(RHSA-2011:0879) Moderate: Red Hat Network Satellite server spacewalk-java security update

Red Hat Network (RHN) Satellite provides a solution to organizations
requiring absolute control over and privacy of the maintenance and package
deployment of their servers. It allows organizations to utilize the
benefits of the Red Hat Network without having to provide public Internet
access to their servers or other client systems.

It was found that RHN Satellite did not protect against Cross-Site Request
Forgery (CSRF) attacks. If an authenticated RHN Satellite user visited a
specially-crafted web page, it could lead to unauthorized command execution
with the privileges of that user, for example, creating a new user account,
granting administrator privileges to user accounts, disabling the account
of the current user, and so on. (CVE-2009-4139)

Red Hat would like to thank Christian Johansson of Bitsec AB and Thomas
Biege of the SUSE Security Team for independently reporting this issue.

Users of Red Hat Network Satellite 5.4.1 are advised to upgrade to these
updated spacewalk-java packages, which resolve this issue. For this update
to take effect, Red Hat Network Satellite must be restarted. Refer to the
Solution section for details.