Updated spacewalk packages that fix one security issue are now availablefor Red Hat Satellite 5.7.Red Hat Product Security has rated this update as having Moderate securityimpact. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available from the CVE link in theReferences section.

Red Hat Satellite is a system management tool for Linux-basedinfrastructures. It allows for provisioning, monitoring, and remotemanagement of multiple Linux deployments with a single, centralized tool.It was found that the RPC interface in Satellite would resolve externalentities, allowing an attacker to conduct XML External Entity (XXE)attacks. A remote attacker could use this flaw to read files accessible tothe user running the Satellite server, and potentially perform other moreadvanced XXE attacks. (CVE-2014-8162)Red Hat would like to thank Travis Emmert for reporting this issue.All spacewalk users are advised to upgrade to these updated packages, whichcontain a backported patch to correct this issue.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258Red Hat Satellite (v. 5.7 for RHEL 6)

SRPMS:
spacewalk-java-2.3.8-103.el6sat.src.rpm
    MD5: 261c065be20877c5d24bc910bb32a359SHA-256: ba8ba855c54e535b35562971539cb96d500a1b22751b74f0d1cd1ad4be6510d0
spacewalk-setup-2.3.0-17.el6sat.src.rpm
    MD5: 0601ca733530505845e9b0583e1a2077SHA-256: 810513b9e3c2ac04f6f8b5cd605ad1e818136f4c8bba65b8714f69e78aa8899c
 
s390x:
spacewalk-java-2.3.8-103.el6sat.noarch.rpm
    MD5: 1798a7bc580d6d406e281192399786cbSHA-256: 0fc968fd92b318142d400ce75fed88175892ec1bb57d9733366def551ee75f4b
spacewalk-java-config-2.3.8-103.el6sat.noarch.rpm
    MD5: d6ee64370d04b58ffa3e7fd2b6f1eb81SHA-256: 2990914be2ecb00c11eb41a4e88a615a18fdaf2303e9de798f8ce6e150bd5b0d
spacewalk-java-lib-2.3.8-103.el6sat.noarch.rpm
    MD5: 743a41c83e0d35078e92770ce3d41b05SHA-256: de350cafdb9a1db1aedbe3ffc2e2eb8ce84bb8531c73db8bc4ad77c7d9a6efd9
spacewalk-java-oracle-2.3.8-103.el6sat.noarch.rpm
    MD5: 870fb24675c5bac93f18c4c2a7896e22SHA-256: b830f449bf3ac9b2169ad0ca767f1d9fb3cd9736f1375e0ea836dc2978c1cf2e
spacewalk-java-postgresql-2.3.8-103.el6sat.noarch.rpm
    MD5: 70782543619b7295d59033898d6587bcSHA-256: 991e638d8bb21ce28d0b8a2476e6195232e697c34072e9fe55e9178e1476de7f
spacewalk-setup-2.3.0-17.el6sat.noarch.rpm
    MD5: 59f901fc2cbd63f2302ab9d43a51e44fSHA-256: e5a64abedacba43d204c9d44b9f787ac74e550c6007e45ade3f4e7162609dc6d
spacewalk-taskomatic-2.3.8-103.el6sat.noarch.rpm
    MD5: a657d8f6283ff45ad1fc88abad9e4ac1SHA-256: 81641fc2dd26537fa85dfcfcb079fb5a33b10eabba33f49f05c93c274cc5bc8e
 
x86_64:
spacewalk-java-2.3.8-103.el6sat.noarch.rpm
    MD5: 1798a7bc580d6d406e281192399786cbSHA-256: 0fc968fd92b318142d400ce75fed88175892ec1bb57d9733366def551ee75f4b
spacewalk-java-config-2.3.8-103.el6sat.noarch.rpm
    MD5: d6ee64370d04b58ffa3e7fd2b6f1eb81SHA-256: 2990914be2ecb00c11eb41a4e88a615a18fdaf2303e9de798f8ce6e150bd5b0d
spacewalk-java-lib-2.3.8-103.el6sat.noarch.rpm
    MD5: 743a41c83e0d35078e92770ce3d41b05SHA-256: de350cafdb9a1db1aedbe3ffc2e2eb8ce84bb8531c73db8bc4ad77c7d9a6efd9
spacewalk-java-oracle-2.3.8-103.el6sat.noarch.rpm
    MD5: 870fb24675c5bac93f18c4c2a7896e22SHA-256: b830f449bf3ac9b2169ad0ca767f1d9fb3cd9736f1375e0ea836dc2978c1cf2e
spacewalk-java-postgresql-2.3.8-103.el6sat.noarch.rpm
    MD5: 70782543619b7295d59033898d6587bcSHA-256: 991e638d8bb21ce28d0b8a2476e6195232e697c34072e9fe55e9178e1476de7f
spacewalk-setup-2.3.0-17.el6sat.noarch.rpm
    MD5: 59f901fc2cbd63f2302ab9d43a51e44fSHA-256: e5a64abedacba43d204c9d44b9f787ac74e550c6007e45ade3f4e7162609dc6d
spacewalk-taskomatic-2.3.8-103.el6sat.noarch.rpm
    MD5: a657d8f6283ff45ad1fc88abad9e4ac1SHA-256: 81641fc2dd26537fa85dfcfcb079fb5a33b10eabba33f49f05c93c274cc5bc8e
 
(The unlinked packages above are only available from the Red Hat Network)
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply