Lucene search

RedHatRHSA-2019:0734

HistoryApr 09, 2019 - 5:15 p.m.

(RHSA-2019:0734) Important: katello-installer-base security and enhancement update

2019-04-0917:15:39

access.redhat.com

8 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

5.2 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

11.8%

JSON

The qpid-dispatch-router package provides remote host management functionality and is configured through the katello-installer-base package. Additional packages included contain enhancements to support the fix.

Security Fix(es):

qpid-dispatch-router: QMF methods exposed to goferd via qdrouterd (CVE-2019-3845)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This issue was discovered by Pavel Moravec (Red Hat).

OSVersionArchitecturePackageVersionFilename
RedHat7x86_64qpid-dispatch-tools< 0.8.0-16.el7satqpid-dispatch-tools-0.8.0-16.el7sat.x86_64.rpm
RedHat7x86_64qpid-cpp-debuginfo< 1.36.0-19.el7qpid-cpp-debuginfo-1.36.0-19.el7.x86_64.rpm
RedHat7x86_64qpid-cpp-server-linearstore< 1.36.0-19.el7qpid-cpp-server-linearstore-1.36.0-19.el7.x86_64.rpm
RedHat6noarchtfm-rubygem-foreman_theme_satellite< 0.1.47.5-1.el6sattfm-rubygem-foreman_theme_satellite-0.1.47.5-1.el6sat.noarch.rpm
RedHat6noarchpython-qpid< 1.35.0-5.el6python-qpid-1.35.0-5.el6.noarch.rpm
RedHat6x86_64libwebsockets-debuginfo< 2.1.0-3.el6libwebsockets-debuginfo-2.1.0-3.el6.x86_64.rpm
RedHat6x86_64tfm-rubygem-qpid_messaging< 1.36.0-6.el6sattfm-rubygem-qpid_messaging-1.36.0-6.el6sat.x86_64.rpm
RedHat6noarchkatello-installer-base< 3.0.0.105-1.el6satkatello-installer-base-3.0.0.105-1.el6sat.noarch.rpm
RedHat6x86_64qpid-cpp-client< 1.36.0-19.el6qpid-cpp-client-1.36.0-19.el6.x86_64.rpm
RedHat6x86_64qpid-proton-debuginfo< 0.16.0-12.el6satqpid-proton-debuginfo-0.16.0-12.el6sat.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	7	x86_64	qpid-dispatch-tools	< 0.8.0-16.el7sat	qpid-dispatch-tools-0.8.0-16.el7sat.x86_64.rpm
RedHat	7	x86_64	qpid-cpp-debuginfo	< 1.36.0-19.el7	qpid-cpp-debuginfo-1.36.0-19.el7.x86_64.rpm
RedHat	7	x86_64	qpid-cpp-server-linearstore	< 1.36.0-19.el7	qpid-cpp-server-linearstore-1.36.0-19.el7.x86_64.rpm
RedHat	6	noarch	tfm-rubygem-foreman_theme_satellite	< 0.1.47.5-1.el6sat	tfm-rubygem-foreman_theme_satellite-0.1.47.5-1.el6sat.noarch.rpm
RedHat	6	noarch	python-qpid	< 1.35.0-5.el6	python-qpid-1.35.0-5.el6.noarch.rpm
RedHat	6	x86_64	libwebsockets-debuginfo	< 2.1.0-3.el6	libwebsockets-debuginfo-2.1.0-3.el6.x86_64.rpm
RedHat	6	x86_64	tfm-rubygem-qpid_messaging	< 1.36.0-6.el6sat	tfm-rubygem-qpid_messaging-1.36.0-6.el6sat.x86_64.rpm
RedHat	6	noarch	katello-installer-base	< 3.0.0.105-1.el6sat	katello-installer-base-3.0.0.105-1.el6sat.noarch.rpm
RedHat	6	x86_64	qpid-cpp-client	< 1.36.0-19.el6	qpid-cpp-client-1.36.0-19.el6.x86_64.rpm
RedHat	6	x86_64	qpid-proton-debuginfo	< 0.16.0-12.el6sat	qpid-proton-debuginfo-0.16.0-12.el6sat.x86_64.rpm

Rows per page:

1-10 of 551

8 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

5.2 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

11.8%

JSON

Related for RHSA-2019:0734