Red Hat Satellite 6.2 RHSA-2019-0734-01 Critical: QMF Methods Security Flaw
red hat
April 9, 2019
An update for katello-installer-base which configures qpid-dispatch-router is now available for Red Hat Satellite 6.2 for RHEL 6 and Red Hat Satellite 6.2 for RHEL 7
Solution
Before applying this update, make sure all previously released errata
relevant
to your system have been applied.
For detailed instructions how to apply this update, refer to:
stallation_guide/updating_satellite_server_capsule_server_and_content_hosts
#updating_satellite_server_to_next_minor_version
Summary
The qpid-dispatch-router package provides remote host management
functionality and is configured through the katello-installer-base package.
Additional packages included contain enhancements to support the fix.
Security Fix(es):
* qpid-dispatch-router: QMF methods exposed to goferd via qdrouterd
(CVE-2019-3845)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
This issue was discovered by Pavel Moravec (Red Hat).
References
https://access.redhat.com/security/cve/CVE-2019-3845 https://access.redhat.com/security/updates/classification#important
Package List
Red Hat Satellite Capsule 6.2:
Source:
katello-installer-base-3.0.0.105-1.el6sat.src.rpm
libwebsockets-2.1.0-3.el6.src.rpm
python-qpid-1.35.0-5.el6.src.rpm
qpid-cpp-1.36.0-19.el6.src.rpm
qpid-dispatch-0.8.0-10.el6.src.rpm
qpid-proton-0.16.0-12.el6sat.src.rpm
satellite-6.2.16.1-1.0.el6sat.src.rpm
noarch:
foreman-installer-katello-3.0.0.105-1.el6sat.noarch.rpm
katello-installer-base-3.0.0.105-1.el6sat.noarch.rpm
python-qpid-1.35.0-5.el6.noarch.rpm
qpid-tools-1.36.0-19.el6.noarch.rpm
satellite-capsule-6.2.16.1-1.0.el6sat.noarch.rpm
satellite-debug-tools-6.2.16.1-1.0.el6sat.noarch.rpm
x86_64:
libwebsockets-2.1.0-3.el6.x86_64.rpm
libwebsockets-debuginfo-2.1.0-3.el6.x86_64.rpm
python-qpid-proton-0.16.0-12.el6sat.x86_64.rpm
python-qpid-qmf-1.36.0-19.el6.x86_64.rpm
qpid-cpp-client-1.36.0-19.el6.x86_64.rpm
qpid-cpp-debuginfo-1.36.0-19.el6.x86_64.rpm
qpid-cpp-server-1.36.0-19.el6.x86_64.rpm
qpid-cpp-server-linearstore-1.36.0-19.el6.x86_64.rpm
qpid-dispatch-debuginfo-0.8.0-10.el6.x86_64.rpm
qpid-dispatch-router-0.8.0-10.el6.x86_64.rpm
qpid-dispatch-tools-0.8.0-10.el6.x86_64.rpm
qpid-proton-c-0.16.0-12.el6sat.x86_64.rpm
qpid-proton-debuginfo-0.16.0-12.el6sat.x86_64.rpm
qpid-qmf-1.36.0-19.el6.x86_64.rpm
Red Hat Satellite 6.2:
Source:
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Advisory ID: RHSA-2019:0734-01
Product: Red Hat Satellite 6
Advisory URL: https://access.redhat.com/errata/RHSA-2019:0734
Issue date: 2019-04-09
Topic
An update for katello-installer-base which configures qpid-dispatch-routeris now available for Red Hat Satellite 6.2 for RHEL 6 and Red Hat Satellite6.2 for RHEL 7.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
Relevant Releases Architectures
Red Hat Satellite 6.2 - noarch, x86_64
Red Hat Satellite Capsule 6.2 - noarch, x86_64
Bugs Fixed
1684275 - CVE-2019-3845 qpid-dispatch-router: QMF methods exposed to goferd via qdrouterd
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!