Low: Red Hat Security Advisory: spacewalk-backend security update

An update for spacewalk-backend is now available for Red Hat Satellite 5.8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

spacewalk-proxy: Path traversal in proxy authentication cache

A path traversal flaw was found in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitrary code in the context of the httpd process...

Important: Red Hat Security Advisory: spacewalk-backend and spacewalk-proxy security update

An update for spacewalk-backend and spacewalk-proxy is now available for Red Hat Satellite Proxy v 5.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

PT-2019-11592 · Red Hat +1 · Spacewalk +1

Name of the Vulnerable Software and Affected Versions: Spacewalk versions prior to 2.10 Description: The issue arises from the unsafe computation of client token checksums. An attacker with a valid but expired authenticated set of headers could manipulate the session validity without altering the...

spacewalk spacewalk-proxy path traversal vulnerability

spacewalk is an open source Linux system management solution. spacewalk-proxy is one of the proxy programs. A path traversal vulnerability in spacewalk spacewalk-proxy version 2.9, which arises from a failure of a networked system or product to properly filter special elements in the path of a...

SUSE-RU-2019:1703-1 Security update for SUSE Manager Server 3.2

This update fixes the following issues: cobbler: - Removes string replace for textmode fix bsc1134195 py26-compat-salt: - Avoid syntax error on yumpkg module running on Python 2.6 bsc1136250 - Use ThreadPool from multiprocessing.pool to avoid leakins when calculating FQDNs - Fix usermod options f...

SUSE-SU-2019:1703-1 Security update for SUSE Manager Server 3.2

This update fixes the following issues: cobbler: - Removes string replace for textmode fix bsc1134195 py26-compat-salt: - Avoid syntax error on yumpkg module running on Python 2.6 bsc1136250 - Use ThreadPool from multiprocessing.pool to avoid leakins when calculating FQDNs - Fix usermod options f...

rhn-tools:1.0 bug fix update

An update is available for osad, spacewalk-abrt, rhn-custom-info, rhncfg, spacewalk-oscap, spacewalk-backend, rhn-virtualization, spacewalk-usix, rhnpush, spacewalk-client-cert, cobbler. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

rhn-tools:1.0 bug fix update

An update is available for osad, spacewalk-abrt, rhn-custom-info, rhncfg, spacewalk-koan, spacewalk-oscap, spacewalk-backend, rhn-virtualization, spacewalk-usix, rhnpush, spacewalk-client-cert, cobbler, spacewalk-remote-utils. This update affects Rocky Linux 8. A Common Vulnerability Scoring Syst...

ALBA-2019:0986 rhn-tools:1.0 bug fix update

AlmaLinux Network Tools provide programs and libraries that allow your system to use provisioning, monitoring, and configuration management capabilities provided by AlmaLinux Network and AlmaLinux Network Satellite. The spacewalk-remote-utils package contains the spacewalk-create-channel utility...

Cross-Site Scripting (XSS)

Red Hat Satellite is vulnerable to cross-site scripting XSS. The vulnerability exists in the way spacewalk-java displays group names. This allows an attacker to inject arbitrary web script or HTML into the web page that is then displayed when viewing the snapshot data...

Arbitrary Code Execution

spacewalk-java is vulnerable to arbitrary code execution. The vulnerability is exploitable through Java Web Start applications, and sandboxed Java applets...

Multiple Cross-site Scripting (XSS)

Spacewalk Web-UI and Red Hat Satellite 5.7 is vulnerable to cross-site scripting XSS attacks. The vulnerability exists because it does not properly sanitize parameters in systems/SystemEntitlements.do; and admin/multiorg/EntitlementDetails.do, allowing the attacker to inject arbitrary script...

Cross-site Scripting (XSS)

spacewalk is vulnerable to cross-site scripting XSS. The vulnerability exists as remotely authenticated users can inject arbitrary web script through the System Groups field...

SUSE-RU-2019:1006-1 Security update for SUSE Manager Server 3.2

This update includes the following new features: to the repository metadata fate325676 This update fixes the following issues: apache-commons-lang3: - Run fdupes on javadoc - Specify java target and source level 1.6 to make package compatible with JDK = 1.8 cobbler: - Fixes case where distributio...

PT-2019-2951 · Red Hat +1 · Spacewalk-Proxy +1

Name of the Vulnerable Software and Affected Versions: spacewalk-proxy versions through 2.9 Description: A path traversal flaw was found in the way the proxy processes cached client tokens. This issue could allow a remote, unauthenticated attacker to test the existence of arbitrary files or execu...

SUSE-SU-2019:0863-1 Security update for SUSE Manager Server 3.1

This update fixes the following issues: cobbler: - Fixes case where distribution detection returns None bsc1130658 - SUSE texmode fix bsc1109316 - Fix for SUSE distribution detection in ISO building bsc1123991 py26-compat-salt: - Remove arch from name when pkg.listpkgs is called with 'attr'...

SUSE-RU-2019:0341-1 Security update for SUSE Manager Server 3.2

This update fixes the following issues: branch-network-formula: - Netconfig update requires bind directory to exists for bind forward, ensure it bsc1116365 - Rework network update in branch-network formula bsc1116365 py26-compat-salt: - Remove arch from name when pkg.listpkgs is called with 'attr...

Cross-site Scripting (XSS)

spacewalk-schema is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as a cross-site scripting XSS flaw was found in how an organization name is displayed in Satellite 5, before 5.8. A user able to change an organization's name could exploit this flaw to perform XSS attack...

Cross-site Scripting (XSS)

spacewalk-backend is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as a cross-site scripting XSS flaw was found in how the failed action entry is processed in Red Hat Satellite before version 5.8.0. A user able to specify a failed action could exploit this flaw to perfo...