Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2013:1514 - Security Advisory
Issued:
2013-11-12
Updated:
2013-11-12

RHSA-2013:1514 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Critical: spacewalk-java security update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated spacewalk-java packages that fix one security issue are now
available for Red Hat Satellite 5.3, 5.4, 5.5 and 5.6.

The Red Hat Security Response Team has rated this update as having critical
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

Red Hat Satellite is a systems management tool for Linux-based infrastructures.
It allows for provisioning, monitoring, and remote management of multiple Linux
deployments with a single, centralized tool. The spacewalk-java packages contain
the code for the Java version of the Spacewalk Web site.

It was found that the web interface provided by Red Hat Satellite to create the
initial administrator user was not disabled after the initial user was created.
A remote attacker could use this flaw to create an administrator user with
credentials they specify. This user could then be used to assume control of the
Satellite server. (CVE-2013-4480)

This issue was discovered by Andrew Spurrier of Red Hat.

All spacewalk-java users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Affected Products

  • Red Hat Satellite 5.6 for RHEL 6 x86_64
  • Red Hat Satellite 5.6 for RHEL 6 s390x
  • Red Hat Satellite 5.6 for RHEL 5 x86_64
  • Red Hat Satellite with Embedded Oracle 5.5 for RHEL 6 x86_64
  • Red Hat Satellite with Embedded Oracle 5.5 for RHEL 6 s390x
  • Red Hat Satellite with Embedded Oracle 5.5 for RHEL 5 x86_64
  • Red Hat Satellite with Embedded Oracle 5.4 for RHEL 6 x86_64
  • Red Hat Satellite with Embedded Oracle 5.4 for RHEL 5 x86_64
  • Red Hat Satellite with Embedded Oracle 5.4 for RHEL 5 i386
  • Red Hat Satellite with Embedded Oracle 5.3 x86_64
  • Red Hat Satellite with Embedded Oracle 5.3 i386

Fixes

  • BZ - 1024614 - CVE-2013-4480 Satellite: Interface to create the initial administrator user remains open after installation

CVEs

  • CVE-2013-4480

References

  • https://access.redhat.com/security/updates/classification/#critical
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Satellite 5.6 for RHEL 6

SRPM
spacewalk-java-2.0.2-48.el6sat.src.rpm SHA-256: 7fed78feea3734467e7f20bb0d6f3458f7d0e4d48af0648553679cbe70b65ff5
x86_64
spacewalk-java-2.0.2-48.el6sat.noarch.rpm SHA-256: 790c772adb20395df7d0aa68089609ec46148f5406e20b35e98f7f620e3becc2
spacewalk-java-config-2.0.2-48.el6sat.noarch.rpm SHA-256: 91d82a3c62868958c1072fc5d904e0a7ed21c2dfb175bd4d995d3ac89cf2edfb
spacewalk-java-lib-2.0.2-48.el6sat.noarch.rpm SHA-256: d38978de901ac1d1af60c59be44be52979b76920fade2bc22539b202a093048a
spacewalk-java-oracle-2.0.2-48.el6sat.noarch.rpm SHA-256: 9e16551ac1bdf2ee075e1024cfec57948eb6ec9e5da181d0be7bd6417d589867
spacewalk-java-postgresql-2.0.2-48.el6sat.noarch.rpm SHA-256: 012fe3dc3f8478e5540e6d2686ae63b68a9f116c06d28b4d5b7bd54b3424be89
spacewalk-taskomatic-2.0.2-48.el6sat.noarch.rpm SHA-256: 28015753cad8c879237ff16e1f4e2c19e8518dbf2fc87ecb2e50adccb73c9c48
s390x
spacewalk-java-2.0.2-48.el6sat.noarch.rpm SHA-256: 790c772adb20395df7d0aa68089609ec46148f5406e20b35e98f7f620e3becc2
spacewalk-java-config-2.0.2-48.el6sat.noarch.rpm SHA-256: 91d82a3c62868958c1072fc5d904e0a7ed21c2dfb175bd4d995d3ac89cf2edfb
spacewalk-java-lib-2.0.2-48.el6sat.noarch.rpm SHA-256: d38978de901ac1d1af60c59be44be52979b76920fade2bc22539b202a093048a
spacewalk-java-oracle-2.0.2-48.el6sat.noarch.rpm SHA-256: 9e16551ac1bdf2ee075e1024cfec57948eb6ec9e5da181d0be7bd6417d589867
spacewalk-java-postgresql-2.0.2-48.el6sat.noarch.rpm SHA-256: 012fe3dc3f8478e5540e6d2686ae63b68a9f116c06d28b4d5b7bd54b3424be89
spacewalk-taskomatic-2.0.2-48.el6sat.noarch.rpm SHA-256: 28015753cad8c879237ff16e1f4e2c19e8518dbf2fc87ecb2e50adccb73c9c48

