-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Important: Satellite 6.7.4 Async Bug Fix Update
Advisory ID:       RHSA-2020:4127-01
Product:           Red Hat Satellite 6
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:4127
Issue date:        2020-09-30
CVE Names:         CVE-2020-14334 
====================================================================
1. Summary:

Updated Satellite 6.7 packages that fix several bugs are now available for
Red Hat Satellite.

2. Relevant releases/architectures:

Red Hat Satellite 6.7 - noarch
Red Hat Satellite Capsule 6.7 - noarch

3. Description:

Red Hat Satellite is a system management solution that allows organizations
to configure and maintain their systems without the necessity to provide
public Internet access to their servers or other client systems. It
performs provisioning and configuration management of predefined standard
operating environments.

Security Fix(es):

* foreman: unauthorized cache read on RPM-based installations through local
user (CVE-2020-14334)

This update fixes the following bugs:

1305773 - Changing Content View of a Content Host needs to better inform
the user around client needs
1666324 - The Host configuration chart shows 100%  even if few hosts are
not in sync or reporting.
1781875 - Red Hat Inventory Uploads does not use proxy
1793416 - Searching for task requires clicking Search twice to get correct
results
1816464 - Decreased performance in GenerateApplicability in 6.6
1822564 - vmrc not working 6.7
1823396 - Hosts are rejected due to mismatch of metadata.json and actual
hosts included in satellite inventory report
1829412 - Unable to search by value of certain Hostgroup parameter
1853466 - RH Cloud -> Insights page does not report error when
rh_cloud_token setting is not set
1854711 - Sync Plan fails with 'uninitialized constant
Actions::Foreman::Exception'
1858307 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based
installations through local user [rhn_satellite_6.7]
1862260 - Default job templates are not locked
1867258 - After upgrading to 6.7 and promoting content, Capsule sync is
extremely slow

Users of Red Hat Satellite are advised to upgrade to these updated
packages, which fix these bugs.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For detailed instructions how to apply this update, refer to:

rver_and_content_hosts

5. Bugs fixed (https://bugzilla.redhat.com/):

1305773 - Changing Content View of a Content Host needs to better inform the user around client needs
1666324 - The Host configuration chart shows 100%  even if few hosts are not in sync or reporting.
1781875 - Red Hat Inventory Uploads does not use proxy
1793416 - Searching for task requires clicking Search twice to get correct results
1816464 - Decreased performance in GenerateApplicability in 6.6
1822564 - vmrc not working 6.7
1823396 - Hosts are rejected due to mismatch of metadata.json and actual hosts included in satellite inventory report
1829412 - Unable to search by value of certain Hostgroup parameter
1853466 - RH Cloud -> Insights page does not report error when rh_cloud_token setting is not set
1854711 - Sync Plan fails with 'uninitialized constant Actions::Foreman::Exception'
1858284 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user
1862260 - Default job templates are not locked
1867258 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow

6. Package List:

Red Hat Satellite Capsule 6.7:

Source:
foreman-1.24.1.28-3.el7sat.src.rpm
foreman-proxy-1.24.1-3.el7sat.src.rpm
pulp-2.21.0.4-1.el7sat.src.rpm
satellite-6.7.4-1.el7sat.src.rpm

noarch:
foreman-debug-1.24.1.28-3.el7sat.noarch.rpm
foreman-proxy-1.24.1-3.el7sat.noarch.rpm
foreman-proxy-journald-1.24.1-3.el7sat.noarch.rpm
pulp-admin-client-2.21.0.4-1.el7sat.noarch.rpm
pulp-maintenance-2.21.0.4-1.el7sat.noarch.rpm
pulp-nodes-child-2.21.0.4-1.el7sat.noarch.rpm
pulp-nodes-common-2.21.0.4-1.el7sat.noarch.rpm
pulp-nodes-parent-2.21.0.4-1.el7sat.noarch.rpm
pulp-selinux-2.21.0.4-1.el7sat.noarch.rpm
pulp-server-2.21.0.4-1.el7sat.noarch.rpm
python-pulp-agent-lib-2.21.0.4-1.el7sat.noarch.rpm
python-pulp-bindings-2.21.0.4-1.el7sat.noarch.rpm
python-pulp-client-lib-2.21.0.4-1.el7sat.noarch.rpm
python-pulp-common-2.21.0.4-1.el7sat.noarch.rpm
python-pulp-oid_validation-2.21.0.4-1.el7sat.noarch.rpm
python-pulp-repoauth-2.21.0.4-1.el7sat.noarch.rpm
python-pulp-streamer-2.21.0.4-1.el7sat.noarch.rpm
satellite-capsule-6.7.4-1.el7sat.noarch.rpm
satellite-common-6.7.4-1.el7sat.noarch.rpm
satellite-debug-tools-6.7.4-1.el7sat.noarch.rpm

