Is spacewalk-backend-libs-1.2.13-52 vulnerable to CVE-2012-0059?
Environment
- Red Hat Satellite 5.4
Issue
- Is spacewalk-backend-libs-1.2.13-52 vulnerable to CVE-2012-0059?
- Do we need install the packages provided by errata RHSA-2012:0101?
Resolution
-
Based on the details mentioned in errata RHSA-2012:0101, there is a fix for CVE-2012-0059.
-
To address this CVE, changes were made in RH Satellite code. There were no changes made to the client-side code. These changes were made in the
/usr/share/rhn/server/handlers/xmlrpc/registration.py
file, which is provided by thespacewalk-backend-xmlrpc
package.
# rpm -qf /usr/share/rhn/server/handlers/xmlrpc/registration.py
spacewalk-backend-xmlrpc-1.2.13-78.el5sat.noarch
-
Code changes made with this errata are listed in commit 76d0064693107148e4a949fc7ad62d72bb3ec26c
-
All
spacewalk-backend*
packages are built using source packagespacewalk-backend-1.2.13-66.el5sat.src.rpm
. Changes were only made in thespacewalk-backend-xmlrpc
package, but allspacewalk-backend*
packages were re-built because they all share a single source RPM. Earlier, thespacewalk-backend-libs
package was shipped in the RHN Tools channel, but after thespacewalk-backend-libs-1.2.13-52
version, this was moved to the RH Satellite channel. Therefore, no new versions of thespacewalk-backend-libs
package will be released into the RHN Tools channel. -
CVE-2012-0059 is not applicable for the
spacewalk-backend-libs-1.2.13-52.el5sat
and lower version of packages which are shipped in RHN Tools channel.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments