-2.1.55.25-24.5 as a component of SUSE Manager 2.1 spacewalk-backend-config-files-2.1.55.25-24.5 as a component of SUSE Manager 2.1 spacewalk-backend-config-files-common-2.1.55.25-24.5 as a component of SUSE Manager 2.1 spacewalk-backend-config-files-tool-2.1.55.25-24.5 as a component of SUSE Manager 2.1 spacewalk-backend-iss-2.1.55.25-24.5 as a component of SUSE Manager 2.1 spacewalk-backend-iss-export-2.1.55.25-24.5 as a component of SUSE Manager 2.1 spacewalk-backend-libs-2.1.55.25-24.5 as a component of SUSE Manager 2.1 spacewalk-backend-package-push-server-2.1.55.25-24.5 as a component of SUSE Manager 2.1 spacewalk-backend-server-2.1.55.25-24.5 as a component of SUSE Manager 2.1 spacewalk-backend-sql-2.1.55.25-24.5 as a component of SUSE Manager 2.1 spacewalk-backend-sql-oracle-2.1.55.25-24.5 as a component of SUSE Manager 2.1 spacewalk-backend-sql-postgresql-2.1.55.25-24.5 as a component of SUSE Manager 2.1 spacewalk-backend-tools-2.1.55.25-24.5 as a component of SUSE Manager 2.1 spacewalk-backend-xml-export-libs-2.1.55.25-24.5 as a component of SUSE Manager 2.1 spacewalk-backend-xmlrpc-2.1.55.25-24.5 as a component of SUSE Manager 2.1 spacewalk-branding-2.1.33.16-18.2 as a component of SUSE Manager 2.1 spacewalk-certs-tools-2.1.6.10-18.3 as a component of SUSE Manager 2.1 spacewalk-java-2.1.165.23-20.1 as a component of SUSE Manager 2.1 spacewalk-java-config-2.1.165.23-20.1 as a component of SUSE Manager 2.1 spacewalk-java-lib-2.1.165.23-20.1 as a component of SUSE Manager 2.1 spacewalk-java-oracle-2.1.165.23-20.1 as a component of SUSE Manager 2.1 spacewalk-java-postgresql-2.1.165.23-20.1 as a component of SUSE Manager 2.1 spacewalk-taskomatic-2.1.165.23-20.1 as a component of SUSE Manager 2.1 spacewalk-utils-2.1.27.15-12.7 as a component of SUSE Manager 2.1 suseRegisterInfo-2.1.12-14.2 as a component of SUSE Manager 2.1 susemanager-2.1.24-23.1 as a component of SUSE Manager 2.1 susemanager-sync-data-2.1.15-30.2 as a component of SUSE Manager 2.1 susemanager-tftpsync-2.1.2-11.2 as a component of SUSE Manager 2.1 susemanager-tools-2.1.24-23.1 as a component of SUSE Manager 2.1 Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-7811. CVE-2015-0284 SUSE Manager 2.1:cobbler-2.2.2-0.61.2 SUSE Manager 2.1:osa-dispatcher-5.11.33.11-15.2 SUSE Manager 2.1:rhnlib-2.5.69.8-11.2 SUSE Manager 2.1:spacewalk-backend-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-app-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-applet-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-config-files-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-config-files-common-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-config-files-tool-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-iss-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-iss-export-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-libs-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-package-push-server-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-server-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-sql-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-sql-oracle-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-sql-postgresql-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-tools-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-xml-export-libs-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-xmlrpc-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-branding-2.1.33.16-18.2 SUSE Manager 2.1:spacewalk-certs-tools-2.1.6.10-18.3 SUSE Manager 2.1:spacewalk-java-2.1.165.23-20.1 SUSE Manager 2.1:spacewalk-java-config-2.1.165.23-20.1 SUSE Manager 2.1:spacewalk-java-lib-2.1.165.23-20.1 SUSE Manager 2.1:spacewalk-java-oracle-2.1.165.23-20.1 SUSE Manager 2.1:spacewalk-java-postgresql-2.1.165.23-20.1 SUSE Manager 2.1:spacewalk-taskomatic-2.1.165.23-20.1 SUSE Manager 2.1:spacewalk-utils-2.1.27.15-12.7 SUSE Manager 2.1:suseRegisterInfo-2.1.12-14.2 SUSE Manager 2.1:susemanager-2.1.24-23.1 SUSE Manager 2.1:susemanager-sync-data-2.1.15-30.2 SUSE Manager 2.1:susemanager-tftpsync-2.1.2-11.2 SUSE Manager 2.1:susemanager-tools-2.1.24-23.