- Issued:
- 2013-11-12
- Updated:
- 2013-11-12
RHSA-2013:1514 - Security Advisory
Synopsis
Critical: spacewalk-java security update
Type/Severity
Security Advisory: Critical
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated spacewalk-java packages that fix one security issue are now
available for Red Hat Satellite 5.3, 5.4, 5.5 and 5.6.
The Red Hat Security Response Team has rated this update as having critical
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Description
Red Hat Satellite is a systems management tool for Linux-based infrastructures.
It allows for provisioning, monitoring, and remote management of multiple Linux
deployments with a single, centralized tool. The spacewalk-java packages contain
the code for the Java version of the Spacewalk Web site.
It was found that the web interface provided by Red Hat Satellite to create the
initial administrator user was not disabled after the initial user was created.
A remote attacker could use this flaw to create an administrator user with
credentials they specify. This user could then be used to assume control of the
Satellite server. (CVE-2013-4480)
This issue was discovered by Andrew Spurrier of Red Hat.
All spacewalk-java users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
Affected Products
- Red Hat Satellite 5.6 for RHEL 6 x86_64
- Red Hat Satellite 5.6 for RHEL 6 s390x
- Red Hat Satellite 5.6 for RHEL 5 x86_64
- Red Hat Satellite with Embedded Oracle 5.5 for RHEL 6 x86_64
- Red Hat Satellite with Embedded Oracle 5.5 for RHEL 6 s390x
- Red Hat Satellite with Embedded Oracle 5.5 for RHEL 5 x86_64
- Red Hat Satellite with Embedded Oracle 5.4 for RHEL 6 x86_64
- Red Hat Satellite with Embedded Oracle 5.4 for RHEL 5 x86_64
- Red Hat Satellite with Embedded Oracle 5.4 for RHEL 5 i386
- Red Hat Satellite with Embedded Oracle 5.3 x86_64
- Red Hat Satellite with Embedded Oracle 5.3 i386
Fixes
- BZ - 1024614 - CVE-2013-4480 Satellite: Interface to create the initial administrator user remains open after installation
CVEs
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Satellite 5.6 for RHEL 6
| SRPM | |
|---|---|
| spacewalk-java-2.0.2-48.el6sat.src.rpm | SHA-256: 7fed78feea3734467e7f20bb0d6f3458f7d0e4d48af0648553679cbe70b65ff5 |
| x86_64 | |
| spacewalk-java-2.0.2-48.el6sat.noarch.rpm | SHA-256: 790c772adb20395df7d0aa68089609ec46148f5406e20b35e98f7f620e3becc2 |
| spacewalk-java-config-2.0.2-48.el6sat.noarch.rpm | SHA-256: 91d82a3c62868958c1072fc5d904e0a7ed21c2dfb175bd4d995d3ac89cf2edfb |
| spacewalk-java-lib-2.0.2-48.el6sat.noarch.rpm | SHA-256: d38978de901ac1d1af60c59be44be52979b76920fade2bc22539b202a093048a |
