(RHSA-2019:3172) Moderate: Red Hat Satellite 6 security, bug fix, and enhancement update

2019-10-2212:34:42

access.redhat.com

110

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

0.004 Low

EPSS

Percentile

74.8%

JSON

Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool.

Security Fix(es):

rubygem-rack: Buffer size in multipart parser allows for denial of service (CVE-2018-16470)
dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents (CVE-2018-1000632)
foreman: authorization bypasses in foreman-tasks leading to information disclosure (CVE-2019-10198)
katello: registry credentials are captured in plain text during repository discovery (CVE-2019-14825)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat7noarchtfm-rubygem-hammer_cli_foreman_docker< 0.0.6.4-1.el7sattfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.noarch.rpm
RedHat7noarchforeman-selinux< 1.22.0-1.el7satforeman-selinux-1.22.0-1.el7sat.noarch.rpm
RedHat7noarchtfm-ror52-rubygem-coffee-rails< 4.2.2-1.el7sattfm-ror52-rubygem-coffee-rails-4.2.2-1.el7sat.noarch.rpm
RedHat7x86_64libsolv-debuginfo< 0.7.4-3.pulp.el7satlibsolv-debuginfo-0.7.4-3.pulp.el7sat.x86_64.rpm
RedHat7noarchpython2-vine< 1.1.3-6.el7satpython2-vine-1.1.3-6.el7sat.noarch.rpm
RedHat7noarchtfm-ror52-rubygem-tilt< 2.0.8-1.el7sattfm-ror52-rubygem-tilt-2.0.8-1.el7sat.noarch.rpm
RedHat7noarchpython-pulp-client-lib< 2.19.1.1-1.el7satpython-pulp-client-lib-2.19.1.1-1.el7sat.noarch.rpm
RedHat7noarchtfm-rubygem-ovirt_provision_plugin< 2.0.3-1.el7sattfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.noarch.rpm
RedHat7x86_64saslwrapper-debuginfo< 0.22-5.el7satsaslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm
RedHat7noarchrubygem-smart_proxy_discovery_image< 1.0.9-2.el7satrubygem-smart_proxy_discovery_image-1.0.9-2.el7sat.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	7	noarch	tfm-rubygem-hammer_cli_foreman_docker	< 0.0.6.4-1.el7sat	tfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.noarch.rpm
RedHat	7	noarch	foreman-selinux	< 1.22.0-1.el7sat	foreman-selinux-1.22.0-1.el7sat.noarch.rpm
RedHat	7	noarch	tfm-ror52-rubygem-coffee-rails	< 4.2.2-1.el7sat	tfm-ror52-rubygem-coffee-rails-4.2.2-1.el7sat.noarch.rpm
RedHat	7	x86_64	libsolv-debuginfo	< 0.7.4-3.pulp.el7sat	libsolv-debuginfo-0.7.4-3.pulp.el7sat.x86_64.rpm
RedHat	7	noarch	python2-vine	< 1.1.3-6.el7sat	python2-vine-1.1.3-6.el7sat.noarch.rpm
RedHat	7	noarch	tfm-ror52-rubygem-tilt	< 2.0.8-1.el7sat	tfm-ror52-rubygem-tilt-2.0.8-1.el7sat.noarch.rpm
RedHat	7	noarch	python-pulp-client-lib	< 2.19.1.1-1.el7sat	python-pulp-client-lib-2.19.1.1-1.el7sat.noarch.rpm
RedHat	7	noarch	tfm-rubygem-ovirt_provision_plugin	< 2.0.3-1.el7sat	tfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.noarch.rpm
RedHat	7	x86_64	saslwrapper-debuginfo	< 0.22-5.el7sat	saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm
RedHat	7	noarch	rubygem-smart_proxy_discovery_image	< 1.0.9-2.el7sat	rubygem-smart_proxy_discovery_image-1.0.9-2.el7sat.noarch.rpm