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20161367-1/ https://www.suse.com/security/cve/CVE-2015-0284.html CVE-2015-0284 https://bugzilla.suse.com/902915 SUSE Bug 902915 https://bugzilla.suse.com/922740 SUSE Bug 922740 https://bugzilla.suse.com/969911 SUSE Bug 969911 Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the list_1680466951_oldfilterval parameter to systems/PhysicalList.do or (2) unspecified vectors involving systems/VirtualSystemsList.do. CVE-2016-2103 SUSE Manager 2.1:cobbler-2.2.2-0.61.2 SUSE Manager 2.1:osa-dispatcher-5.11.33.11-15.2 SUSE Manager 2.1:rhnlib-2.5.69.8-11.2 SUSE Manager 2.1:spacewalk-backend-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-app-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-applet-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-config-files-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-config-files-common-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-config-files-tool-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-iss-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-iss-export-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-libs-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-package-push-server-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-server-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-sql-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-sql-oracle-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-sql-postgresql-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-tools-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-xml-export-libs-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-xmlrpc-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-branding-2.1.33.16-18.2 SUSE Manager 2.1:spacewalk-certs-tools-2.1.6.10-18.3 SUSE Manager 2.1:spacewalk-java-2.1.165.23-20.1 SUSE Manager 2.1:spacewalk-java-config-2.1.165.23-20.1 SUSE Manager 2.1:spacewalk-java-lib-2.1.165.23-20.1 SUSE Manager 2.1:spacewalk-java-oracle-2.1.165.23-20.1 SUSE Manager 2.1:spacewalk-java-postgresql-2.1.165.23-20.1 SUSE Manager 2.1:spacewalk-taskomatic-2.1.165.23-20.1 SUSE Manager 2.1:spacewalk-utils-2.1.27.15-12.7 SUSE Manager 2.1:suseRegisterInfo-2.1.12-14.2 SUSE Manager 2.1:susemanager-2.1.24-23.1 SUSE Manager 2.1:susemanager-sync-data-2.1.15-30.2 SUSE Manager 2.1:susemanager-tftpsync-2.1.2-11.2 SUSE Manager 2.1:susemanager-tools-2.1.24-23.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20161367-1/ https://www.suse.com/security/cve/CVE-2016-2103.html CVE-2016-2103 https://bugzilla.suse.com/974011 SUSE Bug 974011 Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to software/packages/NameOverview.do; or unspecified vectors related to (5) <input:hidden> or (6) <bean:message> tags. CVE-2016-2104 SUSE Manager 2.1:cobbler-2.2.2-0.61.2 SUSE Manager 2.1:osa-dispatcher-5.11.33.11-15.2 SUSE Manager 2.1:rhnlib-2.5.69.8-11.2 SUSE Manager 2.1:spacewalk-backend-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-app-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-applet-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-config-files-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-config-files-common-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-config-files-tool-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-iss-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-iss-export-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-libs-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-package-push-server-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-server-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-sql-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-sql-oracle-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-sql-postgresql-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-tools-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-xml-export-libs-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-xmlrpc-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-branding-2.1.33.16-18.2 SUSE Manager 2.1:spacewalk-certs-tools-2.1.6.10-18.3 SUSE Manager 2.1:spacewalk-java-2.1.165.23-20.1 SUSE Manager 2.1:spacewalk-java-config-2.1.165.23-20.1 SUSE Manager 2.1:spacewalk-java-lib-2.1.165.23-20.1 SUSE Manager 2.1:spacewalk-java-oracle-2.1.165.23-20.1 SUSE Manager 2.1:spacewalk-java-postgresql-2.1.165.23-20.1 SUSE Manager 2.1:spacewalk-taskomatic-2.1.165.23-20.1 SUSE Manager 2.1:spacewalk-utils-2.1.27.15-12.7 SUSE Manager 2.1:suseRegisterInfo-2.1.12-14.2 SUSE Manager 2.1:susemanager-2.1.24-23.1 SUSE Manager 2.1:susemanager-sync-data-2.1.15-30.2 SUSE Manager 2.1:susemanager-tftpsync-2.1.2-11.2 SUSE Manager 2.1:susemanager-tools-2.1.24-23.