Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Red Hat Satellite 6.5 Moderate Security Advisory: RHSA-2019:1222-01

red hat
Calendar Grey May 14, 2019
Dist Redhat Esm H88
Introducing Red Hat Satellite 6.5, showcasing updated security features, resolved issues, and improvements assessed as moderate by Red Hat.
Red Hat Satellite 6.5 for RHEL 7 is now available containing security fixes, bug fixes, and enhancements

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Summary

Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool.
Security Fix(es):
* RESTEasy: Abuse of GZIPInterceptor in RESTEasy can lead to denial of service attack (CVE-2016-6346)
* pulp: Improper path parsing leads to overwriting of iso repositories (CVE-2018-10917)
* foreman: Persisted XSS on all pages that use breadcrumbs (CVE-2018-14664)
* foreman: stored XSS in success notification after entity creation (CVE-2018-16861)
* katello: stored XSS in subscriptions and repositories pages (CVE-2018-16887)
* candlepin: credentials exposure through log files (CVE-2019-3891)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.

Topics%20covered

Topics Covered

security advisory moderate software update xss dos attack credentials exposure red hat satellite

References

https://access.redhat.com/security/cve/CVE-2016-6346 https://access.redhat.com/security/cve/CVE-2018-10917 https://access.redhat.com/security/cve/CVE-2018-14664 https://access.redhat.com/security/cve/CVE-2018-16861 https://access.redhat.com/security/cve/CVE-2018-16887 https://access.redhat.com/security/cve/CVE-2019-3891 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_satellite/6.5/html/release_notes/index

Package List

Red Hat Satellite Capsule 6.5:
Source: SOAPpy-0.11.6-17.el7.src.rpm ansiblerole-insights-client-1.6-1.el7sat.src.rpm createrepo_c-0.7.4-1.el7sat.src.rpm foreman-1.20.1.34-1.el7sat.src.rpm foreman-bootloaders-redhat-201801241201-4.el7sat.src.rpm foreman-discovery-image-3.5.4-2.el7sat.src.rpm foreman-installer-1.20.0-2.el7sat.src.rpm foreman-proxy-1.20.0-1.el7sat.src.rpm foreman-selinux-1.20.0-1.el7sat.src.rpm gofer-2.12.5-3.el7sat.src.rpm hfsplus-tools-332.14-12.el7.src.rpm katello-3.10.0-0.6.rc1.el7sat.src.rpm katello-certs-tools-2.4.0-2.el7sat.src.rpm katello-client-bootstrap-1.7.2-1.el7sat.src.rpm katello-installer-base-3.10.0.7-1.el7sat.src.rpm katello-selinux-3.0.3-2.el7sat.src.rpm kobo-0.5.1-1.el7sat.src.rpm libmodulemd-1.6.3-1.el7sat.src.rpm libsolv-0.6.34-2.pulp.el7sat.src.rpm libstemmer-0-2.585svn.el7sat.src.rpm libwebsockets-2.4.2-2.el7.src.rpm livecd-tools-20.4-1.6.el7sat.src.rpm mod_xsendfile-0.12-10.el7sat.src.rpm mongodb-2.6.11-2.el7sat.src.rpm ostree-2017.1-2.atomic.el7.src.rpm pulp-2.18.1.1-1.el7sat.src.rpm pulp-docker-3.2.2-1.el7sat.src.rpm pulp-katello-1.0.2-5.el7sat.src.rpm pulp-ostree-1.3.1-1.el7sat.src.rpm pulp-puppet-2.18.1-2.el7sat.src.rpm pulp-rpm-2.18.1.5-1.el7sat.src.rpm puppet-agent-5.5.12-1.el7sat.src.rpm

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2019:1222-01
Product: Red Hat Satellite 6
Advisory URL: https://access.redhat.com/errata/RHSA-2019:1222
Issue date: 2019-05-14

Topic

Red Hat Satellite 6.5 for RHEL 7 is now available containing securityfixes, bug fixes, and enhancements.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory moderate software update xss dos attack credentials exposure red hat satellite

Relevant Releases Architectures

Red Hat Satellite 6.5 - noarch, x86_64

Red Hat Satellite Capsule 6.5 - noarch, x86_64

Bugs Fixed

1143987 - [RFE] Hammer task missing info subcommand

1155811 - [RFE] Support Infoblox IPAM appliances as subnet / domain providers1170174 - [RFE] Satellite 6 product FIPS mode Compliance

1232475 - [RFE] generate a report of Specific fields in the Content Hosts -> Details section

1233431 - [RFE] CSR should not be mandatory when installing Satellite Server or generating Capsule certificate bundle with custom ssl certificates

1267766 - capsule installer generates invalid dhcp.conf for non local networks

1305040 - [RFE] User control of Capsule sync policy and other traffic from Satellite to capsule

1335621 - [RFE] Ignore warnings when syncing repos and SRC packages are missing

1339743 - [RFE] Search OpenSCAP reports using host collections

1356126 - [RFE] Implement host disassociation command

1372120 - CVE-2016-6346 RESTEasy: Abuse of GZIPInterceptor in RESTEasy can lead to denial of service attack

1396974 - VM orchestration should provide better error reporting and logging

1397590 - [RFE] “Unregister Host” needs a clear instruction for options under it

1402134 - [RFE] Need Hammer CLI commands to do the HostGroup / Environments associations with Provisioning Template.

1408782 - [RFE] virt-who need to make sure there is only one entry in satellite content host for the same hypervisor when configure hypervisor_id for uuid or hostname or hwuuid

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here