Red Hat Satellite is a systems management tool for Linux-based
infrastructures. It allows for provisioning, monitoring, and remote
management of multiple Linux deployments with a single, centralized tool.
The spacewalk-java packages contain the code for the Java version of the
Spacewalk Web site.
Stored and reflected cross-site scripting (XSS) flaws were found in the way
spacewalk-java displayed certain information. By sending a specially
crafted request to Satellite, a remote, authenticated attacker could embed
HTML content into the stored data, allowing them to inject malicious
content into the web page that is used to view that data. (CVE-2014-3654)
Red Hat would like to thank Ron Bowes of Google for reporting this issue.
All spacewalk-java users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | noarch | spacewalk-taskomatic | < 1.7.54-131.el6sat | spacewalk-taskomatic-1.7.54-131.el6sat.noarch.rpm |
RedHat | 5 | noarch | spacewalk-taskomatic | < 1.7.54-131.el5sat | spacewalk-taskomatic-1.7.54-131.el5sat.noarch.rpm |
RedHat | 5 | src | spacewalk-java | < 2.0.2-90.el5sat | spacewalk-java-2.0.2-90.el5sat.src.rpm |
RedHat | 5 | noarch | spacewalk-taskomatic | < 2.0.2-90.el5sat | spacewalk-taskomatic-2.0.2-90.el5sat.noarch.rpm |
RedHat | 6 | noarch | spacewalk-java | < 1.7.54-131.el6sat | spacewalk-java-1.7.54-131.el6sat.noarch.rpm |
RedHat | 6 | noarch | spacewalk-java-postgresql | < 2.0.2-90.el6sat | spacewalk-java-postgresql-2.0.2-90.el6sat.noarch.rpm |
RedHat | 5 | noarch | spacewalk-java | < 2.0.2-90.el5sat | spacewalk-java-2.0.2-90.el5sat.noarch.rpm |
RedHat | 6 | noarch | spacewalk-java-oracle | < 1.7.54-131.el6sat | spacewalk-java-oracle-1.7.54-131.el6sat.noarch.rpm |
RedHat | 6 | src | spacewalk-java | < 1.7.54-131.el6sat | spacewalk-java-1.7.54-131.el6sat.src.rpm |
RedHat | 5 | noarch | spacewalk-java-config | < 2.0.2-90.el5sat | spacewalk-java-config-2.0.2-90.el5sat.noarch.rpm |