Red Hat Satellite 6.7:

Source:
foreman-1.24.1.28-3.el7sat.src.rpm
foreman-proxy-1.24.1-3.el7sat.src.rpm
pulp-2.21.0.4-1.el7sat.src.rpm
satellite-6.7.4-1.el7sat.src.rpm
tfm-rubygem-foreman-tasks-0.17.5.8-1.el7sat.src.rpm
tfm-rubygem-foreman_ansible-4.0.3.8-1.el7sat.src.rpm
tfm-rubygem-foreman_openscap-2.0.2.1-1.el7sat.src.rpm
tfm-rubygem-foreman_rh_cloud-1.0.10-1.el7sat.src.rpm
tfm-rubygem-katello-3.14.0.31-1.el7sat.src.rpm

noarch:
foreman-1.24.1.28-3.el7sat.noarch.rpm
foreman-cli-1.24.1.28-3.el7sat.noarch.rpm
foreman-debug-1.24.1.28-3.el7sat.noarch.rpm
foreman-ec2-1.24.1.28-3.el7sat.noarch.rpm
foreman-gce-1.24.1.28-3.el7sat.noarch.rpm
foreman-journald-1.24.1.28-3.el7sat.noarch.rpm
foreman-libvirt-1.24.1.28-3.el7sat.noarch.rpm
foreman-openstack-1.24.1.28-3.el7sat.noarch.rpm
foreman-ovirt-1.24.1.28-3.el7sat.noarch.rpm
foreman-postgresql-1.24.1.28-3.el7sat.noarch.rpm
foreman-proxy-1.24.1-3.el7sat.noarch.rpm
foreman-proxy-journald-1.24.1-3.el7sat.noarch.rpm
foreman-rackspace-1.24.1.28-3.el7sat.noarch.rpm
foreman-telemetry-1.24.1.28-3.el7sat.noarch.rpm
foreman-vmware-1.24.1.28-3.el7sat.noarch.rpm
pulp-admin-client-2.21.0.4-1.el7sat.noarch.rpm
pulp-maintenance-2.21.0.4-1.el7sat.noarch.rpm
pulp-selinux-2.21.0.4-1.el7sat.noarch.rpm
pulp-server-2.21.0.4-1.el7sat.noarch.rpm
python-pulp-bindings-2.21.0.4-1.el7sat.noarch.rpm
python-pulp-client-lib-2.21.0.4-1.el7sat.noarch.rpm
python-pulp-common-2.21.0.4-1.el7sat.noarch.rpm
python-pulp-oid_validation-2.21.0.4-1.el7sat.noarch.rpm
python-pulp-repoauth-2.21.0.4-1.el7sat.noarch.rpm
python-pulp-streamer-2.21.0.4-1.el7sat.noarch.rpm
satellite-6.7.4-1.el7sat.noarch.rpm
satellite-capsule-6.7.4-1.el7sat.noarch.rpm
satellite-cli-6.7.4-1.el7sat.noarch.rpm
satellite-common-6.7.4-1.el7sat.noarch.rpm
satellite-debug-tools-6.7.4-1.el7sat.noarch.rpm
tfm-rubygem-foreman-tasks-0.17.5.8-1.el7sat.noarch.rpm
tfm-rubygem-foreman_ansible-4.0.3.8-1.el7sat.noarch.rpm
tfm-rubygem-foreman_openscap-2.0.2.1-1.el7sat.noarch.rpm
tfm-rubygem-foreman_rh_cloud-1.0.10-1.el7sat.noarch.rpm
tfm-rubygem-katello-3.14.0.31-1.el7sat.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-14334
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX3SFCNzjgjWX9erEAQj/vw/+MbhzTnUsm6nWumrFzA6TgklXqIs3WPRD
FOylT3DVGa4B4zKBBoICMyjF5Vq1XN1fYhYKc+DYWNd3XKKZBD/tF78qzWz+DHe4
pVwr9eTBaTewzZIJEFQ32uOWBNQKxHqOe029twQCZp53Jv61UFS8pFw1w6vZj4MV
dNKZj/CStfARm6ucsQHRcW8DdNBL02Jr4NGaQV8MLn/qhO6d8S+q3+3WtsYprQqt
A+LrYj0iIl9CZPS5486nHgPUlZ1aoFOSooeO426Eyi901hh8jStt9FiXZIJAkuDH
13icrsdcc+rUhshdzRwB0UpKcBxx+2IWvAtXvoMACgkw9Cf+a3Ogg5BSMUoqJc1l
s/bl8HqyzOO+6fvQvSH4NVfDqu35oUDRAdV3MRL8bAtU31+LFDKZ6ypttz0e4DbM
0YfLTPskPAmIXwNm5e9/S9KV/v6o8CAB7x36J9CRpKyO0dZEtqq9xkb+6Gi9cAj7
EFv3jA3V8/3ToTvjnClHeT88aq2mO1tLu7MRDAZx+JQM5LIpM/nNdBzscBhNpKhb
cIZ/q7QriVm+ncW3RrqL/7PVXY2jm3egqLfE8Ht3c54jqIy8JpxAH6AvrZ8Ayzvm
DXxK3GYo20I1iUUu+8cdsNwASM1OAwKbN+4T2/E59yFrEHQw5lbSI94W1/DA+6fn
XHE6J8DFynQ=6gjZ
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2020-4127:01 Important: Satellite 6.7.4 Async Bug Fix Update

