(RHSA-2014:1762) Moderate: spacewalk-java security update

2014-10-3000:00:00

access.redhat.com

0.003 Low

EPSS

Percentile

65.3%

JSON

Red Hat Satellite is a systems management tool for Linux-based
infrastructures. It allows for provisioning, monitoring, and remote
management of multiple Linux deployments with a single, centralized tool.
The spacewalk-java packages contain the code for the Java version of the
Spacewalk Web site.

Stored and reflected cross-site scripting (XSS) flaws were found in the way
spacewalk-java displayed certain information. By sending a specially
crafted request to Satellite, a remote, authenticated attacker could embed
HTML content into the stored data, allowing them to inject malicious
content into the web page that is used to view that data. (CVE-2014-3654)

Red Hat would like to thank Ron Bowes of Google for reporting this issue.

All spacewalk-java users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue.

OSVersionArchitecturePackageVersionFilename
RedHat6noarchspacewalk-taskomatic< 1.7.54-131.el6satspacewalk-taskomatic-1.7.54-131.el6sat.noarch.rpm
RedHat5noarchspacewalk-taskomatic< 1.7.54-131.el5satspacewalk-taskomatic-1.7.54-131.el5sat.noarch.rpm
RedHat5srcspacewalk-java< 2.0.2-90.el5satspacewalk-java-2.0.2-90.el5sat.src.rpm
RedHat5noarchspacewalk-taskomatic< 2.0.2-90.el5satspacewalk-taskomatic-2.0.2-90.el5sat.noarch.rpm
RedHat6noarchspacewalk-java< 1.7.54-131.el6satspacewalk-java-1.7.54-131.el6sat.noarch.rpm
RedHat6noarchspacewalk-java-postgresql< 2.0.2-90.el6satspacewalk-java-postgresql-2.0.2-90.el6sat.noarch.rpm
RedHat5noarchspacewalk-java< 2.0.2-90.el5satspacewalk-java-2.0.2-90.el5sat.noarch.rpm
RedHat6noarchspacewalk-java-oracle< 1.7.54-131.el6satspacewalk-java-oracle-1.7.54-131.el6sat.noarch.rpm
RedHat6srcspacewalk-java< 1.7.54-131.el6satspacewalk-java-1.7.54-131.el6sat.src.rpm
RedHat5noarchspacewalk-java-config< 2.0.2-90.el5satspacewalk-java-config-2.0.2-90.el5sat.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	6	noarch	spacewalk-taskomatic	< 1.7.54-131.el6sat	spacewalk-taskomatic-1.7.54-131.el6sat.noarch.rpm
RedHat	5	noarch	spacewalk-taskomatic	< 1.7.54-131.el5sat	spacewalk-taskomatic-1.7.54-131.el5sat.noarch.rpm
RedHat	5	src	spacewalk-java	< 2.0.2-90.el5sat	spacewalk-java-2.0.2-90.el5sat.src.rpm
RedHat	5	noarch	spacewalk-taskomatic	< 2.0.2-90.el5sat	spacewalk-taskomatic-2.0.2-90.el5sat.noarch.rpm
RedHat	6	noarch	spacewalk-java	< 1.7.54-131.el6sat	spacewalk-java-1.7.54-131.el6sat.noarch.rpm
RedHat	6	noarch	spacewalk-java-postgresql	< 2.0.2-90.el6sat	spacewalk-java-postgresql-2.0.2-90.el6sat.noarch.rpm
RedHat	5	noarch	spacewalk-java	< 2.0.2-90.el5sat	spacewalk-java-2.0.2-90.el5sat.noarch.rpm
RedHat	6	noarch	spacewalk-java-oracle	< 1.7.54-131.el6sat	spacewalk-java-oracle-1.7.54-131.el6sat.noarch.rpm
RedHat	6	src	spacewalk-java	< 1.7.54-131.el6sat	spacewalk-java-1.7.54-131.el6sat.src.rpm
RedHat	5	noarch	spacewalk-java-config	< 2.0.2-90.el5sat	spacewalk-java-config-2.0.2-90.el5sat.noarch.rpm

Rows per page:

1-10 of 261

0.003 Low

EPSS

Percentile

65.3%

JSON

Related for RHSA-2014:1762