Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2017:2645 - Security Advisory
Issued:
2017-09-06
Updated:
2017-09-06

RHSA-2017:2645 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: satellite and spacewalk security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for satellite-schema, spacewalk-backend, spacewalk-java, and spacewalk-schema is now available for Red Hat Satellite 5.8 and Red Hat Satellite 5.8 ELS.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Spacewalk is an Open Source systems management solution that provides system provisioning, configuration and patching capabilities.

Red Hat Satellite is a system management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and the remote management of multiple Linux deployments with a single, centralized tool.

Security Fix(es):

  • A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5. A user able to change an organization's name could exploit this flaw to perform XSS attacks against other Satellite users. (CVE-2017-7538)

This issue was discovered by Ales Dujicek (Red Hat).

Bug Fix(es):

  • Prior to this update, transferring content between Satellites using Inter-Satellite Synchronization or channel-dumps failed to transfer the product-name related to channels. This interfered with the process of moving a server between EUS channels. The 'satellite-export' tool now correctly provides associated product-names, fixing this behavior. (BZ#1446271)
  • Prior to this update, the API call 'schedule.failSystemAction()' allowed overwriting a system's event history. This is undesirable from an auditing standpoint. The API now no longer allows affecting completed or failed events. (BZ#1455887)
  • Prior to this update, organization administrators who were not allowed to change their organization's attributes could do so by modifying form elements. The associated form controller no longer allows this behavior. (BZ#1458722)
  • Prior to this update, the 'download' tool's retry limit would be incorrect if there were more available mirrors than its retry count. It could also produce a harmless but unhelpful traceback in some situations. Both of these behaviors have been fixed. (BZ#1458765)
  • Prior to this update, it was possible for parallel registrations using reactivation keys, that were creating snapshot entries, to occasionally deadlock. Both the reactivation-key registration and snapshot-creation paths have been updated to prevent these deadlocks. (BZ#1458880)
  • Prior to this update, if there was some problem with a single erratum in a given repository, the 'reposync' command would complain and exit. The tool now logs such errors but continues to synchronize any remaining errata. (BZ#1466229)
  • The Satellite 5.8 release failed to include an update to a registration-failure error message that had been released for Satellite 5.7. This restores the missing update. (BZ#1467632)
  • Prior to this update, the list of systems in the System Set Manager failed to display the correct icons for a system's update status. This has been corrected. (BZ#1475067)
  • Prior to this update, a timing window in the 'cdn-sync' command, when synchronizing multiple channels at once, could cause some of the synchronization attempts to be refused with a 403 error. This update fixes the timing window so that multiple syncs should now work reliably. (BZ#1476924)
  • Prior to this update, attempting to view the systems in the System Set Manager that are affected by a given erratum would result in an internal server error. This has been fixed. (BZ#1477508)
  • Prior to this update, using 'cdn-sync --no-packages' on a specific channel would disassociate all packages from that channel. This behavior has been fixed, so that '--no-packages' now just skips that step as intended. (BZ#1477667)

Solution

Application of this errata involves updating the database schema.

Before applying this update, make sure all previously-released errata relevant to your system have been applied. To apply this erratum, take the following steps:

  • Shut down Red Hat Satellite by running the following command as root:

rhn-satellite stop

  • Backup the database. For embedded or managed database variants, please consult Red Hat Satellite 5.8 documentation. For an external database, consult your database administrator.
  • Upgrade the errata packages. Details on how to apply this update are available at https://access.redhat.com/site/articles/11258
  • Update the database schema using the spacewalk-schema-upgrade command. To do so, run as root:

spacewalk-schema-upgrade

This process will update your database schema to the latest version. The
spacewalk-schema-upgrade command will inform you about the results of the
upgrade and exact locations of schema upgrade log files.

  • Restart Red Hat Satellite by running the following as root:

rhn-satellite start

Affected Products

  • Red Hat Satellite 5.8 x86_64
  • Red Hat Satellite 5.8 s390x

Fixes

  • BZ - 1446271 - satellite-sync via ISS does not transfer product_name_id value for channel
  • BZ - 1455887 - schedule.failSystemAction API overwrites system events history
  • BZ - 1458722 - even with "Allow Organization Admin to manage Organization Configuration" you can change some organization config options
  • BZ - 1458765 - Incorrect retry count evaluation and better exception handle
  • BZ - 1458880 - [5.8] DEADLOCK: reactivation-key, snapshot_server(), register/delete
  • BZ - 1460208 - organization name allows XSS
  • BZ - 1466229 - when there is a problem with specific errata parsing, rest of errata should be imported
  • BZ - 1467632 - error message in case of registration or check failure does not link to KB article as before
  • BZ - 1471262 - CVE-2017-7538 Satellite 5: organization name allows XSS
  • BZ - 1475067 - Icons under Updates section in System Set Manager not displayed
  • BZ - 1477667 - cdn-sync --no-packages will disassociate all packages from channel

CVEs

  • CVE-2017-7538

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/site/articles/273633
  • https://access.redhat.com/site/articles/11258
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Satellite 5.8