Updated Satellite 6.7 packages that fix several bugs are now available for Red Hat Satellite

Summary

Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.
Security Fix(es):
* foreman: unauthorized cache read on RPM-based installations through local user (CVE-2020-14334)
This update fixes the following bugs:
1305773 - Changing Content View of a Content Host needs to better inform the user around client needs 1666324 - The Host configuration chart shows 100% even if few hosts are not in sync or reporting. 1781875 - Red Hat Inventory Uploads does not use proxy 1793416 - Searching for task requires clicking Search twice to get correct results 1816464 - Decreased performance in GenerateApplicability in 6.6 1822564 - vmrc not working 6.7 1823396 - Hosts are rejected due to mismatch of metadata.json and actual hosts included in satellite inventory report 1829412 - Unable to search by value of certain Hostgroup parameter 1853466 - RH Cloud -> Insights page does not report error when rh_cloud_token setting is not set 1854711 - Sync Plan fails with 'uninitialized constant Actions::Foreman::Exception' 1858307 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user [rhn_satellite_6.7] 1862260 - Default job templates are not locked 1867258 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow
Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.



Summary


Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.
For detailed instructions how to apply this update, refer to:
rver_and_content_hosts

References

https://access.redhat.com/security/cve/CVE-2020-14334 https://access.redhat.com/security/updates/classification/#important