Red Hat Satellite 5.6 for RHEL 5

SRPM
spacewalk-java-2.0.2-48.el5sat.src.rpm SHA-256: d3820456525173a3131a67c765d23fd324ebc60710b0bee54395bc4add7c5cb3
x86_64
spacewalk-java-2.0.2-48.el5sat.noarch.rpm SHA-256: 91291518f1c59e9614b5ca791de04e4a9f0c74bf38ca0233c487de8098bf8660
spacewalk-java-config-2.0.2-48.el5sat.noarch.rpm SHA-256: 2cab42f512405c60b71db9a556960ca84be1a14b6d2335426a7293c165df3624
spacewalk-java-lib-2.0.2-48.el5sat.noarch.rpm SHA-256: ead1cabf55d325511f25419745c2406ea2aba18f96d2e60fec666cb999039a7e
spacewalk-java-oracle-2.0.2-48.el5sat.noarch.rpm SHA-256: e2322049f4d373360d838bd5e143027821f122e4db531c0c6a29e1691bd806be
spacewalk-java-postgresql-2.0.2-48.el5sat.noarch.rpm SHA-256: 61dc222ae4afa7ea4c1cb716aab36dd55c553f82a650f6d4f8c3f42443dea2bb
spacewalk-taskomatic-2.0.2-48.el5sat.noarch.rpm SHA-256: 72c7c89e32f34b0599685609499bca432353d329c10fb0037440f94bf19ed579

Red Hat Satellite with Embedded Oracle 5.5 for RHEL 6

SRPM
spacewalk-java-1.7.54-121.el6sat.src.rpm SHA-256: 874b91d66a724ed007751475a0fb24b2317871bcade46346a64dff84c80079dc
x86_64
spacewalk-java-1.7.54-121.el6sat.noarch.rpm SHA-256: 6e45d155d47dbce27bdd21e1377d269e8e55d99d3f1ab85ada22582c5c9a136a
spacewalk-java-config-1.7.54-121.el6sat.noarch.rpm SHA-256: 81c6e3e7df2cba9d631821bb84c7a5923d6277886462516964c922fcd0179520
spacewalk-java-lib-1.7.54-121.el6sat.noarch.rpm SHA-256: d421cef2c8f0c25bc6b5d51b3c7474cb9233ed60262953cf5d0cacebad932ed2
spacewalk-java-oracle-1.7.54-121.el6sat.noarch.rpm SHA-256: 52f949c51e37f0be2ab0b3f3d54ed5bf798cb542f54be0fa629c47ab370072b4
spacewalk-taskomatic-1.7.54-121.el6sat.noarch.rpm SHA-256: bf067980930dcba280b61915b1e3bca1e7ec29e57b2f689b724cb43242ab7d8c
s390x
spacewalk-java-1.7.54-121.el6sat.noarch.rpm SHA-256: 6e45d155d47dbce27bdd21e1377d269e8e55d99d3f1ab85ada22582c5c9a136a
spacewalk-java-config-1.7.54-121.el6sat.noarch.rpm SHA-256: 81c6e3e7df2cba9d631821bb84c7a5923d6277886462516964c922fcd0179520
spacewalk-java-lib-1.7.54-121.el6sat.noarch.rpm SHA-256: d421cef2c8f0c25bc6b5d51b3c7474cb9233ed60262953cf5d0cacebad932ed2
spacewalk-java-oracle-1.7.54-121.el6sat.noarch.rpm SHA-256: 52f949c51e37f0be2ab0b3f3d54ed5bf798cb542f54be0fa629c47ab370072b4
spacewalk-taskomatic-1.7.54-121.el6sat.noarch.rpm SHA-256: bf067980930dcba280b61915b1e3bca1e7ec29e57b2f689b724cb43242ab7d8c

Red Hat Satellite with Embedded Oracle 5.5 for RHEL 5

SRPM
spacewalk-java-1.7.54-121.el5sat.src.rpm SHA-256: b1b34ffc56a5c8152e79c4082ed0b334187c4ec772205feacd5d0714dea452bd
x86_64
spacewalk-java-1.7.54-121.el5sat.noarch.rpm SHA-256: 1c5111cf4f7e1188dd4cd232cd9f78a36ba39dee5ba210fdc3a146e35210383e
spacewalk-java-config-1.7.54-121.el5sat.noarch.rpm SHA-256: 748d94f5c6645a51e83a1de598a67d7bad0096e7cb0e423739217fc27c9333d0
spacewalk-java-lib-1.7.54-121.el5sat.noarch.rpm SHA-256: 8483fb53e56a04f1d0fa2aeb9e908574454fa7cd2be3006a74e099410403e6a3
spacewalk-java-oracle-1.7.54-121.el5sat.noarch.rpm SHA-256: f4324deb2622cab0d68b0714666e64b6454537553a38e449afd702a52773d37c
spacewalk-taskomatic-1.7.54-121.el5sat.noarch.rpm SHA-256: 43d63c37e7f81f438380099da087eb2ade698259af3b356a0f949b56a7afdf8e

Red Hat Satellite with Embedded Oracle 5.4 for RHEL 6

SRPM
spacewalk-java-1.2.39-135.el6sat.src.rpm SHA-256: b65b3b72f4dc96c7dbc2d9eaedfff545dd5bcc7eb75a1159b590d0f207e924ca
x86_64
spacewalk-java-1.2.39-135.el6sat.noarch.rpm SHA-256: 84cc0a95ebf6c2736fbe83cfd9d4338fc8295c3390badc32f47ff8036ea14422
spacewalk-java-config-1.2.39-135.el6sat.noarch.rpm SHA-256: 3e083d85ddb02b7bfd64e24392d1abfc47130e3bb71d416aea35d0bc2cdd3227
spacewalk-java-lib-1.2.39-135.el6sat.noarch.rpm SHA-256: 0db6b28e31b7babb8a1447949a0318cc04a8a33c656bb8926405cdff0afb4730
spacewalk-java-oracle-1.2.39-135.el6sat.noarch.rpm SHA-256: 80156e92d78c48990a033959337c8673d0172abe7c051cf133deab7150eeb0cd
spacewalk-taskomatic-1.2.39-135.el6sat.noarch.rpm SHA-256: 5d206e5adba17b228d0284378d43a08085665df9f5b06031bb17a8b37e71b215
s390x

Red Hat Satellite with Embedded Oracle 5.4 for RHEL 5

SRPM
spacewalk-java-1.2.39-135.el5sat.src.rpm SHA-256: 1d5a71e63f9ed9f921d7078e05a1926206e20fd2fca6f206c2165a692d1d527a
x86_64
spacewalk-java-1.2.39-135.el5sat.noarch.rpm SHA-256: d5d8ecc4bb82a34f6e0b1bb9047e27ab2e9a8ff6d479c976093ad689f66290c9
spacewalk-java-config-1.2.39-135.el5sat.noarch.rpm SHA-256: 53785d5822c7e37941088675a3d2023c464dcb888cd20867cee4448f6155924c
spacewalk-java-lib-1.2.39-135.el5sat.noarch.rpm SHA-256: f106e68a08a2f28f0bb8c18d30d26a7d7ee259e71c545442c68c8a216cbb1ba4
spacewalk-java-oracle-1.2.39-135.el5sat.noarch.rpm SHA-256: 496460f2658d4e9dafd90067711e0c13451af2e693bdf411bc750da5a9fd8367
spacewalk-taskomatic-1.2.39-135.el5sat.noarch.rpm SHA-256: 8d3842b0cdb339d63807ceb97629ae99caa03c5316c4efc24006fd28739b4b52
i386
spacewalk-java-1.2.39-135.el5sat.noarch.rpm SHA-256: d5d8ecc4bb82a34f6e0b1bb9047e27ab2e9a8ff6d479c976093ad689f66290c9
spacewalk-java-config-1.2.39-135.el5sat.noarch.rpm SHA-256: 53785d5822c7e37941088675a3d2023c464dcb888cd20867cee4448f6155924c
spacewalk-java-lib-1.2.39-135.el5sat.noarch.rpm SHA-256: f106e68a08a2f28f0bb8c18d30d26a7d7ee259e71c545442c68c8a216cbb1ba4
spacewalk-java-oracle-1.2.39-135.el5sat.noarch.rpm SHA-256: 496460f2658d4e9dafd90067711e0c13451af2e693bdf411bc750da5a9fd8367
spacewalk-taskomatic-1.2.39-135.el5sat.noarch.rpm SHA-256: 8d3842b0cdb339d63807ceb97629ae99caa03c5316c4efc24006fd28739b4b52

Red Hat Satellite with Embedded Oracle 5.3

SRPM
spacewalk-java-0.5.44-97.el5sat.src.rpm SHA-256: 5cab36376aa87849bdc0463bfe10f40042f8d2a787b602a528ad5c344e1f6c99
x86_64
spacewalk-java-0.5.44-97.el5sat.noarch.rpm SHA-256: 7ae2d3544603fcb4881a1d252f2c954be858780bff5a644f7bc689f3c2df81a9
spacewalk-java-config-0.5.44-97.el5sat.noarch.rpm SHA-256: b6d4cf9ba6d9a76b8d69daae0f0a57620f6208256eca8d9fded5128ac8634928
spacewalk-java-lib-0.5.44-97.el5sat.noarch.rpm SHA-256: 44bd0da752d129c4a1b3a85bf4f8a5a9eff6f37bf55e185977e1a5eceaa3c5da
spacewalk-taskomatic-0.5.44-97.el5sat.noarch.rpm SHA-256: 9ab9b93cde4be9de2165fea1636201e563fd440b05e987703d424920966a9026
i386
spacewalk-java-0.5.44-97.el5sat.noarch.rpm SHA-256: 7ae2d3544603fcb4881a1d252f2c954be858780bff5a644f7bc689f3c2df81a9
spacewalk-java-config-0.5.44-97.el5sat.noarch.rpm SHA-256: b6d4cf9ba6d9a76b8d69daae0f0a57620f6208256eca8d9fded5128ac8634928
spacewalk-java-lib-0.5.44-97.el5sat.noarch.rpm SHA-256: 44bd0da752d129c4a1b3a85bf4f8a5a9eff6f37bf55e185977e1a5eceaa3c5da
spacewalk-taskomatic-0.5.44-97.el5sat.noarch.rpm SHA-256: 9ab9b93cde4be9de2165fea1636201e563fd440b05e987703d424920966a9026

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility