Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 554
Alerts This Week
Warning Icon 1 554

Red Hat Satellite 6.10 Moderate RHSA-2022-0190: Bug Fix Update

red hat
Calendar Grey January 19, 2022
Dist Redhat Esm H88
Enhance your Red Hat Satellite 6.10 installations by updating packages to resolve several issues, ensuring better system administration and reliability.
Updated Satellite 6.10 packages that fix several bugs are now available for Red Hat Satellite

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For detailed instructions how to apply this update, refer to:

https://docs.redhat.com/en/documentation/red_hat_satellite/6.10/html/upgrading_and_updating_red_hat_satellite/updating_satellite_server_capsule_server_and_content_hosts

Summary

Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.
Security Fix(es):
1927028 - candlepin: netty: Information disclosure via the local system temporary directory (CVE-2021-21290)
This update fixes the following bugs:
2016047 - Uploading a duplicate file fails with undefined local variable or method upload_href for # 2027347 - Satellite 6.10 upgrade fails with PG::NotNullViolation: ERROR: column "subscription_id" contains null values 2027354 - Using Satellite with a proxy produces an SELinux alert 2027358 - Large CRL file operation causes OOM error in Candlepin 2027817 - [BUG] Upgrading Satellite 6.9 with custom certificates to Satellite 6.10 beta will cause the same problem to occur as BZ# 1961886 2030445 - Failed at scanning for repository: undefined method `resolve_substitutions' for nil:NilClass 2030448 - Capsule sync task failed to refresh repo that doesn't have feed url with "bad argument (expected URI object or URI string)" error
Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.

References

https://access.redhat.com/security/cve/CVE-2021-21290 https://access.redhat.com/security/updates/classification#moderate

Package List

Red Hat Satellite Capsule 6.10:
Source: pulpcore-selinux-1.2.7-1.el7pc.src.rpm satellite-6.10.2-1.el7sat.src.rpm
noarch: satellite-capsule-6.10.2-1.el7sat.noarch.rpm satellite-common-6.10.2-1.el7sat.noarch.rpm
x86_64: pulpcore-selinux-1.2.7-1.el7pc.x86_64.rpm
Red Hat Satellite 6.10:
Source: pulpcore-selinux-1.2.7-1.el7pc.src.rpm satellite-6.10.2-1.el7sat.src.rpm tfm-rubygem-katello-4.1.1.42-1.el7sat.src.rpm
noarch: satellite-6.10.2-1.el7sat.noarch.rpm satellite-cli-6.10.2-1.el7sat.noarch.rpm satellite-common-6.10.2-1.el7sat.noarch.rpm tfm-rubygem-katello-4.1.1.42-1.el7sat.noarch.rpm
x86_64: pulpcore-selinux-1.2.7-1.el7pc.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key


Advisory ID: RHSA-2022:0190-01
Product: Red Hat Satellite 6
Issue date: 2022-01-19

Topic

Updated Satellite 6.10 packages that fix several bugs are now available forRed Hat Satellite.

Relevant Releases Architectures

Red Hat Satellite 6.10 - noarch, x86_64

Red Hat Satellite Capsule 6.10 - noarch, x86_64

Bugs Fixed

1927028 - CVE-2021-21290 netty: Information disclosure via the local system temporary directory

2016047 - uploading a duplicate file fails with undefined local variable or method upload_href for #

2027347 - Satellite 6.10 upgrade fails with PG::NotNullViolation: ERROR: column "subscription_id" contains null values

2027354 - Using Satellite with a proxy produces an SELinux alert

2027358 - Large CRL file operation causes OOM error in Candlepin

2027817 - [BUG] Upgrading Satellite 6.9 with custom certificates to Satellite 6.10 beta will cause the same problem to occur as BZ# 1961886

2030445 - Failed at scanning for repository: undefined method `resolve_substitutions' for nil:NilClass

2030448 - Capsule sync task failed to refresh repo that doesn't have feed url with "bad argument (expected URI object or URI string)" error

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.