Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

RedHat: RHSA-2019-3172-01 Moderate: Red Hat Satellite 6 Denial Of Service

red hat
Calendar Grey October 22, 2019
Dist Redhat Esm H88
Keep your RHEL 7 system secure and updated by reviewing the latest Red Hat Satellite 6 security advisory for insights on vulnerabilities and essential updates
An update is now available for Red Hat Satellite 6.6 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For detailed instructions how to apply this update, refer to:

grading_and_updating_red_hat_satellite/updating_satellite_server_capsule_se rver_and_content_hosts

Summary

Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool.
Security Fix(es):
* rubygem-rack: Buffer size in multipart parser allows for denial of service (CVE-2018-16470)
* dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents (CVE-2018-1000632)
* foreman: authorization bypasses in foreman-tasks leading to information disclosure (CVE-2019-10198)
* katello: registry credentials are captured in plain text during repository discovery (CVE-2019-14825)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.

Topics%20covered

Topics Covered

security advisory moderate denial of service security issue red hat bug fix satellite

References

https://access.redhat.com/security/cve/CVE-2018-16470 https://access.redhat.com/security/cve/CVE-2018-1000632 https://access.redhat.com/security/cve/CVE-2019-10198 https://access.redhat.com/security/cve/CVE-2019-14825 https://access.redhat.com/security/updates/classification#moderate

Package List

Red Hat Satellite Capsule 6.6:
Source: ansible-runner-1.3.4-2.el7ar.src.rpm ansiblerole-foreman_scap_client-0.0.3-1.el7sat.src.rpm ansiblerole-insights-client-1.6-2.el7sat.src.rpm createrepo_c-0.7.4-1.el7sat.src.rpm foreman-1.22.0.32-1.el7sat.src.rpm foreman-bootloaders-redhat-201901011200-1.el7sat.src.rpm foreman-discovery-image-3.5.4-6.el7sat.src.rpm foreman-installer-1.22.0.16-1.el7sat.src.rpm foreman-proxy-1.22.0.2-1.el7sat.src.rpm foreman-selinux-1.22.0-1.el7sat.src.rpm future-0.16.0-11.el7sat.src.rpm gofer-2.12.5-5.el7sat.src.rpm hfsplus-tools-332.14-12.el7.src.rpm katello-3.12.0-2.el7sat.src.rpm katello-certs-tools-2.6.0-1.el7sat.src.rpm katello-client-bootstrap-1.7.3-1.el7sat.src.rpm katello-selinux-3.1.1-2.el7sat.src.rpm kobo-0.5.1-1.el7sat.src.rpm libmodulemd-1.7.0-1.pulp.el7sat.src.rpm libsolv-0.7.4-3.pulp.el7sat.src.rpm libwebsockets-2.4.2-2.el7.src.rpm livecd-tools-20.4-1.6.el7sat.src.rpm mod_xsendfile-0.12-11.el7sat.src.rpm ostree-2017.1-2.atomic.el7.src.rpm pulp-2.19.1.1-1.el7sat.src.rpm pulp-docker-3.2.3.1-2.el7sat.src.rpm pulp-katello-1.0.3-1.el7sat.src.rpm pulp-ostree-1.3.1-2.el7sat.src.rpm pulp-puppet-2.19.1-2.el7sat.src.rpm pulp-rpm-2.19.1.1-2.el7sat.src.rpm puppet-agent-5.5.12-1.el7sat.src.rpm

Read the Full Advisory


Advisory ID: RHSA-2019:3172-01
Product: Red Hat Satellite 6
Advisory URL: https://access.redhat.com/errata/RHSA-2019:3172
Issue date: 2019-10-22

Topic

An update is now available for Red Hat Satellite 6.6 for RHEL 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory moderate denial of service security issue red hat bug fix satellite

Relevant Releases Architectures

Red Hat Satellite 6.6 - noarch, x86_64

Red Hat Satellite Capsule 6.6 - noarch, x86_64

Bugs Fixed

1111223 - Removing a lifecycle environment from a capsule does not cause repos to be removed from

1152515 - [RFE] Dependency Resolution within content views + associated UI constructs.

1163020 - [RFE|TRACKER] Add systemd journal/systemd support

1194093 - [RFE] Update puppet provisioning snippet & installers to support sha256

1336439 - [RFE] Set Network Interface Type when creating new VMs in RHEV Compute Resource

1378579 - Deploying a New Host to vmware compute resource from existing template always ends up with thin provisioned disk

1402136 - [RFE] Provide method to add array, hashes as input value for Global parameters in hostgroups

1465521 - [RFE] API to cancel/delete Remote Execution tasks before their scheduled time

1490850 - [RFE] Need a way to mark a build as failed

1503426 - DynFlow logo in DynFlow console is missing

1505932 - [RFE] Show "Static Query" in Job invocations overview

1559006 - [RFE] Allow to select destination Storage Domain and storage allocation [thin / clone-indipendent] when provisioning from RHV template - a-la VMware

1561876 - qdrouterd crashes when burst of requests arise from katello-agent clients

1591629 - [RFE] Satellite should support SCAP reports without the need of puppet installed on hosts

1593480 - IndexContent step can take 20+ minutes during initial sync of a large repo

1596411 - [RFE] Advanced support of Modularity

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here