(RHSA-2008:0630) Low: Red Hat Network Satellite Server security update

During an internal security audit, it was discovered that Red Hat Network
Satellite Server shipped with an XML-RPC script, manzier.pxt, which had a
single hard-coded authentication key. A remote attacker who is able to
connect to the Satellite Server XML-RPC service could use this flaw to
obtain limited information about Satellite Server users, such as login
names, associated email addresses, internal user IDs, and partial
information about entitlements. (CVE-2008-2369)

This release also corrects several security vulnerabilities in various
components shipped as part of Red Hat Network Satellite Server 5.1. In a
typical operating environment, these components are not exposed to users
of Satellite Server in a vulnerable manner. These security updates will
reduce risk in unique Satellite Server environments.

A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)

Multiple cross-site scripting flaws were fixed in the image map feature in
the JFreeChart package. (CVE-2007-6306)

A flaw which could result in weak encryption was fixed in the
perl-Crypt-CBC package. (CVE-2006-0898)

Multiple flaws were fixed in the Apache Tomcat package. (CVE-2005-4838,
CVE-2006-0254, CVE-2007-1355, CVE-2007-1358, CVE-2007-2449, CVE-2007-5461,
CVE-2008-0128)

Users of Red Hat Network Satellite Server 5.1 are advised to upgrade to
5.1.1, which resolves these issues.