-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Important: katello-installer-base security and enhancement update
Advisory ID:       RHSA-2019:0733-01
Product:           Red Hat Satellite 6
Advisory URL:      https://access.redhat.com/errata/RHSA-2019:0733
Issue date:        2019-04-09
CVE Names:         CVE-2019-3845 
====================================================================
1. Summary:

An update for katello-installer-base which configures qpid-dispatch-router
is now available for Red Hat Satellite 6.3 for RHEL 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Satellite 6.3 - noarch
Red Hat Satellite Capsule 6.3 - noarch

3. Description:

The qpid-dispatch-router package provides remote host management
functionality and is configured through the katello-installer-base package.
Additional packages included contain enhancements to support the fix.

Security Fix:

* qpid-dispatch-router: QMF methods were exposed to goferd via qdrouterd
(CVE-2019-3845)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

This issue was discovered by Pavel Moravec (Red Hat).

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For detailed instructions how to apply this update, refer to:

rver_and_content_hosts#updating_satellite_server_to_next_minor_version

5. Bugs fixed (https://bugzilla.redhat.com/):

1684275 - CVE-2019-3845 qpid-dispatch-router: QMF methods exposed to goferd via qdrouterd

6. Package List:

Red Hat Satellite Capsule 6.3:

Source:
katello-installer-base-3.4.5.35-1.el7sat.src.rpm
satellite-6.3.5.1-1.el7sat.src.rpm

noarch:
foreman-installer-katello-3.4.5.35-1.el7sat.noarch.rpm
katello-installer-base-3.4.5.35-1.el7sat.noarch.rpm
satellite-capsule-6.3.5.1-1.el7sat.noarch.rpm
satellite-common-6.3.5.1-1.el7sat.noarch.rpm
satellite-debug-tools-6.3.5.1-1.el7sat.noarch.rpm

Red Hat Satellite 6.3:

Source:
katello-installer-base-3.4.5.35-1.el7sat.src.rpm
satellite-6.3.5.1-1.el7sat.src.rpm

noarch:
foreman-installer-katello-3.4.5.35-1.el7sat.noarch.rpm
katello-installer-base-3.4.5.35-1.el7sat.noarch.rpm
satellite-6.3.5.1-1.el7sat.noarch.rpm
satellite-capsule-6.3.5.1-1.el7sat.noarch.rpm
satellite-cli-6.3.5.1-1.el7sat.noarch.rpm
satellite-common-6.3.5.1-1.el7sat.noarch.rpm
satellite-debug-tools-6.3.5.1-1.el7sat.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-3845
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXKzVQNzjgjWX9erEAQgznQ/+J68CanxGm8rHLciV6HgFW94uN2tZCFEe
jYNs9QsZkYaWO0UoLue+w75izR5CZz/+FHhnM+5MvWUjB6BnFVp7pmDCv8WDYHiW
Ge/XbUkoOFwA/KRuCshqgY4r/s2hzlT+B8PBKdRyzutMFs+HsQOr7GPqG8csd4Kp
zpyxqIFCe2i+omohjqDJ7i25U8jsBpwV6trfiROYzWT/GuVY+IE5NXJzbzUY1XP7
RD2c9/dglmb8t1YDprcCr2x+t7/LG7/QVLyY5tovY0Sq8dPMcpMzuEAK373Puggl
qPh8ywUfh8dN2fKvy6NYIg2XL/cF7FpAOaUOsNAJPH8UTGaPUTOFgIR1c2+09jme
Ki0rfNmh69w7Wg/ti4ARcMCY42mvZ6khot83DXmShlKLxoLfGn/lKuc1olVs++qN
CB66UKDo0x/rxLQXGPeB7+2lKmfElrOy6R2Xab29vvnyvEbsi3Ox8OqRsli45nT/
NS2IkQDCLWC/woLTltDrk+XpMaCuLY29lwqVb3aHErhmsea/IgaK5mixynFnT56d
BjgtKFQLVoFM2IW+MlN1qXOWna9FUx2eZx2osqffalqQcH7GluFjRcAVAhlkE9lD
lTlMubuVsqdASiMq7ivrasw7vUiWeT4Or3DH9u7jJSZIJzVeyRfH5NQNf+IPy1yV
9iZekbUIsI8=5YXw
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2019-0733:01 Important: katello-installer-base security and

An update for katello-installer-base which configures qpid-dispatch-router is now available for Red Hat Satellite 6.3 for RHEL 7

Summary

The qpid-dispatch-router package provides remote host management functionality and is configured through the katello-installer-base package. Additional packages included contain enhancements to support the fix.
Security Fix:
* qpid-dispatch-router: QMF methods were exposed to goferd via qdrouterd (CVE-2019-3845)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
This issue was discovered by Pavel Moravec (Red Hat).



Summary


Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.
For detailed instructions how to apply this update, refer to:
rver_and_content_hosts#updating_satellite_server_to_next_minor_version

References

https://access.redhat.com/security/cve/CVE-2019-3845 https://access.redhat.com/security/updates/classification/#important

Package List

Red Hat Satellite Capsule 6.3:
Source: katello-installer-base-3.4.5.35-1.el7sat.src.rpm satellite-6.3.5.1-1.el7sat.src.rpm
noarch: foreman-installer-katello-3.4.5.35-1.el7sat.noarch.rpm katello-installer-base-3.4.5.35-1.el7sat.noarch.rpm satellite-capsule-6.3.5.1-1.el7sat.noarch.rpm satellite-common-6.3.5.1-1.el7sat.noarch.rpm satellite-debug-tools-6.3.5.1-1.el7sat.noarch.rpm
Red Hat Satellite 6.3:
Source: katello-installer-base-3.4.5.35-1.el7sat.src.rpm satellite-6.3.5.1-1.el7sat.src.rpm
noarch: foreman-installer-katello-3.4.5.35-1.el7sat.noarch.rpm katello-installer-base-3.4.5.35-1.el7sat.noarch.rpm satellite-6.3.5.1-1.el7sat.noarch.rpm satellite-capsule-6.3.5.1-1.el7sat.noarch.rpm satellite-cli-6.3.5.1-1.el7sat.noarch.rpm satellite-common-6.3.5.1-1.el7sat.noarch.rpm satellite-debug-tools-6.3.5.1-1.el7sat.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
Advisory ID: RHSA-2019:0733-01
Product: Red Hat Satellite 6
Advisory URL: https://access.redhat.com/errata/RHSA-2019:0733
Issued Date: : 2019-04-09
CVE Names: CVE-2019-3845

Topic

An update for katello-installer-base which configures qpid-dispatch-routeris now available for Red Hat Satellite 6.3 for RHEL 7.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures

Red Hat Satellite 6.3 - noarch

Red Hat Satellite Capsule 6.3 - noarch


Bugs Fixed

1684275 - CVE-2019-3845 qpid-dispatch-router: QMF methods exposed to goferd via qdrouterd


Related News

30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved