Lucene search

K
redhatRedHatRHSA-2018:2927
HistoryOct 16, 2018 - 2:18 p.m.

(RHSA-2018:2927) Important: Satellite 6.4 security, bug fix, and enhancement update

2018-10-1614:18:07
access.redhat.com
195

0.571 Medium

EPSS

Percentile

97.7%

Red Hat Satellite is a systems management tool for Linux-based infrastructure.
It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool.

Security Fix(es):

  • jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) (CVE-2017-15095)

  • hornetq: XXE/SSRF in XPath selector (CVE-2015-3208)

  • bouncycastle: Information disclosure in GCMBlockCipher (CVE-2015-6644)

  • bouncycastle: DSA does not fully validate ASN.1 encoding during signature verification allowing for injection of unsigned data (CVE-2016-1000338)

  • bouncycastle: Information leak in AESFastEngine class (CVE-2016-1000339)

  • bouncycastle: Information exposure in DSA signature generation via timing attack (CVE-2016-1000341)

  • bouncycastle: ECDSA improper validation of ASN.1 encoding of signature (CVE-2016-1000342)

  • bouncycastle: DHIES implementation allowed the use of ECB mode (CVE-2016-1000344)

  • bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle attack (CVE-2016-1000345)

  • bouncycastle: Other party DH public keys are not fully validated (CVE-2016-1000346)

  • bouncycastle: ECIES implementation allowed the use of ECB mode (CVE-2016-1000352)

  • logback: Serialization vulnerability in SocketServer and ServerSocketReceiver (CVE-2017-5929)

  • python-django: Open redirect and possible XSS attack via user-supplied numeric redirect URLs (CVE-2017-7233)

  • hibernate-validator: Privilege escalation when running under the security manager (CVE-2017-7536)

  • puppet: Environment leakage in puppet-agent (CVE-2017-10690)

  • Satellite 6: XSS in discovery rule filter autocomplete functionality (CVE-2017-12175)

  • foreman: Stored XSS in fact name or value (CVE-2017-15100)

  • pulp: sensitive credentials revealed through the API (CVE-2018-1090)

  • foreman: SQL injection due to improper handling of the widget id parameter (CVE-2018-1096)

  • foreman: Ovirt admin password exposed by foreman API (CVE-2018-1097)

  • django: Catastrophic backtracking in regular expressions via ‘urlize’ and ‘urlizetrunc’ (CVE-2018-7536)

  • django: Catastrophic backtracking in regular expressions via ‘truncatechars_html’ and ‘truncatewords_html’ (CVE-2018-7537)

  • guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service (CVE-2018-10237)

  • bouncycastle: Carry propagation bug in math.raw.Nat??? class (CVE-2016-1000340)

  • bouncycastle: DSA key pair generator generates a weak private key by default (CVE-2016-1000343)

  • puppet: Unpacking of tarballs in tar/mini.rb can create files with insecure permissions (CVE-2017-10689)

  • bouncycastle: BKS-V1 keystore files vulnerable to trivial hash collisions (CVE-2018-5382)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-15095; and the Django project for reporting CVE-2017-7233, CVE-2018-7536, and CVE-2018-7537. The CVE-2017-7536 issue was discovered by Gunnar Morling (Red Hat); and the CVE-2018-1096 issue was discovered by Martin Povolny (Red Hat). Red Hat would also like to thank David Jorm (IIX Product Security) for reporting CVE-2015-3208.

Additional Changes:

This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.