Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Red Hat Satellite 6.7.4 RHSA-2020:4127-01 Important Async Bug Fix

red hat
Calendar Grey September 30, 2020
Dist Redhat Esm H88
Canonical announces critical patches for Ubuntu 20.04.5 focusing on a vulnerability fix for unapproved access to system logs.
Updated Satellite 6.7 packages that fix several bugs are now available for Red Hat Satellite

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For detailed instructions how to apply this update, refer to:

rver_and_content_hosts

Summary

Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.
Security Fix(es):
* foreman: unauthorized cache read on RPM-based installations through local user (CVE-2020-14334)
This update fixes the following bugs:
1305773 - Changing Content View of a Content Host needs to better inform the user around client needs 1666324 - The Host configuration chart shows 100% even if few hosts are not in sync or reporting. 1781875 - Red Hat Inventory Uploads does not use proxy 1793416 - Searching for task requires clicking Search twice to get correct results 1816464 - Decreased performance in GenerateApplicability in 6.6 1822564 - vmrc not working 6.7 1823396 - Hosts are rejected due to mismatch of metadata.json and actual hosts included in satellite inventory report 1829412 - Unable to search by value of certain Hostgroup parameter 1853466 - RH Cloud -> Insights page does not report error when rh_cloud_token setting is not set 1854711 - Sync Plan fails with 'uninitialized constant Actions::Foreman::Exception' 1858307 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user [rhn_satellite_6.7] 1862260 - Default job templates are not locked 1867258 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow
Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.

Topics%20covered

Topics Covered

security advisory unauthorized access software patch system management important update Red Hat Satellite async bug fix

References

https://access.redhat.com/security/cve/CVE-2020-14334 https://access.redhat.com/security/updates/classification/#important

Package List

Red Hat Satellite Capsule 6.7:
Source: foreman-1.24.1.28-3.el7sat.src.rpm foreman-proxy-1.24.1-3.el7sat.src.rpm pulp-2.21.0.4-1.el7sat.src.rpm satellite-6.7.4-1.el7sat.src.rpm
noarch: foreman-debug-1.24.1.28-3.el7sat.noarch.rpm foreman-proxy-1.24.1-3.el7sat.noarch.rpm foreman-proxy-journald-1.24.1-3.el7sat.noarch.rpm pulp-admin-client-2.21.0.4-1.el7sat.noarch.rpm pulp-maintenance-2.21.0.4-1.el7sat.noarch.rpm pulp-nodes-child-2.21.0.4-1.el7sat.noarch.rpm pulp-nodes-common-2.21.0.4-1.el7sat.noarch.rpm pulp-nodes-parent-2.21.0.4-1.el7sat.noarch.rpm pulp-selinux-2.21.0.4-1.el7sat.noarch.rpm pulp-server-2.21.0.4-1.el7sat.noarch.rpm python-pulp-agent-lib-2.21.0.4-1.el7sat.noarch.rpm python-pulp-bindings-2.21.0.4-1.el7sat.noarch.rpm python-pulp-client-lib-2.21.0.4-1.el7sat.noarch.rpm python-pulp-common-2.21.0.4-1.el7sat.noarch.rpm python-pulp-oid_validation-2.21.0.4-1.el7sat.noarch.rpm python-pulp-repoauth-2.21.0.4-1.el7sat.noarch.rpm python-pulp-streamer-2.21.0.4-1.el7sat.noarch.rpm satellite-capsule-6.7.4-1.el7sat.noarch.rpm satellite-common-6.7.4-1.el7sat.noarch.rpm satellite-debug-tools-6.7.4-1.el7sat.noarch.rpm
Red Hat Satellite 6.7:
Source: foreman-1.24.1.28-3.el7sat.src.rpm foreman-proxy-1.24.1-3.el7sat.src.rpm pulp-2.21.0.4-1.el7sat.src.rpm

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2020:4127-01
Product: Red Hat Satellite 6
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4127
Issue date: 2020-09-30

Topic

Updated Satellite 6.7 packages that fix several bugs are now available forRed Hat Satellite.

Topics%20covered

Topics Covered

security advisory unauthorized access software patch system management important update Red Hat Satellite async bug fix

Relevant Releases Architectures

Red Hat Satellite 6.7 - noarch

Red Hat Satellite Capsule 6.7 - noarch

Bugs Fixed

1305773 - Changing Content View of a Content Host needs to better inform the user around client needs

1666324 - The Host configuration chart shows 100% even if few hosts are not in sync or reporting.

1781875 - Red Hat Inventory Uploads does not use proxy

1793416 - Searching for task requires clicking Search twice to get correct results

1816464 - Decreased performance in GenerateApplicability in 6.6

1822564 - vmrc not working 6.7

1823396 - Hosts are rejected due to mismatch of metadata.json and actual hosts included in satellite inventory report

1829412 - Unable to search by value of certain Hostgroup parameter

1853466 - RH Cloud -> Insights page does not report error when rh_cloud_token setting is not set

1854711 - Sync Plan fails with 'uninitialized constant Actions::Foreman::Exception'

1858284 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user

1862260 - Default job templates are not locked

1867258 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here