Issued:: 2012-03-29
Updated:: 2012-03-29

RHSA-2012:0436 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: Red Hat Network Satellite spacewalk-backend security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated spacewalk-backend packages that fix one security issue are now
available for Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

Red Hat Network (RHN) Satellite is a systems management tool for
Linux-based infrastructures. It allows for provisioning, monitoring, and
remote management of multiple Linux deployments with a single, centralized
tool.

It was found that a remote attacker could upload packages to an RHN
Satellite server's NULL organization without any authorization or
authentication. (The NULL organization stores packages synced from RHN
Hosted.) Although an attacker cannot put packages into an arbitrary channel
and have client systems download them, they could use the flaw to consume
all the free space in the partition (/var/) used to store synced packages.
With no free space, Satellite would be unable to download updates and new
packages, preventing client systems from obtaining them. (CVE-2012-1145)

All users of Red Hat Network Satellite are advised to upgrade to these
updated packages, which correct this issue. For this update to take effect,
Red Hat Network Satellite must be restarted. Refer to the Solution section
for details.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Run the following command to restart the Red Hat Network Satellite
server:

# rhn-satellite restart

Affected Products

Red Hat Satellite with Embedded Oracle 5.4 for RHEL 6 x86_64

Fixes

BZ - 800688 - CVE-2012-1145 satellite: remote package upload without authorization

CVEs

CVE-2012-1145

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Satellite with Embedded Oracle 5.4 for RHEL 6

SRPM
spacewalk-backend-1.2.13-66.1.el6sat.src.rpm	SHA-256: d8254e31ab6d8c9edc33b6a0b4e941226678bebb59f336d2a9bf8adc6272e474
x86_64
spacewalk-backend-1.2.13-66.1.el6sat.noarch.rpm	SHA-256: bd527b83da231c1e0e41b3ab892c2add248d1e4e283754aa04b64914bcc56663
spacewalk-backend-app-1.2.13-66.1.el6sat.noarch.rpm	SHA-256: 72dd9d7b3c80b31513eb30cbacdca71a3ac7b2a623c8235f9f957c6708aac5b1
spacewalk-backend-applet-1.2.13-66.1.el6sat.noarch.rpm	SHA-256: c9e50fe46353fed0ae6d57ea1b8b5585fd260fab8518653c21e5c3ae7c2ed694
spacewalk-backend-config-files-1.2.13-66.1.el6sat.noarch.rpm	SHA-256: dd6abc48e476262f53d0a74e23c577402e7907617f7c18b5e5c9b533f5ea7d86
spacewalk-backend-config-files-common-1.2.13-66.1.el6sat.noarch.rpm	SHA-256: f9cd9c906043a6914a5b27ac4898fff1beb62b6e389be45324705a68977484bc
spacewalk-backend-config-files-tool-1.2.13-66.1.el6sat.noarch.rpm	SHA-256: c38bae4587073cce696487fb69271d710703aa1454cff799db6d147997b6ca9c
spacewalk-backend-iss-1.2.13-66.1.el6sat.noarch.rpm	SHA-256: 71427c655556e4e1b69dbc9ffec013b9f087400461948815d6b1f08b0f59b042
spacewalk-backend-iss-export-1.2.13-66.1.el6sat.noarch.rpm	SHA-256: 56b672b7321e90139208103dee8fa0596e743eb20db0a99bade94dede4015518
spacewalk-backend-libs-1.2.13-66.1.el6sat.noarch.rpm	SHA-256: 9d0b56719bf7ae01dcf94f2466bcf65840f1d9291d268731241993a5a2abeef8
spacewalk-backend-package-push-server-1.2.13-66.1.el6sat.noarch.rpm	SHA-256: ee162dd8601cef96f1d7d75c1e21483d427853b6606308b3c8d3edc7598d0985
spacewalk-backend-server-1.2.13-66.1.el6sat.noarch.rpm	SHA-256: 8bf9f7f2f87b9d1e116bff7f932bb74d6690ce656701c55613f48e80427529b1
spacewalk-backend-sql-1.2.13-66.1.el6sat.noarch.rpm	SHA-256: 0055fc1934fddf35ab93b1cd8db6870ed33bcb36e04ee5c9b050b85ee7061080
spacewalk-backend-sql-oracle-1.2.13-66.1.el6sat.noarch.rpm	SHA-256: d69d0729cc0e25779db01f1c2509db30850234f144682410fd6ec40a2e70626d
spacewalk-backend-tools-1.2.13-66.1.el6sat.noarch.rpm	SHA-256: df54a2d610993daf1f6efa3726a92d3e7f6d17c49f8b9f1d927e1eb45ffe26b4
spacewalk-backend-upload-server-1.2.13-66.1.el6sat.noarch.rpm	SHA-256: 06647db315284e783908b31a777f0183d44519cb4e5ba13e1f358627a1b9441d
spacewalk-backend-xml-export-libs-1.2.13-66.1.el6sat.noarch.rpm	SHA-256: 0a0621829e5c8ee96008a5f60a05c7d71775dd734f787a16143a67502bc766d0
spacewalk-backend-xmlrpc-1.2.13-66.1.el6sat.noarch.rpm	SHA-256: 386ea8662de7f6a09c0d5c40c48e535ba162bc2f3304eb200ee724fdf88a87bc
spacewalk-backend-xp-1.2.13-66.1.el6sat.noarch.rpm	SHA-256: 2ebdea2441ee163f6e3221c61c62cc1f935ba6a5c67d34a32ae9222d8b8d9bc9
s390x

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation