Red Hat Product Errata RHSA-2015:0957 - Security Advisory
Issued:
2015-05-11
Updated:
2015-05-11

RHSA-2015:0957 - Security Advisory

Synopsis

Moderate: spacewalk-java security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated spacewalk packages that fix one security issue are now available
for Red Hat Satellite 5.7.

Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

Description

Red Hat Satellite is a system management tool for Linux-based
infrastructures. It allows for provisioning, monitoring, and remote
management of multiple Linux deployments with a single, centralized tool.

It was found that the RPC interface in Satellite would resolve external
entities, allowing an attacker to conduct XML External Entity (XXE)
attacks. A remote attacker could use this flaw to read files accessible to
the user running the Satellite server, and potentially perform other more
advanced XXE attacks. (CVE-2014-8162)

Red Hat would like to thank Travis Emmert for reporting this issue.

All spacewalk users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Satellite 5.7 x86_64
  • Red Hat Satellite 5.7 s390x

Fixes

(none)

Red Hat Satellite 5.7

SRPM
spacewalk-java-2.3.8-103.el6sat.src.rpm SHA-256: ba8ba855c54e535b35562971539cb96d500a1b22751b74f0d1cd1ad4be6510d0
spacewalk-setup-2.3.0-17.el6sat.src.rpm SHA-256: 810513b9e3c2ac04f6f8b5cd605ad1e818136f4c8bba65b8714f69e78aa8899c
x86_64
spacewalk-java-2.3.8-103.el6sat.noarch.rpm SHA-256: 0fc968fd92b318142d400ce75fed88175892ec1bb57d9733366def551ee75f4b
spacewalk-java-config-2.3.8-103.el6sat.noarch.rpm SHA-256: 2990914be2ecb00c11eb41a4e88a615a18fdaf2303e9de798f8ce6e150bd5b0d
spacewalk-java-lib-2.3.8-103.el6sat.noarch.rpm SHA-256: de350cafdb9a1db1aedbe3ffc2e2eb8ce84bb8531c73db8bc4ad77c7d9a6efd9
spacewalk-java-oracle-2.3.8-103.el6sat.noarch.rpm SHA-256: b830f449bf3ac9b2169ad0ca767f1d9fb3cd9736f1375e0ea836dc2978c1cf2e
spacewalk-java-postgresql-2.3.8-103.el6sat.noarch.rpm SHA-256: 991e638d8bb21ce28d0b8a2476e6195232e697c34072e9fe55e9178e1476de7f
spacewalk-setup-2.3.0-17.el6sat.noarch.rpm SHA-256: e5a64abedacba43d204c9d44b9f787ac74e550c6007e45ade3f4e7162609dc6d
spacewalk-taskomatic-2.3.8-103.el6sat.noarch.rpm SHA-256: 81641fc2dd26537fa85dfcfcb079fb5a33b10eabba33f49f05c93c274cc5bc8e
s390x
spacewalk-java-2.3.8-103.el6sat.noarch.rpm SHA-256: 0fc968fd92b318142d400ce75fed88175892ec1bb57d9733366def551ee75f4b
spacewalk-java-config-2.3.8-103.el6sat.noarch.rpm SHA-256: 2990914be2ecb00c11eb41a4e88a615a18fdaf2303e9de798f8ce6e150bd5b0d
spacewalk-java-lib-2.3.8-103.el6sat.noarch.rpm SHA-256: de350cafdb9a1db1aedbe3ffc2e2eb8ce84bb8531c73db8bc4ad77c7d9a6efd9
spacewalk-java-oracle-2.3.8-103.el6sat.noarch.rpm SHA-256: b830f449bf3ac9b2169ad0ca767f1d9fb3cd9736f1375e0ea836dc2978c1cf2e
spacewalk-java-postgresql-2.3.8-103.el6sat.noarch.rpm SHA-256: 991e638d8bb21ce28d0b8a2476e6195232e697c34072e9fe55e9178e1476de7f
spacewalk-setup-2.3.0-17.el6sat.noarch.rpm SHA-256: e5a64abedacba43d204c9d44b9f787ac74e550c6007e45ade3f4e7162609dc6d
spacewalk-taskomatic-2.3.8-103.el6sat.noarch.rpm SHA-256: 81641fc2dd26537fa85dfcfcb079fb5a33b10eabba33f49f05c93c274cc5bc8e

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.