Red Hat Satellite 6 missing latest rubygem-rake package

Solution Verified - Updated -

Environment

  • Red Hat Satellite 6

Issue

  • Latest rubygem-rake is not available in satellite-6.x repository.
  • Available rubygem-rake on satellite repository is vulnerable to following CVE:

Resolution

  • This is a known issue and escalated to the engineering team via Bugzilla.
  • Use following workaround for the time being:
    • Download the latest rubygem-rake from this Url and copy to the Satellite server
    • Update the package and restart the satellite services:
# yum upgrade ./rubygem-rake-0.9.6-36.el7.noarch.rpm
# katello-service restart

Diagnostic Steps

  • To check the installed version of rubygem-rake on your satellite:
# rpm -qa rubygem-rake
 rubygem-rake.noarch-0.9.2.2-41.el7sat 

# yum list-sec --enablerepo=rhel-7-server-optional-rpms | grep rubygem-rake
RHSA-2018:0378 Important/Sec. rubygem-rake-0.9.6-33.el7_4.noarch
RHSA-2018:3738 Important/Sec. rubygem-rake-0.9.6-34.el7_6.noarch

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.