| spacewalk-java-oracle-2.0.2-48.el6sat.noarch.rpm | SHA-256: 9e16551ac1bdf2ee075e1024cfec57948eb6ec9e5da181d0be7bd6417d589867 |
| spacewalk-java-postgresql-2.0.2-48.el6sat.noarch.rpm | SHA-256: 012fe3dc3f8478e5540e6d2686ae63b68a9f116c06d28b4d5b7bd54b3424be89 |
| spacewalk-taskomatic-2.0.2-48.el6sat.noarch.rpm | SHA-256: 28015753cad8c879237ff16e1f4e2c19e8518dbf2fc87ecb2e50adccb73c9c48 |
| s390x | |
| spacewalk-java-2.0.2-48.el6sat.noarch.rpm | SHA-256: 790c772adb20395df7d0aa68089609ec46148f5406e20b35e98f7f620e3becc2 |
| spacewalk-java-config-2.0.2-48.el6sat.noarch.rpm | SHA-256: 91d82a3c62868958c1072fc5d904e0a7ed21c2dfb175bd4d995d3ac89cf2edfb |
| spacewalk-java-lib-2.0.2-48.el6sat.noarch.rpm | SHA-256: d38978de901ac1d1af60c59be44be52979b76920fade2bc22539b202a093048a |
| spacewalk-java-oracle-2.0.2-48.el6sat.noarch.rpm | SHA-256: 9e16551ac1bdf2ee075e1024cfec57948eb6ec9e5da181d0be7bd6417d589867 |
| spacewalk-java-postgresql-2.0.2-48.el6sat.noarch.rpm | SHA-256: 012fe3dc3f8478e5540e6d2686ae63b68a9f116c06d28b4d5b7bd54b3424be89 |
| spacewalk-taskomatic-2.0.2-48.el6sat.noarch.rpm | SHA-256: 28015753cad8c879237ff16e1f4e2c19e8518dbf2fc87ecb2e50adccb73c9c48 |
Red Hat Satellite 5.6 for RHEL 5
| SRPM | |
|---|---|
| spacewalk-java-2.0.2-48.el5sat.src.rpm | SHA-256: d3820456525173a3131a67c765d23fd324ebc60710b0bee54395bc4add7c5cb3 |
| x86_64 | |
| spacewalk-java-2.0.2-48.el5sat.noarch.rpm | SHA-256: 91291518f1c59e9614b5ca791de04e4a9f0c74bf38ca0233c487de8098bf8660 |
| spacewalk-java-config-2.0.2-48.el5sat.noarch.rpm | SHA-256: 2cab42f512405c60b71db9a556960ca84be1a14b6d2335426a7293c165df3624 |
| spacewalk-java-lib-2.0.2-48.el5sat.noarch.rpm | SHA-256: ead1cabf55d325511f25419745c2406ea2aba18f96d2e60fec666cb999039a7e |
| spacewalk-java-oracle-2.0.2-48.el5sat.noarch.rpm | SHA-256: e2322049f4d373360d838bd5e143027821f122e4db531c0c6a29e1691bd806be |
| spacewalk-java-postgresql-2.0.2-48.el5sat.noarch.rpm | SHA-256: 61dc222ae4afa7ea4c1cb716aab36dd55c553f82a650f6d4f8c3f42443dea2bb |
| spacewalk-taskomatic-2.0.2-48.el5sat.noarch.rpm | SHA-256: 72c7c89e32f34b0599685609499bca432353d329c10fb0037440f94bf19ed579 |
Red Hat Satellite with Embedded Oracle 5.5 for RHEL 6
| SRPM | |
|---|---|
| spacewalk-java-1.7.54-121.el6sat.src.rpm | SHA-256: 874b91d66a724ed007751475a0fb24b2317871bcade46346a64dff84c80079dc |
| x86_64 | |
| spacewalk-java-1.7.54-121.el6sat.noarch.rpm | SHA-256: 6e45d155d47dbce27bdd21e1377d269e8e55d99d3f1ab85ada22582c5c9a136a |
| spacewalk-java-config-1.7.54-121.el6sat.noarch.rpm | SHA-256: 81c6e3e7df2cba9d631821bb84c7a5923d6277886462516964c922fcd0179520 |
| spacewalk-java-lib-1.7.54-121.el6sat.noarch.rpm | SHA-256: d421cef2c8f0c25bc6b5d51b3c7474cb9233ed60262953cf5d0cacebad932ed2 |
