- Red Hat Satellite 6.x
- Latest rubygem-rake is not available in satellite-6.x repository.
rubygem-rakeon satellite repository is vulnerable to following CVE:
- This is a known issue and escalated to the engineering team via Bugzilla.
Use following workaround provided by the engineering for the time being:
# foreman-maintain packages unlock # yum --downloadonly --downloaddir=/root --enablerepo=rhel-7-server-optional-rpms install rubygem-rake # yum update /root/rubygem-rake-<VERSION DOWNLOADED>.el7.noarch.rpm # foreman-maintain packages lock # foreman-maintain service restart
To check the installed version of rubygem-rake on your satellite:
# rpm -qa rubygem-rake rubygem-rake.noarch-0.9.2.2-41.el7sat # yum list-sec --enablerepo=rhel-7-server-optional-rpms | grep rubygem-rake RHSA-2018:0378 Important/Sec. rubygem-rake-0.9.6-33.el7_4.noarch RHSA-2018:3738 Important/Sec. rubygem-rake-0.9.6-34.el7_6.noarch
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.