SRPM
satellite-schema-5.8.0.33-1.el6sat.src.rpm SHA-256: e5edca69d59b81ddfd1bad6d5271cee9b6df2dba17b96afee57324abfeaebf0d
spacewalk-backend-2.5.3-151.el6sat.src.rpm SHA-256: faa67c8d4492bef45aaa8f276189ba5d98e598c7c0bd7925a60ff84f95edee58
spacewalk-java-2.5.14-95.el6sat.src.rpm SHA-256: 7d3baa1ad54fe056d6b572bb63b847b35090153d5e5675aaade4570214f7037b
spacewalk-schema-2.5.1-50.el6sat.src.rpm SHA-256: ea72891e66210c95374648d2096dd603e7b400eeee227405d31e33fb83311d6e
x86_64
satellite-schema-5.8.0.33-1.el6sat.noarch.rpm SHA-256: 06d6b1c4fc66b7197b1f91e087c2eb6ed31bc88f7b153e1c3b4b8e7eb0ca3b3b
spacewalk-backend-2.5.3-151.el6sat.noarch.rpm SHA-256: 23c05147059e2b48f254e403f02bc5d43833f1e0e07779cb8e72f357ad6a7529
spacewalk-backend-app-2.5.3-151.el6sat.noarch.rpm SHA-256: 2cf2df08b634d627ecc30243b527373021a74c65da23d820ed7b801b5dafa093
spacewalk-backend-applet-2.5.3-151.el6sat.noarch.rpm SHA-256: b6f10eb61e52b6c49306ebe48607c60b7c66f011e591d1fff20178749626bdf9
spacewalk-backend-cdn-2.5.3-151.el6sat.noarch.rpm SHA-256: f6b6f52fa9cabafc82390b1b9bbfe0b8b2c4773efb98015c8f39444aebdfeffa
spacewalk-backend-config-files-2.5.3-151.el6sat.noarch.rpm SHA-256: fa432c01942fc4df1b49dcacc10c0823b7f1061d9e941c4a8e18c0940db287ef
spacewalk-backend-config-files-common-2.5.3-151.el6sat.noarch.rpm SHA-256: e2cf6c32896487b36c375847fc9ffb30ff4a22c54507483740b9ae321eb83895
spacewalk-backend-config-files-tool-2.5.3-151.el6sat.noarch.rpm SHA-256: 2f14b7df5d298116a1b4fc4354f875ee524215266ce4e358270c38d898e427d8
spacewalk-backend-iss-2.5.3-151.el6sat.noarch.rpm SHA-256: 156825ab4aede7a59682c310b00e8b05f8f48634896551c897551439f864337f
spacewalk-backend-iss-export-2.5.3-151.el6sat.noarch.rpm SHA-256: 30ac92ee0c04ba3df30ebb0a70db94974607f32f6b8611e44311dd4caefbac9a
spacewalk-backend-libs-2.5.3-151.el6sat.noarch.rpm SHA-256: 83cbdeb95e5951e45b98dbd8fc33f8073c36804abf47af96caa5f7ccb1975845
spacewalk-backend-package-push-server-2.5.3-151.el6sat.noarch.rpm SHA-256: 19b4dc75d83a73f56fb5920e9c6a3cf0d16804eed3db27415aab999e96ba44ea
spacewalk-backend-server-2.5.3-151.el6sat.noarch.rpm SHA-256: 9c22baa80a69c1102fcf357873d3582c8f8a3b61ec59949b33c5bee95ef86b69
spacewalk-backend-sql-2.5.3-151.el6sat.noarch.rpm SHA-256: 64942a23e3ef3fc6db743a27c765342de53b3045db33d336ae6d6419c54d67e2
spacewalk-backend-sql-oracle-2.5.3-151.el6sat.noarch.rpm SHA-256: 0813fdc81290ce83c7841bb0c2060216507f4f159b5f4924d0109c68ebee3408
spacewalk-backend-sql-postgresql-2.5.3-151.el6sat.noarch.rpm SHA-256: 6d97232e8a549e21066b62b4b2032bc7c5e79c8e9180be54dcea4749d769e2a4
spacewalk-backend-tools-2.5.3-151.el6sat.noarch.rpm SHA-256: 459bb3580a0dc41eea2904d0091f0161d8dc667e4865856f6e67faeeb8c6d6e0
spacewalk-backend-xml-export-libs-2.5.3-151.el6sat.noarch.rpm SHA-256: 922420ab3d1289e0e4f686e4473b8c1f50738597d4986bb3d9bb2be45a8f0a1e
spacewalk-backend-xmlrpc-2.5.3-151.el6sat.noarch.rpm SHA-256: f252360020aab28b322e16a53a6af9e6d0236271bacc60ee474e3f14171523b3
spacewalk-java-2.5.14-95.el6sat.noarch.rpm SHA-256: fb6f9f49206ca6434815e0c0a447a4d2af766f31bdd4bee2bebda61563aa4234
spacewalk-java-config-2.5.14-95.el6sat.noarch.rpm SHA-256: 815c35deebafb465b74345c2f492d7208e31ee53666318e6e0200f6eeecf747d
spacewalk-java-lib-2.5.14-95.el6sat.noarch.rpm SHA-256: 139eae49c915961dd56db941e03ac03d419caca84a20238eb179b49b9e95b18c
spacewalk-java-oracle-2.5.14-95.el6sat.noarch.rpm SHA-256: 10d7c6b3c33166e2a1b43ecaeacb82bbfff36b0d36bf80ba677e94e3f8d2a131
spacewalk-java-postgresql-2.5.14-95.el6sat.noarch.rpm SHA-256: f8af91405cafa3da74bceb36d2bdf4ae6db684fd681e24132ea11f0af96c30eb
spacewalk-schema-2.5.1-50.el6sat.noarch.rpm SHA-256: a92a460880e7d12270a44a8128b2f09b29e5ff80fbd9451eaece9953691ccf17
spacewalk-taskomatic-2.5.14-95.el6sat.noarch.rpm SHA-256: 4b74417f766a9e3094c36def214c80bbf9db40d51bf656f6778302d1c24284ae
s390x
satellite-schema-5.8.0.33-1.el6sat.noarch.rpm SHA-256: 06d6b1c4fc66b7197b1f91e087c2eb6ed31bc88f7b153e1c3b4b8e7eb0ca3b3b
spacewalk-backend-2.5.3-151.el6sat.noarch.rpm SHA-256: 23c05147059e2b48f254e403f02bc5d43833f1e0e07779cb8e72f357ad6a7529
spacewalk-backend-app-2.5.3-151.el6sat.noarch.rpm SHA-256: 2cf2df08b634d627ecc30243b527373021a74c65da23d820ed7b801b5dafa093
spacewalk-backend-applet-2.5.3-151.el6sat.noarch.rpm SHA-256: b6f10eb61e52b6c49306ebe48607c60b7c66f011e591d1fff20178749626bdf9
spacewalk-backend-cdn-2.5.3-151.el6sat.noarch.rpm SHA-256: f6b6f52fa9cabafc82390b1b9bbfe0b8b2c4773efb98015c8f39444aebdfeffa
spacewalk-backend-config-files-2.5.3-151.el6sat.noarch.rpm SHA-256: fa432c01942fc4df1b49dcacc10c0823b7f1061d9e941c4a8e18c0940db287ef
spacewalk-backend-config-files-common-2.5.3-151.el6sat.noarch.rpm SHA-256: e2cf6c32896487b36c375847fc9ffb30ff4a22c54507483740b9ae321eb83895
spacewalk-backend-config-files-tool-2.5.3-151.el6sat.noarch.rpm SHA-256: 2f14b7df5d298116a1b4fc4354f875ee524215266ce4e358270c38d898e427d8
spacewalk-backend-iss-2.5.3-151.el6sat.noarch.rpm SHA-256: 156825ab4aede7a59682c310b00e8b05f8f48634896551c897551439f864337f
spacewalk-backend-iss-export-2.5.3-151.el6sat.noarch.rpm SHA-256: 30ac92ee0c04ba3df30ebb0a70db94974607f32f6b8611e44311dd4caefbac9a
spacewalk-backend-libs-2.5.3-151.el6sat.noarch.rpm SHA-256: 83cbdeb95e5951e45b98dbd8fc33f8073c36804abf47af96caa5f7ccb1975845
spacewalk-backend-package-push-server-2.5.3-151.el6sat.noarch.rpm SHA-256: 19b4dc75d83a73f56fb5920e9c6a3cf0d16804eed3db27415aab999e96ba44ea
spacewalk-backend-server-2.5.3-151.el6sat.noarch.rpm SHA-256: 9c22baa80a69c1102fcf357873d3582c8f8a3b61ec59949b33c5bee95ef86b69
spacewalk-backend-sql-2.5.3-151.el6sat.noarch.rpm SHA-256: 64942a23e3ef3fc6db743a27c765342de53b3045db33d336ae6d6419c54d67e2
spacewalk-backend-sql-oracle-2.5.3-151.el6sat.noarch.rpm SHA-256: 0813fdc81290ce83c7841bb0c2060216507f4f159b5f4924d0109c68ebee3408
spacewalk-backend-sql-postgresql-2.5.3-151.el6sat.noarch.rpm SHA-256: 6d97232e8a549e21066b62b4b2032bc7c5e79c8e9180be54dcea4749d769e2a4
spacewalk-backend-tools-2.5.3-151.el6sat.noarch.rpm SHA-256: 459bb3580a0dc41eea2904d0091f0161d8dc667e4865856f6e67faeeb8c6d6e0
spacewalk-backend-xml-export-libs-2.5.3-151.el6sat.noarch.rpm SHA-256: 922420ab3d1289e0e4f686e4473b8c1f50738597d4986bb3d9bb2be45a8f0a1e
spacewalk-backend-xmlrpc-2.5.3-151.el6sat.noarch.rpm SHA-256: f252360020aab28b322e16a53a6af9e6d0236271bacc60ee474e3f14171523b3
spacewalk-java-2.5.14-95.el6sat.noarch.rpm SHA-256: fb6f9f49206ca6434815e0c0a447a4d2af766f31bdd4bee2bebda61563aa4234
spacewalk-java-config-2.5.14-95.el6sat.noarch.rpm SHA-256: 815c35deebafb465b74345c2f492d7208e31ee53666318e6e0200f6eeecf747d
spacewalk-java-lib-2.5.14-95.el6sat.noarch.rpm SHA-256: 139eae49c915961dd56db941e03ac03d419caca84a20238eb179b49b9e95b18c
spacewalk-java-oracle-2.5.14-95.el6sat.noarch.rpm SHA-256: 10d7c6b3c33166e2a1b43ecaeacb82bbfff36b0d36bf80ba677e94e3f8d2a131
spacewalk-java-postgresql-2.5.14-95.el6sat.noarch.rpm SHA-256: f8af91405cafa3da74bceb36d2bdf4ae6db684fd681e24132ea11f0af96c30eb
spacewalk-schema-2.5.1-50.el6sat.noarch.rpm SHA-256: a92a460880e7d12270a44a8128b2f09b29e5ff80fbd9451eaece9953691ccf17
spacewalk-taskomatic-2.5.14-95.el6sat.noarch.rpm SHA-256: 4b74417f766a9e3094c36def214c80bbf9db40d51bf656f6778302d1c24284ae

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2023 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter