Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Red Hat Satellite 6.7: RHSA-2020:1454 Important Security Update

red hat
Calendar Grey April 14, 2020
Dist Redhat Esm H88
Red Hat publishes a Security Advisory for Satellite 6.7, highlighting critical updates addressing CVEs and security vulnerabilities.
An update is now available for Red Hat Satellite 6.7 for RHEL 7

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For detailed instructions how to apply this update, refer to:

rver_and_content_hosts

Summary

Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool.
Security Fix(es):
* apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default (CVE-2019-10086)
* jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server (CVE-2019-12086)
* mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure (CVE-2019-0231)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
* Ansible Runner is now the default way to utilize Ansible for remote execution jobs.
* Users now have the ability to log into hosts using the Web Console directly from the Satellite UI.
* Azure has been added to the list of supported compute resources for provisioning along with many bug fixes for Google Compute, RHEV, VMWare, and Kubevirt.
* Content views have been improved with many bug fixes, performance improvement, and the addition of filtering on modules.
* Content syncing has been improved with many fixes, and the ability to add proxy definitions to each product in Satellite.
* The installation process has been improved to include better tuning defaults and several other bug fixes.
* Subscription Management has been improved with many bug fixes in Satellite, new reporting, as well as in the inventory upload plugin which allows customers to view their inventory in Subscription Watch at cloud.redhat.com
* Security improvements include the ability to impersonate another user, and the introduction of integration with Red Hat SSO using openid connect.
The items above are not a complete list of changes. This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.

References

https://access.redhat.com/security/cve/CVE-2019-0231 https://access.redhat.com/security/cve/CVE-2019-10086 https://access.redhat.com/security/cve/CVE-2019-12086 https://access.redhat.com/security/updates/classification/#important

Package List

Red Hat Satellite Capsule 6.7:
Source: ansible-runner-1.3.4-2.el7ar.src.rpm ansiblerole-foreman_scap_client-0.0.3-1.el7sat.src.rpm ansiblerole-insights-client-1.7.1-1.el7sat.src.rpm ansiblerole-satellite-receptor-installer-0.6.4-1.el7sat.src.rpm createrepo_c-0.7.4-1.el7sat.src.rpm foreman-1.24.1.21-1.el7sat.src.rpm foreman-bootloaders-redhat-201901011200-1.el7sat.src.rpm foreman-discovery-image-3.5.4-8.el7sat.src.rpm foreman-installer-1.24.1.20-1.el7sat.src.rpm foreman-proxy-1.24.1-1.el7sat.src.rpm foreman-selinux-1.24.1-1.el7sat.src.rpm future-0.16.0-11.el7sat.src.rpm gofer-2.12.5-7.el7sat.src.rpm hfsplus-tools-332.14-12.el7.src.rpm katello-3.14.0-6.el7sat.src.rpm katello-certs-tools-2.6.0-1.el7sat.src.rpm katello-client-bootstrap-1.7.4-1.el7sat.src.rpm katello-selinux-3.1.1-2.el7sat.src.rpm kobo-0.5.1-1.el7sat.src.rpm libmodulemd-1.7.0-1.pulp.el7sat.src.rpm libsolv-0.7.4-4.pulp.el7sat.src.rpm libwebsockets-2.4.2-2.el7.src.rpm livecd-tools-20.4-1.6.el7sat.src.rpm mod_xsendfile-0.12-11.el7sat.src.rpm ostree-2017.1-2.atomic.el7.src.rpm pulp-2.21.0-1.el7sat.src.rpm pulp-docker-3.2.5-1.el7sat.src.rpm pulp-katello-1.0.3-1.el7sat.src.rpm pulp-ostree-1.3.1-2.el7sat.src.rpm pulp-puppet-2.21.0-1.el7sat.src.rpm pulp-rpm-2.21.0.4-1.el7sat.src.rpm

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2020:1454-01
Product: Red Hat Satellite 6
Issue date: 2020-04-14

Topic

An update is now available for Red Hat Satellite 6.7 for RHEL 7.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Relevant Releases Architectures

Red Hat Satellite 6.7 - noarch, x86_64

Red Hat Satellite Capsule 6.7 - noarch, x86_64

Bugs Fixed

1201146 - [RFE] Ability for Satellite 6 to provision systems in Microsoft Azure cloud

1215390 - [RFE] Add option "deployment size" to tune system properly

1336437 - [RFE] Set Disk Interface when creating new VMs in RHEV Compute Resource

1343707 - Drop down menu for composite content view versions are not sorted

1367549 - When a Discovered Host is converted to a Managed Host the IP address is not changed to fall within the subnet range

1378442 - [RFE] Unable to upload source RPM packages

1424922 - Search filter disappears when deleting a host.

1468388 - [RFE] Tasks: allow for searching of tasks by 'user'

1468742 - [RFE] Allow Satellite user to choose between VNC, SPICE for Display type on RHEV compute resources

1474311 - [RFE] add "elapsed time" column to task page for tasks

1479765 - [RFE] Commands for creating, updating and deleting compute profiles and attributes

1486353 - [RHEV] VirtIO serial console option gets disabled when Host parameters are updated

1495335 - Capsule Sync Optimized sync starts task with the error message 'undefined method '[]' for nil:NilClass(NoMethodError)'

1503059 - Primary interface being a bond creates invalid host interfaces

1511254 - Host search using OR on facts finds duplicate records and takes a long time

1517257 - Rhev host updation, memory field greyed but still editable

1528193 - subscription-manager register facts create duplicate interface with wrong mac for bond

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here