{"affected":[],"aliases":[],"details":"\nThis collective update for SUSE Manager Server 2.1 provides the following \nnew features:\n\n    * ISS: export/import information about cloned channels to support\n      Service Pack migration on ISS slaves. (FATE#317789)\n    * New API calls: system.scheduleSPMigration(),\n      system.scheduleDistUpgrade(). (FATE#314785, FATE#314340)\n\nAdditionally, several issues have been fixed:\n\ncobbler:\n\n    * Fix re-installation on SLE with static network configuration.\n      (bsc#883487)\n    * Add RHEL 7 as a valid operating system version.\n\nsmdba:\n\n    * Archival of PosgreSQL transaction log does not recover in case of no\n      space left on device. (bsc#915140)\n\nsm-ncc-sync-data:\n\n    * Add support for RES7 in SUSE Manager. (bsc#897723, bsc#893608)\n\nspacewalk-backend:\n\n    * Convert mtime to localtime to prevent invalid times because of DST.\n      (bsc#914437)\n    * Do not exit with error if a vendor channel has no URL associated.\n      (bsc#914260)\n    * Copy all SUSE Manager logfiles into spacewalk-debug.\n    * Exclude old backup-logs from spacewalk-debug to reduce size.\n    * Fix ISS export with unset patch severity.\n    * Convert empty string to null for DMI values. (bsc#911272)\n    * Fixed double-counting of systems subscribed to more than one channel.\n\nspacewalk-certs-tools:\n\n    * Do not allow registering a SUSE Manager server against itself.\n      (bsc#841731)\n\nspacewalk-java:\n\n    * Fix auditlog config yaml syntax. (bsc#913221)\n    * Show Proxy tab if system is a proxy even when assigned to cloned\n      channels. (bsc#913939)\n    * Fixed uncaught error which prevent correct error handling.\n      (bsc#858971)\n    * Fix NPE by setting max_members to 0 instead of NULL. (bsc#912035)\n    * Fix more cross-site-scripting (XSS) issues. (CVE-2014-7811,\n      bsc#902915)\n    * Fix basic authentication for HTTP proxies. (bsc#912057)\n    * Accept repos with same SCC ID and different URLs. (bsc#911808)\n    * Avoid mgr-sync-refresh failure because clear_log_id was not called.\n      (bsc#911166)\n    * Fix cross-site-scripting (XSS) issue in system-group (CVE-2014-7812,\n      bsc#912886)\n    * Fix 'Select All' buttons display on rhn:list and make it consistent\n      with new rl:list. (bsc#909724)\n    * Fix List tag missing submit parameter for 'Select All' and others.\n      (bnc#909724)\n    * Sort filelist in configfile.compare event history alphabetically.\n      (bsc#910243)\n    * Allow parenthesis in system group description. (bsc#903064)\n    * Provide new API documentation in PDF format. (bsc#896029)\n    * Update the example scripts section. (bsc#896029)\n    * Fixed wording issues on package lock page. (bsc#880022)\n    * Make text more clear for package profile sync. (bsc#884350)\n\nspacewalk-web:\n\n    * Show Proxy tab if system is a proxy even when assigned to cloned\n      channels. (bsc#913939)\n\nsupportutils-plugin-susemanager:\n\n    * Write current service and repository configuration into\n      supportconfig.\n\nsusemanager-jsp_en, susemanager-manuals_en:\n\n    * Update text and image files (bsc#910494).\n    * Firewall rules are incomplete - ssh-push and ssh-push-tunnel settings\n      missing. (bsc#904703).\n    * Document SP migration and ISS. (bsc#913215, partially).\n    * Fix 'beta packages' mentioned in documentation. (bsc#886421).\n    * User guide: Snapshots: clarify snaphot usage. (bsc#906851).\n    * Document maximal supported configuration file limit. (bsc#910482).