- Issued:
- 2020-03-11
- Updated:
- 2020-03-11
RHEA-2020:0791 - Product Enhancement Advisory
Synopsis
RHUI 3.1.5 enhancement update
Type/Severity
Product Enhancement Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated RHUI 3 packages that add two enhancements are now available.
Description
Red Hat Update Infrastructure (RHUI) is a highly scalable, highly redundant framework that enables you to manage repositories and content. It also enables cloud providers to deliver content and updates to Red Hat Enterprise Linux (RHEL) instances. Based on the upstream Pulp project, RHUI allows cloud providers to mirror Red Hat-hosted repository content locally, create custom repositories with their own content, and make those repositories available to a large group of end users through a load-balanced content delivery system.
This update adds the following enhancements:
- To tighten security, all SSL protocols as well as TLS protocols older than version 1.2 are now disabled. Clients running RHEL 6 and newer will use TLS 1.2 automatically. Note that for this change to take effect, you must reapply the configuration to existing CDS instances as described at https://access.redhat.com/solutions/4883961. (BZ#1637261)
Important: Because RHEL 5 does not support TLS 1.2, clients running RHEL 5 will not be able to use Yum repositories from RHUI 3.1.5 after this change. If you have RHEL 5 clients, do not reapply the configuration, or remove "-TLSv1 -TLSv1.1" from the /etc/httpd/conf.d/ssl.conf file and restart the httpd service on your CDS instances to revert this change. However, then you will not be able to enforce TLS 1.2.
- Previously, when RHUI administrators were asked to log in to rhui-manager, unnecessary and potentially confusing messages were displayed. Now, rhui-manager only informs the administrators about the fact that a login is required, and if the password has not been changed yet, a change is recommended. (BZ#1805385)
Red Hat advises users of RHUI to upgrade to the updated packages that add these enhancements.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat Update Infrastructure 3 for RHEL 7 x86_64
Fixes
- BZ - 1637261 - RFE disable weak encryption in RHUA 3
- BZ - 1805385 - Auth certificate does not regenerate properly if it is expired
CVEs
(none)
References
(none)
Red Hat Update Infrastructure 3 for RHEL 7
| SRPM | |
|---|---|
| puppet-3.6.2-2.el7ui.src.rpm | SHA-256: 4306aafe2c96d6bd70100864050c8de99700942153de2599d328e1995ef266cc |
| rh-rhui-tools-3.1.5-1.el7ui.src.rpm | SHA-256: f06be745c21e2c9ca810830631b4dc74ba0a2833e27efdd8bf67380f067e5f9a |
| rhui-installer-3.1.5-1.el7ui.src.rpm | SHA-256: 473aea0bb8348dd56c74a822c28417105b3a1c138a140f3f7f8ecf2611451e40 |
| x86_64 | |
| puppet-3.6.2-2.el7ui.noarch.rpm | SHA-256: 8bbfdacfdd177f2fb806ef3d7df5ee23a368c09f0335e05edae7dd38aa27c167 |
| puppet-server-3.6.2-2.el7ui.noarch.rpm | SHA-256: ecbe5c5291623a645f4117ccdec66380ccfffb62ac089599746b2e49a36a7cf8 |
| rh-rhui-tools-3.1.5-1.el7ui.noarch.rpm | SHA-256: 10007d55e1fb6ba609779e2d6184561954fb852fc52a8cca1003e2846408dd0e |
| rh-rhui-tools-libs-3.1.5-1.el7ui.noarch.rpm | SHA-256: a3f4ba52b0dded381a9efdf1fadfa20729dce0bdfce05cd11eb878bcaf881724 |
| rhui-installer-3.1.5-1.el7ui.noarch.rpm | SHA-256: 17b735721dcaae425b190fa03510968be7f435293953570e1de8f9ba05d462c1 |
| rhui-installer-base-3.1.5-1.el7ui.noarch.rpm | SHA-256: bb59a14d9d83da21fc4fd730695e74e8d4619026f3692c669b6d3458e3e9df01 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.