Red Hat Satellite is a system management tool for Linux-based
infrastructures. It allows for provisioning, monitoring, and remote
management of multiple Linux deployments with a single, centralized tool.
It was found that the RPC interface in Satellite would resolve external
entities, allowing an attacker to conduct XML External Entity (XXE)
attacks. A remote attacker could use this flaw to read files accessible to
the user running the Satellite server, and potentially perform other more
advanced XXE attacks. (CVE-2014-8162)
Red Hat would like to thank Travis Emmert for reporting this issue.
All spacewalk users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | noarch | spacewalk-java-postgresql | < 2.3.8-103.el6sat | spacewalk-java-postgresql-2.3.8-103.el6sat.noarch.rpm |
RedHat | 6 | noarch | spacewalk-taskomatic | < 2.3.8-103.el6sat | spacewalk-taskomatic-2.3.8-103.el6sat.noarch.rpm |
RedHat | 6 | noarch | spacewalk-java | < 2.3.8-103.el6sat | spacewalk-java-2.3.8-103.el6sat.noarch.rpm |
RedHat | 6 | noarch | spacewalk-java-lib | < 2.3.8-103.el6sat | spacewalk-java-lib-2.3.8-103.el6sat.noarch.rpm |
RedHat | 6 | src | spacewalk-setup | < 2.3.0-17.el6sat | spacewalk-setup-2.3.0-17.el6sat.src.rpm |
RedHat | 6 | noarch | spacewalk-java-config | < 2.3.8-103.el6sat | spacewalk-java-config-2.3.8-103.el6sat.noarch.rpm |
RedHat | 6 | noarch | spacewalk-setup | < 2.3.0-17.el6sat | spacewalk-setup-2.3.0-17.el6sat.noarch.rpm |
RedHat | 6 | src | spacewalk-java | < 2.3.8-103.el6sat | spacewalk-java-2.3.8-103.el6sat.src.rpm |
RedHat | 6 | noarch | spacewalk-java-oracle | < 2.3.8-103.el6sat | spacewalk-java-oracle-2.3.8-103.el6sat.noarch.rpm |