\n\nsusemanager-schema:\n\n    * Fix NPE by setting max_members to 0 instead of NULL. (bsc#912035)\n    * Fix old migration for future reference. (bsc#911180)\n    * Avoid NPE when migrating to SCC on Oracle migrated from 1.7.\n      (bsc#911180)\n    * Fixed double-counting systems subscribed to more than one channel.\n\nsusemanager:\n\n    * Ask for the authentication beforehand. (bsc#908317)\n    * Bring back the ability to save credentials to the configuration file.\n    * Bring back token verification availability.\n    * Never ask for user credentials when scheduling a refresh.\n\nsusemanager-sync-data:\n\n    * Added support for RES7 in SUSE Manager. (bsc#897723, bsc#893608)\n\ntanukiwrapper:\n\n    * Allow more than 4G as -Xmx option. (bsc#914900)\n\nHow to apply this update:\n\n1. Log in as root user to the SUSE Manager server.\n2. Stop the Spacewalk service: spacewalk-service stop\n3. Apply the patch using either zypper patch or YaST Online Update.\n4. Upgrade the database schema with spacewalk-schema-upgrade\n5. Start the Spacewalk service: spacewalk-service start\n\nSecurity Issues:\n\n    * CVE-2014-7811\n      <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7811>\n    * CVE-2014-7812\n      <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7812>\n\n","id":"SUSE-RU-2015:0393-1","modified":"2015-02-06T14:03:47Z","published":"2015-02-06T14:03:47Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement//suse-ru-20150393-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/841731"},{"type":"REPORT","url":"https://bugzilla.suse.com/858971"},{"type":"REPORT","url":"https://bugzilla.suse.com/880022"},{"type":"REPORT","url":"https://bugzilla.suse.com/883487"},{"type":"REPORT","url":"https://bugzilla.suse.com/884350"},{"type":"REPORT","url":"https://bugzilla.suse.com/886421"},{"type":"REPORT","url":"https://bugzilla.suse.com/893608"},{"type":"REPORT","url":"https://bugzilla.suse.com/896029"},{"type":"REPORT","url":"https://bugzilla.suse.com/897723"},{"type":"REPORT","url":"https://bugzilla.suse.com/902915"},{"type":"REPORT","url":"https://bugzilla.suse.com/903064"},{"type":"REPORT","url":"https://bugzilla.suse.com/904703"},{"type":"REPORT","url":"https://bugzilla.suse.com/906851"},{"type":"REPORT","url":"https://bugzilla.suse.com/908317"},{"type":"REPORT","url":"https://bugzilla.suse.com/909724"},{"type":"REPORT","url":"https://bugzilla.suse.com/910243"},{"type":"REPORT","url":"https://bugzilla.suse.com/910482"},{"type":"REPORT","url":"https://bugzilla.suse.com/910494"},{"type":"REPORT","url":"https://bugzilla.suse.com/911166"},{"type":"REPORT","url":"https://bugzilla.suse.com/911180"},{"type":"REPORT","url":"https://bugzilla.suse.com/911272"},{"type":"REPORT","url":"https://bugzilla.suse.com/911808"},{"type":"REPORT","url":"https://bugzilla.suse.com/912035"},{"type":"REPORT","url":"https://bugzilla.suse.com/912057"},{"type":"REPORT","url":"https://bugzilla.suse.com/912886"},{"type":"REPORT","url":"https://bugzilla.suse.com/913215"},{"type":"REPORT","url":"https://bugzilla.suse.com/913221"},{"type":"REPORT","url":"https://bugzilla.suse.com/913939"},{"type":"REPORT","url":"https://bugzilla.suse.com/914260"},{"type":"REPORT","url":"https://bugzilla.suse.com/914437"},{"type":"REPORT","url":"https://bugzilla.suse.com/914900"},{"type":"REPORT","url":"https://bugzilla.suse.com/915140"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-7811"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-7812"}],"related":["CVE-2014-7811","CVE-2014-7812"],"summary":"Recommended update for SUSE Manager Server 2.1","upstream":["CVE-2014-7811","CVE-2014-7812"]}