| spacewalk-java-oracle-1.7.54-121.el6sat.noarch.rpm | SHA-256: 52f949c51e37f0be2ab0b3f3d54ed5bf798cb542f54be0fa629c47ab370072b4 |
| spacewalk-taskomatic-1.7.54-121.el6sat.noarch.rpm | SHA-256: bf067980930dcba280b61915b1e3bca1e7ec29e57b2f689b724cb43242ab7d8c |
| s390x | |
| spacewalk-java-1.7.54-121.el6sat.noarch.rpm | SHA-256: 6e45d155d47dbce27bdd21e1377d269e8e55d99d3f1ab85ada22582c5c9a136a |
| spacewalk-java-config-1.7.54-121.el6sat.noarch.rpm | SHA-256: 81c6e3e7df2cba9d631821bb84c7a5923d6277886462516964c922fcd0179520 |
| spacewalk-java-lib-1.7.54-121.el6sat.noarch.rpm | SHA-256: d421cef2c8f0c25bc6b5d51b3c7474cb9233ed60262953cf5d0cacebad932ed2 |
| spacewalk-java-oracle-1.7.54-121.el6sat.noarch.rpm | SHA-256: 52f949c51e37f0be2ab0b3f3d54ed5bf798cb542f54be0fa629c47ab370072b4 |
| spacewalk-taskomatic-1.7.54-121.el6sat.noarch.rpm | SHA-256: bf067980930dcba280b61915b1e3bca1e7ec29e57b2f689b724cb43242ab7d8c |
Red Hat Satellite with Embedded Oracle 5.5 for RHEL 5
| SRPM | |
|---|---|
| spacewalk-java-1.7.54-121.el5sat.src.rpm | SHA-256: b1b34ffc56a5c8152e79c4082ed0b334187c4ec772205feacd5d0714dea452bd |
| x86_64 | |
| spacewalk-java-1.7.54-121.el5sat.noarch.rpm | SHA-256: 1c5111cf4f7e1188dd4cd232cd9f78a36ba39dee5ba210fdc3a146e35210383e |
| spacewalk-java-config-1.7.54-121.el5sat.noarch.rpm | SHA-256: 748d94f5c6645a51e83a1de598a67d7bad0096e7cb0e423739217fc27c9333d0 |
| spacewalk-java-lib-1.7.54-121.el5sat.noarch.rpm | SHA-256: 8483fb53e56a04f1d0fa2aeb9e908574454fa7cd2be3006a74e099410403e6a3 |
| spacewalk-java-oracle-1.7.54-121.el5sat.noarch.rpm | SHA-256: f4324deb2622cab0d68b0714666e64b6454537553a38e449afd702a52773d37c |
| spacewalk-taskomatic-1.7.54-121.el5sat.noarch.rpm | SHA-256: 43d63c37e7f81f438380099da087eb2ade698259af3b356a0f949b56a7afdf8e |
Red Hat Satellite with Embedded Oracle 5.4 for RHEL 6
| SRPM | |
|---|---|
| spacewalk-java-1.2.39-135.el6sat.src.rpm | SHA-256: b65b3b72f4dc96c7dbc2d9eaedfff545dd5bcc7eb75a1159b590d0f207e924ca |
| x86_64 | |
| spacewalk-java-1.2.39-135.el6sat.noarch.rpm | SHA-256: 84cc0a95ebf6c2736fbe83cfd9d4338fc8295c3390badc32f47ff8036ea14422 |
| spacewalk-java-config-1.2.39-135.el6sat.noarch.rpm | SHA-256: 3e083d85ddb02b7bfd64e24392d1abfc47130e3bb71d416aea35d0bc2cdd3227 |
| spacewalk-java-lib-1.2.39-135.el6sat.noarch.rpm | SHA-256: 0db6b28e31b7babb8a1447949a0318cc04a8a33c656bb8926405cdff0afb4730 |
| spacewalk-java-oracle-1.2.39-135.el6sat.noarch.rpm | SHA-256: 80156e92d78c48990a033959337c8673d0172abe7c051cf133deab7150eeb0cd |
| spacewalk-taskomatic-1.2.39-135.el6sat.noarch.rpm | SHA-256: 5d206e5adba17b228d0284378d43a08085665df9f5b06031bb17a8b37e71b215 |
| s390x | |
Red Hat Satellite with Embedded Oracle 5.4 for RHEL 5
| SRPM | |
|---|---|
