{"affected":[{"ecosystem_specific":{"binaries":[{"python3-spacewalk-backend-libs":"4.0.22-3.3.1","spacewalk-backend":"4.0.22-3.3.1","spacewalk-base-minimal":"4.0.14-3.3.1","spacewalk-base-minimal-config":"4.0.14-3.3.1","spacewalk-proxy-broker":"4.0.12-3.3.1","spacewalk-proxy-common":"4.0.12-3.3.1","spacewalk-proxy-management":"4.0.12-3.3.1","spacewalk-proxy-package-manager":"4.0.12-3.3.1","spacewalk-proxy-redirect":"4.0.12-3.3.1","spacewalk-proxy-salt":"4.0.12-3.3.1"}]},"package":{"ecosystem":"SUSE:Manager Proxy Module 4.0","name":"spacewalk-backend","purl":"pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Proxy%20Module%204.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.0.22-3.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python3-spacewalk-backend-libs":"4.0.22-3.3.1","spacewalk-backend":"4.0.22-3.3.1","spacewalk-base-minimal":"4.0.14-3.3.1","spacewalk-base-minimal-config":"4.0.14-3.3.1","spacewalk-proxy-broker":"4.0.12-3.3.1","spacewalk-proxy-common":"4.0.12-3.3.1","spacewalk-proxy-management":"4.0.12-3.3.1","spacewalk-proxy-package-manager":"4.0.12-3.3.1","spacewalk-proxy-redirect":"4.0.12-3.3.1","spacewalk-proxy-salt":"4.0.12-3.3.1"}]},"package":{"ecosystem":"SUSE:Manager Proxy Module 4.0","name":"spacewalk-proxy","purl":"pkg:rpm/suse/spacewalk-proxy&distro=SUSE%20Manager%20Proxy%20Module%204.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.0.12-3.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python3-spacewalk-backend-libs":"4.0.22-3.3.1","spacewalk-backend":"4.0.22-3.3.1","spacewalk-base-minimal":"4.0.14-3.3.1","spacewalk-base-minimal-config":"4.0.14-3.3.1","spacewalk-proxy-broker":"4.0.12-3.3.1","spacewalk-proxy-common":"4.0.12-3.3.1","spacewalk-proxy-management":"4.0.12-3.3.1","spacewalk-proxy-package-manager":"4.0.12-3.3.1","spacewalk-proxy-redirect":"4.0.12-3.3.1","spacewalk-proxy-salt":"4.0.12-3.3.1"}]},"package":{"ecosystem":"SUSE:Manager Proxy Module 4.0","name":"spacewalk-web","purl":"pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Proxy%20Module%204.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.0.14-3.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python3-spacewalk-backend-libs":"4.0.22-3.3.1","spacewalk-backend":"4.0.22-3.3.1","spacewalk-backend-app":"4.0.22-3.3.1","spacewalk-backend-applet":"4.0.22-3.3.1","spacewalk-backend-config-files":"4.0.22-3.3.1","spacewalk-backend-config-files-common":"4.0.22-3.3.1","spacewalk-backend-config-files-tool":"4.0.22-3.3.1","spacewalk-backend-iss":"4.0.22-3.3.1","spacewalk-backend-iss-export":"4.0.22-3.3.1","spacewalk-backend-package-push-server":"4.0.22-3.3.1","spacewalk-backend-server":"4.0.22-3.3.1","spacewalk-backend-sql":"4.0.22-3.3.1","spacewalk-backend-sql-postgresql":"4.0.22-3.3.1","spacewalk-backend-tools":"4.0.22-3.3.1","spacewalk-backend-xml-export-libs":"4.0.22-3.3.1","spacewalk-backend-xmlrpc":"4.0.22-3.3.1","spacewalk-base":"4.0.14-3.3.1","spacewalk-base-minimal":"4.0.14-3.3.1","spacewalk-base-minimal-config":"4.0.14-3.3.1","spacewalk-html":"4.0.14-3.3.1","susemanager-doc-indexes":"4.0-10.3.1","susemanager-docs_en":"4.0-10.3.1","susemanager-docs_en-pdf":"4.0-10.3.1","susemanager-sync-data":"4.0.12-3.3.1","susemanager-web-libs":"4.0.14-3.3.1"}]},"package":{"ecosystem":"SUSE:Manager Server Module 4.0","name":"spacewalk-backend","purl":"pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Server%20Module%204.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.0.22-3.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python3-spacewalk-backend-libs":"4.0.22-3.3.1","spacewalk-backend":"4.0.22-3.3.1","spacewalk-backend-app":"4.0.22-3.3.1","spacewalk-backend-applet":"4.0.22-3.3.1","spacewalk-backend-config-files":"4.0.22-3.3.1","spacewalk-backend-config-files-common":"4.0.22-3.3.1","spacewalk-backend-config-files-tool":"4.0.22-3.3.1","spacewalk-backend-iss":"4.0.22-3.3.1","spacewalk-backend-iss-export":"4.0.22-3.3.1","spacewalk-backend-package-push-server":"4.0.22-3.3.1","spacewalk-backend-server":"4.0.22-3.3.1","spacewalk-backend-sql":"4.0.22-3.3.1","spacewalk-backend-sql-postgresql":"4.0.22-3.3.1","spacewalk-backend-tools":"4.0.22-3.3.1","spacewalk-backend-xml-export-libs":"4.0.22-3.3.1","spacewalk-backend-xmlrpc":"4.0.22-3.3.1","spacewalk-base":"4.0.14-3.3.1","spacewalk-base-minimal":"4.0.14-3.3.1","spacewalk-base-minimal-config":"4.0.14-3.3.1","spacewalk-html":"4.0.14-3.3.1","susemanager-doc-indexes":"4.0-10.3.1","susemanager-docs_en":"4.0-10.3.1","susemanager-docs_en-pdf":"4.0-10.3.1","susemanager-sync-data":"4.0.12-3.3.1","susemanager-web-libs":"4.0.14-3.3.1"}]},"package":{"ecosystem":"SUSE:Manager Server Module 4.0","name":"spacewalk-web","purl":"pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Server%20Module%204.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.0.14-3.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python3-spacewalk-backend-libs":"4.0.22-3.3.1","spacewalk-backend":"4.0.22-3.3.1","spacewalk-backend-app":"4.0.22-3.3.1","spacewalk-backend-applet":"4.0.22-3.3.1","spacewalk-backend-config-files":"4.0.22-3.3.1","spacewalk-backend-config-files-common":"4.0.22-3.3.1","spacewalk-backend-config-files-tool":"4.0.22-3.3.1","spacewalk-backend-iss":"4.0.22-3.3.1","spacewalk-backend-iss-export":"4.0.22-3.3.1","spacewalk-backend-package-push-server":"4.0.22-3.3.1","spacewalk-backend-server":"4.0.22-3.3.1","spacewalk-backend-sql":"4.0.22-3.3.1","spacewalk-backend-sql-postgresql":"4.0.22-3.3.1","spacewalk-backend-tools":"4.0.22-3.3.1","spacewalk-backend-xml-export-libs":"4.0.22-3.3.1","spacewalk-backend-xmlrpc":"4.0.22-3.3.1","spacewalk-base":"4.0.14-3.3.1","spacewalk-base-minimal":"4.0.14-3.3.1","spacewalk-base-minimal-config":"4.0.14-3.3.1","spacewalk-html":"4.0.14-3.3.1","susemanager-doc-indexes":"4.0-10.3.1","susemanager-docs_en":"4.0-10.3.1","susemanager-docs_en-pdf":"4.0-10.3.1","susemanager-sync-data":"4.0.12-3.3.1","susemanager-web-libs":"4.0.14-3.3.1"}]},"package":{"ecosystem":"SUSE:Manager Server Module 4.0","name":"susemanager-doc-indexes","purl":"pkg:rpm/suse/susemanager-doc-indexes&distro=SUSE%20Manager%20Server%20Module%204.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.0-10.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python3-spacewalk-backend-libs":"4.0.22-3.3.1","spacewalk-backend":"4.0.22-3.3.1","spacewalk-backend-app":"4.0.22-3.3.1","spacewalk-backend-applet":"4.0.22-3.3.1","spacewalk-backend-config-files":"4.0.22-3.3.1","spacewalk-backend-config-files-common":"4.0.22-3.3.1","spacewalk-backend-config-files-tool":"4.0.22-3.3.1","spacewalk-backend-iss":"4.0.22-3.3.1","spacewalk-backend-iss-export":"4.0.22-3.3.1","spacewalk-backend-package-push-server":"4.0.22-3.3.1","spacewalk-backend-server":"4.0.22-3.3.1","spacewalk-backend-sql":"4.0.22-3.3.1","spacewalk-backend-sql-postgresql":"4.0.22-3.3.1","spacewalk-backend-tools":"4.0.22-3.3.1","spacewalk-backend-xml-export-libs":"4.0.22-3.3.1","spacewalk-backend-xmlrpc":"4.0.22-3.3.1","spacewalk-base":"4.0.14-3.3.1","spacewalk-base-minimal":"4.0.14-3.3.1","spacewalk-base-minimal-config":"4.0.14-3.3.1","spacewalk-html":"4.0.14-3.3.1","susemanager-doc-indexes":"4.0-10.3.1","susemanager-docs_en":"4.0-10.3.1","susemanager-docs_en-pdf":"4.0-10.3.1","susemanager-sync-data":"4.0.12-3.3.1","susemanager-web-libs":"4.0.14-3.3.1"}]},"package":{"ecosystem":"SUSE:Manager Server Module 4.0","name":"susemanager-docs_en","purl":"pkg:rpm/suse/susemanager-docs_en&distro=SUSE%20Manager%20Server%20Module%204.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.0-10.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python3-spacewalk-backend-libs":"4.0.22-3.3.1","spacewalk-backend":"4.0.22-3.3.1","spacewalk-backend-app":"4.0.22-3.3.1","spacewalk-backend-applet":"4.0.22-3.3.1","spacewalk-backend-config-files":"4.0.22-3.3.1","spacewalk-backend-config-files-common":"4.0.22-3.3.1","spacewalk-backend-config-files-tool":"4.0.22-3.3.1","spacewalk-backend-iss":"4.0.22-3.3.1","spacewalk-backend-iss-export":"4.0.22-3.3.1","spacewalk-backend-package-push-server":"4.0.22-3.3.1","spacewalk-backend-server":"4.0.22-3.3.1","spacewalk-backend-sql":"4.0.22-3.3.1","spacewalk-backend-sql-postgresql":"4.0.22-3.3.1","spacewalk-backend-tools":"4.0.22-3.3.1","spacewalk-backend-xml-export-libs":"4.0.22-3.3.1","spacewalk-backend-xmlrpc":"4.0.22-3.3.1","spacewalk-base":"4.0.14-3.3.1","spacewalk-base-minimal":"4.0.14-3.3.1","spacewalk-base-minimal-config":"4.0.14-3.3.1","spacewalk-html":"4.0.14-3.3.1","susemanager-doc-indexes":"4.0-10.3.1","susemanager-docs_en":"4.0-10.3.1","susemanager-docs_en-pdf":"4.0-10.3.1","susemanager-sync-data":"4.0.12-3.3.1","susemanager-web-libs":"4.0.14-3.3.1"}]},"package":{"ecosystem":"SUSE:Manager Server Module 4.0","name":"susemanager-sync-data","purl":"pkg:rpm/suse/susemanager-sync-data&distro=SUSE%20Manager%20Server%20Module%204.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.0.12-3.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update fixes the following issues:\n\nspacewalk-backend:\n\n- Do not duplicate 'http://' protocol when using proxies with 'deb'\n  repositories (bsc#1138313)\n- Fix reposync when dealing with RedHat CDN (bsc#1138358)\n- Fix for CVE-2019-10136. An attacker with a valid, but expired,\n  authenticated set of headers could move some digits around,\n  artificially extending the session validity without modifying\n  the checksum. (bsc#1136480)\n\nspacewalk-web:\n\n- Change WebUI version 4.0.1\n\nsusemanager-doc-indexes:\n\n- Updated wording for prometheus section\n- Jeos VM update\n- Port 8050 for graphical console display\n- Content life-cycle docs are not enough for customer to understand (bsc#1137955)\n- Salt boot formula fails for SLES11 SP3 terminal (bsc#1136857)\n- Certificate verify failed when using vmware esxi virtual host gatherer (bsc#1136561)\n\nsusemanager-docs_en:\n\n- Updated wording for prometheus section\n- Jeos VM update\n- Port 8050 for graphical console display\n- Content life-cycle docs are not enough for customer to understand (bsc#1137955)\n- Salt boot formula fails for SLES11 SP3 terminal (bsc#1136857)\n- Certificate verify failed when using vmware esxi virtual host gatherer (bsc#1136561)\n\nsusemanager-sync-data:\n\n- Add channel family definitions for SLES12 SP3 LTSS (bsc#1139693)\n- Add OPENSUSE to allowed channel_families to make\n  openSUSE Leap product visible in the product list (bsc#1138364)\n\n","id":"SUSE-SU-2019:1789-1","modified":"2019-07-09T13:21:45Z","published":"2019-07-09T13:21:45Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2019/suse-su-20191789-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1136476"},{"type":"REPORT","url":"https://bugzilla.suse.com/1136480"},{"type":"REPORT","url":"https://bugzilla.suse.com/1136561"},{"type":"REPORT","url":"https://bugzilla.suse.com/1136857"},{"type":"REPORT","url":"https://bugzilla.suse.com/1137955"},{"type":"REPORT","url":"https://bugzilla.suse.com/1138313"},{"type":"REPORT","url":"https://bugzilla.suse.com/1138358"},{"type":"REPORT","url":"https://bugzilla.suse.com/1138364"},{"type":"REPORT","url":"https://bugzilla.suse.com/1139693"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-10136"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-10137"}],"related":["CVE-2019-10136","CVE-2019-10137"],"summary":"Security update for SUSE Manager Server 4.0","upstream":["CVE-2019-10136","CVE-2019-10137"]}