An update is now available for Red Hat Satellite 6.4 for RHEL 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool.

Security Fix(es) :

* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) (CVE-2017-15095)

* hornetq: XXE/SSRF in XPath selector (CVE-2015-3208)

* bouncycastle: Information disclosure in GCMBlockCipher (CVE-2015-6644)

* bouncycastle: DSA does not fully validate ASN.1 encoding during signature verification allowing for injection of unsigned data (CVE-2016-1000338)

* bouncycastle: Information leak in AESFastEngine class (CVE-2016-1000339)

* bouncycastle: Information exposure in DSA signature generation via timing attack (CVE-2016-1000341)

* bouncycastle: ECDSA improper validation of ASN.1 encoding of signature (CVE-2016-1000342)

* bouncycastle: DHIES implementation allowed the use of ECB mode (CVE-2016-1000344)

* bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle attack (CVE-2016-1000345)

* bouncycastle: Other party DH public keys are not fully validated (CVE-2016-1000346)

* bouncycastle: ECIES implementation allowed the use of ECB mode (CVE-2016-1000352)

* logback: Serialization vulnerability in SocketServer and ServerSocketReceiver (CVE-2017-5929)

* python-django: Open redirect and possible XSS attack via user-supplied numeric redirect URLs (CVE-2017-7233)

* hibernate-validator: Privilege escalation when running under the security manager (CVE-2017-7536)

* puppet: Environment leakage in puppet-agent (CVE-2017-10690)

* Satellite 6: XSS in discovery rule filter autocomplete functionality (CVE-2017-12175)

* foreman: Stored XSS in fact name or value (CVE-2017-15100)

* pulp: sensitive credentials revealed through the API (CVE-2018-1090)

* foreman: SQL injection due to improper handling of the widget id parameter (CVE-2018-1096)

* foreman: Ovirt admin password exposed by foreman API (CVE-2018-1097)

* django: Catastrophic backtracking in regular expressions via 'urlize' and 'urlizetrunc' (CVE-2018-7536)

* django: Catastrophic backtracking in regular expressions via 'truncatechars_html' and 'truncatewords_html' (CVE-2018-7537)

* guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service (CVE-2018-10237)

* bouncycastle: Carry propagation bug in math.raw.Nat??? class (CVE-2016-1000340)

* bouncycastle: DSA key pair generator generates a weak private key by default (CVE-2016-1000343)

* puppet: Unpacking of tarballs in tar/mini.rb can create files with insecure permissions (CVE-2017-10689)

* bouncycastle: BKS-V1 keystore files vulnerable to trivial hash collisions (CVE-2018-5382)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-15095; and the Django project for reporting CVE-2017-7233, CVE-2018-7536, and CVE-2018-7537. The CVE-2017-7536 issue was discovered by Gunnar Morling (Red Hat); and the CVE-2018-1096 issue was discovered by Martin Povolny (Red Hat). Red Hat would also like to thank David Jorm (IIX Product Security) for reporting CVE-2015-3208.

Additional Changes :

This update also fixes several bugs and adds various enhancements.
Documentation for these changes is available from the Release Notes document linked to in the References section.

Detections

Analytics

RHEL 7 : Satellite Server (RHSA-2018:2927)

critical Nessus Plugin ID 118185

Version 1.10

Version 1.9

Version 1.10 Jul 30, 2024, 7:18 AM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") CVSSv2 score source (changed from "CVE-2018-5382" to "CVE-2017-5929") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202407300718
Version 1.9 Dec 6, 2022, 1:01 AM Reference Plugin Feed: 202212060101