| spacewalk-java-1.2.39-135.el5sat.src.rpm | SHA-256: 1d5a71e63f9ed9f921d7078e05a1926206e20fd2fca6f206c2165a692d1d527a |
| x86_64 | |
| spacewalk-java-1.2.39-135.el5sat.noarch.rpm | SHA-256: d5d8ecc4bb82a34f6e0b1bb9047e27ab2e9a8ff6d479c976093ad689f66290c9 |
| spacewalk-java-config-1.2.39-135.el5sat.noarch.rpm | SHA-256: 53785d5822c7e37941088675a3d2023c464dcb888cd20867cee4448f6155924c |
| spacewalk-java-lib-1.2.39-135.el5sat.noarch.rpm | SHA-256: f106e68a08a2f28f0bb8c18d30d26a7d7ee259e71c545442c68c8a216cbb1ba4 |
| spacewalk-java-oracle-1.2.39-135.el5sat.noarch.rpm | SHA-256: 496460f2658d4e9dafd90067711e0c13451af2e693bdf411bc750da5a9fd8367 |
| spacewalk-taskomatic-1.2.39-135.el5sat.noarch.rpm | SHA-256: 8d3842b0cdb339d63807ceb97629ae99caa03c5316c4efc24006fd28739b4b52 |
| i386 | |
| spacewalk-java-1.2.39-135.el5sat.noarch.rpm | SHA-256: d5d8ecc4bb82a34f6e0b1bb9047e27ab2e9a8ff6d479c976093ad689f66290c9 |
| spacewalk-java-config-1.2.39-135.el5sat.noarch.rpm | SHA-256: 53785d5822c7e37941088675a3d2023c464dcb888cd20867cee4448f6155924c |
| spacewalk-java-lib-1.2.39-135.el5sat.noarch.rpm | SHA-256: f106e68a08a2f28f0bb8c18d30d26a7d7ee259e71c545442c68c8a216cbb1ba4 |
| spacewalk-java-oracle-1.2.39-135.el5sat.noarch.rpm | SHA-256: 496460f2658d4e9dafd90067711e0c13451af2e693bdf411bc750da5a9fd8367 |
| spacewalk-taskomatic-1.2.39-135.el5sat.noarch.rpm | SHA-256: 8d3842b0cdb339d63807ceb97629ae99caa03c5316c4efc24006fd28739b4b52 |
Red Hat Satellite with Embedded Oracle 5.3
| SRPM | |
|---|---|
| spacewalk-java-0.5.44-97.el5sat.src.rpm | SHA-256: 5cab36376aa87849bdc0463bfe10f40042f8d2a787b602a528ad5c344e1f6c99 |
| x86_64 | |
| spacewalk-java-0.5.44-97.el5sat.noarch.rpm | SHA-256: 7ae2d3544603fcb4881a1d252f2c954be858780bff5a644f7bc689f3c2df81a9 |
| spacewalk-java-config-0.5.44-97.el5sat.noarch.rpm | SHA-256: b6d4cf9ba6d9a76b8d69daae0f0a57620f6208256eca8d9fded5128ac8634928 |
| spacewalk-java-lib-0.5.44-97.el5sat.noarch.rpm | SHA-256: 44bd0da752d129c4a1b3a85bf4f8a5a9eff6f37bf55e185977e1a5eceaa3c5da |
| spacewalk-taskomatic-0.5.44-97.el5sat.noarch.rpm | SHA-256: 9ab9b93cde4be9de2165fea1636201e563fd440b05e987703d424920966a9026 |
| i386 | |
| spacewalk-java-0.5.44-97.el5sat.noarch.rpm | SHA-256: 7ae2d3544603fcb4881a1d252f2c954be858780bff5a644f7bc689f3c2df81a9 |
| spacewalk-java-config-0.5.44-97.el5sat.noarch.rpm | SHA-256: b6d4cf9ba6d9a76b8d69daae0f0a57620f6208256eca8d9fded5128ac8634928 |
| spacewalk-java-lib-0.5.44-97.el5sat.noarch.rpm | SHA-256: 44bd0da752d129c4a1b3a85bf4f8a5a9eff6f37bf55e185977e1a5eceaa3c5da |
| spacewalk-taskomatic-0.5.44-97.el5sat.noarch.rpm | SHA-256: 9ab9b93cde4be9de2165fea1636201e563fd440b05e987703d424920966a9026 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
