(RHSA-2019:3172) Moderate: Red Hat Satellite 6 security, bug fix, and enhancement update

2019-10-2212:34:42

access.redhat.com

106

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

74.3%

JSON

Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool.

Security Fix(es):

rubygem-rack: Buffer size in multipart parser allows for denial of service (CVE-2018-16470)
dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents (CVE-2018-1000632)
foreman: authorization bypasses in foreman-tasks leading to information disclosure (CVE-2019-10198)
katello: registry credentials are captured in plain text during repository discovery (CVE-2019-14825)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat7noarchtfm-ror52-rubygem-rack-protection< 2.0.3-1.el7sattfm-ror52-rubygem-rack-protection-2.0.3-1.el7sat.noarch.rpm
RedHat7noarchpython-pulp-repoauth< 2.19.1.1-1.el7satpython-pulp-repoauth-2.19.1.1-1.el7sat.noarch.rpm
RedHat7noarchtfm-rubygem-little-plugger< 1.1.3-24.el7sattfm-rubygem-little-plugger-1.1.3-24.el7sat.noarch.rpm
RedHat7x86_64tfm-ror52-rubygem-nio4r< 2.3.1-1.el7sattfm-ror52-rubygem-nio4r-2.3.1-1.el7sat.x86_64.rpm
RedHat7noarchpython-pulp-agent-lib< 2.19.1.1-1.el7satpython-pulp-agent-lib-2.19.1.1-1.el7sat.noarch.rpm
RedHat7noarchpython2-kombu< 4.0.2-13.el7satpython2-kombu-4.0.2-13.el7sat.noarch.rpm
RedHat7noarchrubygem-faraday< 0.15.4-1.el7satrubygem-faraday-0.15.4-1.el7sat.noarch.rpm
RedHat7noarchtfm-rubygem-record_tag_helper< 1.0.0-2.el7sattfm-rubygem-record_tag_helper-1.0.0-2.el7sat.noarch.rpm
RedHat7noarchtfm-rubygem-foreman_theme_satellite< 4.0.1.7-1.el7sattfm-rubygem-foreman_theme_satellite-4.0.1.7-1.el7sat.noarch.rpm
RedHat7noarchtfm-rubygem-foreman_docker< 5.0.0.1-1.el7sattfm-rubygem-foreman_docker-5.0.0.1-1.el7sat.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	7	noarch	tfm-ror52-rubygem-rack-protection	< 2.0.3-1.el7sat	tfm-ror52-rubygem-rack-protection-2.0.3-1.el7sat.noarch.rpm
RedHat	7	noarch	python-pulp-repoauth	< 2.19.1.1-1.el7sat	python-pulp-repoauth-2.19.1.1-1.el7sat.noarch.rpm
RedHat	7	noarch	tfm-rubygem-little-plugger	< 1.1.3-24.el7sat	tfm-rubygem-little-plugger-1.1.3-24.el7sat.noarch.rpm
RedHat	7	x86_64	tfm-ror52-rubygem-nio4r	< 2.3.1-1.el7sat	tfm-ror52-rubygem-nio4r-2.3.1-1.el7sat.x86_64.rpm
RedHat	7	noarch	python-pulp-agent-lib	< 2.19.1.1-1.el7sat	python-pulp-agent-lib-2.19.1.1-1.el7sat.noarch.rpm
RedHat	7	noarch	python2-kombu	< 4.0.2-13.el7sat	python2-kombu-4.0.2-13.el7sat.noarch.rpm
RedHat	7	noarch	rubygem-faraday	< 0.15.4-1.el7sat	rubygem-faraday-0.15.4-1.el7sat.noarch.rpm
RedHat	7	noarch	tfm-rubygem-record_tag_helper	< 1.0.0-2.el7sat	tfm-rubygem-record_tag_helper-1.0.0-2.el7sat.noarch.rpm
RedHat	7	noarch	tfm-rubygem-foreman_theme_satellite	< 4.0.1.7-1.el7sat	tfm-rubygem-foreman_theme_satellite-4.0.1.7-1.el7sat.noarch.rpm
RedHat	7	noarch	tfm-rubygem-foreman_docker	< 5.0.0.1-1.el7sat	tfm-rubygem-foreman_docker-5.0.0.1-1.el7sat.noarch.rpm