Package List

Red Hat Satellite Capsule 6.7:
Source: foreman-1.24.1.28-3.el7sat.src.rpm foreman-proxy-1.24.1-3.el7sat.src.rpm pulp-2.21.0.4-1.el7sat.src.rpm satellite-6.7.4-1.el7sat.src.rpm
noarch: foreman-debug-1.24.1.28-3.el7sat.noarch.rpm foreman-proxy-1.24.1-3.el7sat.noarch.rpm foreman-proxy-journald-1.24.1-3.el7sat.noarch.rpm pulp-admin-client-2.21.0.4-1.el7sat.noarch.rpm pulp-maintenance-2.21.0.4-1.el7sat.noarch.rpm pulp-nodes-child-2.21.0.4-1.el7sat.noarch.rpm pulp-nodes-common-2.21.0.4-1.el7sat.noarch.rpm pulp-nodes-parent-2.21.0.4-1.el7sat.noarch.rpm pulp-selinux-2.21.0.4-1.el7sat.noarch.rpm pulp-server-2.21.0.4-1.el7sat.noarch.rpm python-pulp-agent-lib-2.21.0.4-1.el7sat.noarch.rpm python-pulp-bindings-2.21.0.4-1.el7sat.noarch.rpm python-pulp-client-lib-2.21.0.4-1.el7sat.noarch.rpm python-pulp-common-2.21.0.4-1.el7sat.noarch.rpm python-pulp-oid_validation-2.21.0.4-1.el7sat.noarch.rpm python-pulp-repoauth-2.21.0.4-1.el7sat.noarch.rpm python-pulp-streamer-2.21.0.4-1.el7sat.noarch.rpm satellite-capsule-6.7.4-1.el7sat.noarch.rpm satellite-common-6.7.4-1.el7sat.noarch.rpm satellite-debug-tools-6.7.4-1.el7sat.noarch.rpm
Red Hat Satellite 6.7:
Source: foreman-1.24.1.28-3.el7sat.src.rpm foreman-proxy-1.24.1-3.el7sat.src.rpm pulp-2.21.0.4-1.el7sat.src.rpm satellite-6.7.4-1.el7sat.src.rpm tfm-rubygem-foreman-tasks-0.17.5.8-1.el7sat.src.rpm tfm-rubygem-foreman_ansible-4.0.3.8-1.el7sat.src.rpm tfm-rubygem-foreman_openscap-2.0.2.1-1.el7sat.src.rpm tfm-rubygem-foreman_rh_cloud-1.0.10-1.el7sat.src.rpm tfm-rubygem-katello-3.14.0.31-1.el7sat.src.rpm
noarch: foreman-1.24.1.28-3.el7sat.noarch.rpm foreman-cli-1.24.1.28-3.el7sat.noarch.rpm foreman-debug-1.24.1.28-3.el7sat.noarch.rpm foreman-ec2-1.24.1.28-3.el7sat.noarch.rpm foreman-gce-1.24.1.28-3.el7sat.noarch.rpm foreman-journald-1.24.1.28-3.el7sat.noarch.rpm foreman-libvirt-1.24.1.28-3.el7sat.noarch.rpm foreman-openstack-1.24.1.28-3.el7sat.noarch.rpm foreman-ovirt-1.24.1.28-3.el7sat.noarch.rpm foreman-postgresql-1.24.1.28-3.el7sat.noarch.rpm foreman-proxy-1.24.1-3.el7sat.noarch.rpm foreman-proxy-journald-1.24.1-3.el7sat.noarch.rpm foreman-rackspace-1.24.1.28-3.el7sat.noarch.rpm foreman-telemetry-1.24.1.28-3.el7sat.noarch.rpm foreman-vmware-1.24.1.28-3.el7sat.noarch.rpm pulp-admin-client-2.21.0.4-1.el7sat.noarch.rpm pulp-maintenance-2.21.0.4-1.el7sat.noarch.rpm pulp-selinux-2.21.0.4-1.el7sat.noarch.rpm pulp-server-2.21.0.4-1.el7sat.noarch.rpm python-pulp-bindings-2.21.0.4-1.el7sat.noarch.rpm python-pulp-client-lib-2.21.0.4-1.el7sat.noarch.rpm python-pulp-common-2.21.0.4-1.el7sat.noarch.rpm python-pulp-oid_validation-2.21.0.4-1.el7sat.noarch.rpm python-pulp-repoauth-2.21.0.4-1.el7sat.noarch.rpm python-pulp-streamer-2.21.0.4-1.el7sat.noarch.rpm satellite-6.7.4-1.el7sat.noarch.rpm satellite-capsule-6.7.4-1.el7sat.noarch.rpm satellite-cli-6.7.4-1.el7sat.noarch.rpm satellite-common-6.7.4-1.el7sat.noarch.rpm satellite-debug-tools-6.7.4-1.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-0.17.5.8-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible-4.0.3.8-1.el7sat.noarch.rpm tfm-rubygem-foreman_openscap-2.0.2.1-1.el7sat.noarch.rpm tfm-rubygem-foreman_rh_cloud-1.0.10-1.el7sat.noarch.rpm tfm-rubygem-katello-3.14.0.31-1.el7sat.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
Advisory ID: RHSA-2020:4127-01
Product: Red Hat Satellite 6
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4127
Issued Date: : 2020-09-30
CVE Names: CVE-2020-14334

Topic

Updated Satellite 6.7 packages that fix several bugs are now available forRed Hat Satellite.


Topic


 

Relevant Releases Architectures

Red Hat Satellite 6.7 - noarch

Red Hat Satellite Capsule 6.7 - noarch


Bugs Fixed

1305773 - Changing Content View of a Content Host needs to better inform the user around client needs

1666324 - The Host configuration chart shows 100% even if few hosts are not in sync or reporting.

1781875 - Red Hat Inventory Uploads does not use proxy

1793416 - Searching for task requires clicking Search twice to get correct results

1816464 - Decreased performance in GenerateApplicability in 6.6

1822564 - vmrc not working 6.7

1823396 - Hosts are rejected due to mismatch of metadata.json and actual hosts included in satellite inventory report

1829412 - Unable to search by value of certain Hostgroup parameter

1853466 - RH Cloud -> Insights page does not report error when rh_cloud_token setting is not set

1854711 - Sync Plan fails with 'uninitialized constant Actions::Foreman::Exception'

1858284 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user

1862260 - Default job templates are not locked

1867258 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow


Related News

30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved