This collective update for SUSE Manager 1.7 provides several fixes and
enhancements.
smdba:
* Space reclamation caused ORA-00942 (table or view does not exist).
(bsc#906850)
* Optimized space reclamation for Oracle.
* Implement fully hot operations for PostgreSQL.
* System check breaks backup and other configuration.
* Implement rotating PostgreSQL backup feature. (bsc#896244)
* Set PostgreSQL max connections to the same value as for Oracle.
sm-ncc-sync-data:
* Add ATI and nVidia channels for SLED11-SP3. (bsc#901108)
spacecmd:
* Fix call to setCustomOptions(). (bsc#879904)
spacewalk-backend:
* Fix encoding of submit message.
* Trigger generation of metadata if the repository contains no
packages. (bsc#870159)
spacewalk-branding:
* Update default Spacewalk entitlement certificate.
spacewalk-java:
* Introduce improved parser for xmlrpc. (CVE-2014-8162, bsc#922525)
* Fix more cross-site scripting bugs. (CVE-2014-7811, bsc#902915)
* Ffix CVE audit in case of multiversion package installed and patch
in multi channels. (bsc#903723)
* Fix automatic configuration file deployment via snippet. (bsc#898426)
* Download CSV button does not export all columns ("Base Channel"
missing). (bsc#896238)
* Fix cross-site scripting in system-group. (CVE-2014-7812, bsc#912886)
spacewalk-setup:
* Fix XML RPC API External Entities file disclosure. (CVE-2014-8162,
bsc#922525)
* No activation if db population should be skipped. (bsc#900956)
susemanager-schema:
* Fix evr_t schema upgrade. (bsc#881111)
susemanager:
* Add tool to update the spacewalk public cert in the DB.
* Fix the test for the mirror credentials. (bsc#864246)
How to apply this update:
Security Issues:
* CVE-2014-7811
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7811">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7811</a>>
* CVE-2014-7812
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7812">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7812</a>>
* CVE-2014-8162
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8162">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8162</a>>
bugzilla.suse.com/799068
bugzilla.suse.com/809927
bugzilla.suse.com/814954
bugzilla.suse.com/864246
bugzilla.suse.com/870159
bugzilla.suse.com/879904
bugzilla.suse.com/881111
bugzilla.suse.com/896238
bugzilla.suse.com/896244
bugzilla.suse.com/898426
bugzilla.suse.com/900956
bugzilla.suse.com/901108
bugzilla.suse.com/902915
bugzilla.suse.com/903723
bugzilla.suse.com/906850
bugzilla.suse.com/912886
bugzilla.suse.com/922525
download.suse.com/patch/finder/?keywords=8028a25587947641ad45132e4992e11d