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20161367-1/ https://www.suse.com/security/cve/CVE-2016-2104.html CVE-2016-2104 https://bugzilla.suse.com/974010 SUSE Bug 974010 Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems/SystemEntitlements.do; (2) the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a (3) snapshot tag or (4) system group in System Set Manager (SSM). CVE-2016-3079 SUSE Manager 2.1:cobbler-2.2.2-0.61.2 SUSE Manager 2.1:osa-dispatcher-5.11.33.11-15.2 SUSE Manager 2.1:rhnlib-2.5.69.8-11.2 SUSE Manager 2.1:spacewalk-backend-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-app-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-applet-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-config-files-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-config-files-common-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-config-files-tool-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-iss-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-iss-export-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-libs-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-package-push-server-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-server-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-sql-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-sql-oracle-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-sql-postgresql-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-tools-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-xml-export-libs-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-xmlrpc-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-branding-2.1.33.16-18.2 SUSE Manager 2.1:spacewalk-certs-tools-2.1.6.10-18.3 SUSE Manager 2.1:spacewalk-java-2.1.165.23-20.1 SUSE Manager 2.1:spacewalk-java-config-2.1.165.23-20.1 SUSE Manager 2.1:spacewalk-java-lib-2.1.165.23-20.1 SUSE Manager 2.1:spacewalk-java-oracle-2.1.165.23-20.1 SUSE Manager 2.1:spacewalk-java-postgresql-2.1.165.23-20.1 SUSE Manager 2.1:spacewalk-taskomatic-2.1.165.23-20.1 SUSE Manager 2.1:spacewalk-utils-2.1.27.15-12.7 SUSE Manager 2.1:suseRegisterInfo-2.1.12-14.2 SUSE Manager 2.1:susemanager-2.1.24-23.1 SUSE Manager 2.1:susemanager-sync-data-2.1.15-30.2 SUSE Manager 2.1:susemanager-tftpsync-2.1.2-11.2 SUSE Manager 2.1:susemanager-tools-2.1.24-23.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20161367-1/ https://www.suse.com/security/cve/CVE-2016-3079.html CVE-2016-3079 https://bugzilla.suse.com/973162 SUSE Bug 973162 Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via a group name, related to viewing snapshot data. CVE-2016-3097 SUSE Manager 2.1:cobbler-2.2.2-0.61.2 SUSE Manager 2.1:osa-dispatcher-5.11.33.11-15.2 SUSE Manager 2.1:rhnlib-2.5.69.8-11.2 SUSE Manager 2.1:spacewalk-backend-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-app-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-applet-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-config-files-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-config-files-common-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-config-files-tool-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-iss-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-iss-export-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-libs-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-package-push-server-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-server-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-sql-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-sql-oracle-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-sql-postgresql-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-tools-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-xml-export-libs-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-backend-xmlrpc-2.1.55.25-24.5 SUSE Manager 2.1:spacewalk-branding-2.1.33.16-18.2 SUSE Manager 2.1:spacewalk-certs-tools-2.1.6.10-18.3 SUSE Manager 2.1:spacewalk-java-2.1.165.23-20.1 SUSE Manager 2.1:spacewalk-java-config-2.1.165.23-20.1 SUSE Manager 2.1:spacewalk-java-lib-2.1.165.23-20.1 SUSE Manager 2.1:spacewalk-java-oracle-2.1.165.23-20.1 SUSE Manager 2.1:spacewalk-java-postgresql-2.1.165.23-20.1 SUSE Manager 2.1:spacewalk-taskomatic-2.1.165.23-20.1 SUSE Manager 2.1:spacewalk-utils-2.1.27.15-12.7 SUSE Manager 2.1:suseRegisterInfo-2.1.12-14.2 SUSE Manager 2.1:susemanager-2.1.24-23.1 SUSE Manager 2.1:susemanager-sync-data-2.1.15-30.2 SUSE Manager 2.1:susemanager-tftpsync-2.1.2-11.2 SUSE Manager 2.1:susemanager-tools-2.1.24-23.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20161367-1/ https://www.suse.com/security/cve/CVE-2016-3097.html CVE-2016-3097 https://bugzilla.suse.com/973550 SUSE Bug 973550