SUSE-SU-2026:1146-1 Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools

This update fixes the following issues: mgr-push: - Version 5.2.3-0 Disable build for SLES 16 rhnlib: - Version 5.2.4-0 Disable build for SLES 16 spacecmd: - Version 5.2.6-0 Update translation strings spacewalk-client-tools: - Version 5.2.4-0 Disable build for SLES 16 uyuni-common-libs: - Version...

Security update 5.1.2 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-QubitProducts-exporterexporter: Non-customer-facing optimization around source building golang-github-lusitaniae-apacheexporter: Build without apparmor for openSUSE Leap 16, SLES 16 or newer Require Go 1.23 for building Update to version 1.0.1...

EUVD-2008-3258

Malware in sbrugna...

EUVD-2012-5454

Malware in sbrugna...

RHSA-2010:0449 Red Hat Security Advisory: rhn-client-tools security update

Bulletin has no description...

RHSA-2008:0815 Red Hat Security Advisory: yum-rhn-plugin security update

Bulletin has no description...

RHSA-2013:1513 Red Hat Security Advisory: rhn-java-sat security update

Bulletin has no description...

RHEL 6 : rhn-client-tools (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rhn-setup: rhnregks fails to properly validate SSL/TLS certificates CVE-2015-1777 Note that Nessus has not tested f...

SUSE CVE-2012-5562

A flaw was found in rhn-proxy. This vulnerability may allow the rhn-proxy to transmit user credentials in clear-text when it accesses RHN Satellite. This could lead to information disclosure, where sensitive authentication details are exposed to unauthorized parties...

SUSE CVE-2013-1871

Cross-site scripting XSS vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network RHN Satellite 5.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter...

SUSE CVE-2014-8162

XML external entity XXE in the RPC interface in Spacewalk and Red Hat Network RHN Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors...

SUSE CVE-2017-7470

It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py...

SUSE CVE-2022-43754

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to embed...

spacewalk-backend spacewalk-java security update

spacewalk-backend 2.10.28-1.0.13 - Fix HTTP 500 and ORA-01830 on client scap report Orabug: 34823889 2.10.28-1.0.12 - Handle remote commands that return no output. Orabug: 32530545 2.10.28-1.0.11 - Make spacewalk-debug copy symlink target instead of the symlink itself. Orabug: 32514543...

Improper Control of Generation of Code ('Code Injection')

CVE-2010-2235 RHN Satellite cobbler: Code injection flaw ACE as root by processing of a specially-crafted kickstart template file...

CVE-2021-40348

Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, according to the installation...

PT-2021-22868 · Suse +1 · Uyuni +2

Name of the Vulnerable Software and Affected Versions: Spacewalk version 2.10 Uyuni version 2021.08 Uyuni spacewalk-admin versions prior to 4.3.2-1 Description: The issue allows code injection due to the lack of sanitization of the configuration filename used by the rhn-config-satellite.pl script...

Denial Of Service (DoS)

spacewalk-backend is vulnerable to denial of service. It was found that a remote attacker could upload packages to an RHN Satellite server's NULL organization without any authorization or authentication. The NULL organization stores packages synced from RHN Hosted. Although an attacker cannot put...

Cross-site Scripting (XSS)

spacewalk-web is vulnerable to cross-site scripting XSS. The vulnerability exists as an authenticated RHN Satellite user could use this flaw to perform a cross-site scripting attack against other authenticated users who are using the RHN Satellite web interface...

Cross-site Scripting (XSS)

spacewalk-java is vulnerable to cross-site scripting XSS. The vulnerability exists as a remote attacker could use these flaws to perform a cross-site scripting attack against victims using the RHN Satellite web interface...