-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Satellite 6.1.5 bug fix update Advisory ID: RHSA-2015:2622-01 Product: Red Hat Satellite 6 Advisory URL: https://access.redhat.com/errata/RHSA-2015:2622 Issue date: 2015-12-15 CVE Names: CVE-2015-5233 ===================================================================== 1. Summary: Updated Satellite 6.1 packages that fix one security issue, add one enhancement, and fix several bugs are available for Satellite 6.1.5. Red Hat Product Security has rated this update as having Moderate Security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Satellite 6.1 - noarch, x86_64 Red Hat Satellite Capsule 6.1 - noarch, x86_64 3. Description: Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments. The following security issue is addressed with this release: Satellite failed to properly enforce permissions on the show and destroy actions for reports. This could lead to an authenticated user with show and/or destroy report permissions being able to view and/or delete any reports held in Foreman. (CVE-2015-5233) In addition, this update adds the following enhancement: * Satellite 6 has been enhanced with the PXE-Less Discovery feature. This feature supports the use of a single ISO to provision machines against specific host groups. The users can provide the network information so that the host does not need to be created on Satellite in advance and DHCP does not need to be used. (BZ#1258061) This update also fixes the following bugs: * The installer was not processing the '\' character correctly, leading to failed installations using proxies. This character is now handled correctly, improving the installation experience. (BZ#1180637) * Help text provided by the installer had a typo which has now been fixed. (BZ#1209139) * The hammer container list command did not provide the container ID. This data is now provided. (BZ#1230915) * Repository Sync Tasks in the UI were reported as successful if there was an unhandled exception in the code. These exceptions are now handled correctly, and the correct status is reported. (BZ#1246054) * The installer would remove the dhcpd.conf even if the installer was told not to. This would remove users' configurations. The installer has been updated to not manage this file unless requested. (BZ#1247397) * The history diff page for templates was opening two pages when only one was required. The duplicate page is no longer opened. (BZ#1254909) * During provisioning, the default root password was not used when a hostgroup had a blank string for the root password. Since the UI can not set an empty value, the code was updated to cause either no or an empty root password to use the default. (BZ#1255021) * Multi selection was not working for discovered hosts. This feature is now working. (BZ#1258521) * When there is a mac address conflict, discovered hosts to not change their state to "Built." The code has been updated to handle this case. (BZ#1258578) * Deleting a lifecycle environment would fail with a "dependent hosts" error. This was due to an incorrect mapping between environments and hosts. This mapping has been fixed, and the environments can be deleted. (BZ#1269441) * There were performance issues in package installations. The speed of this action has been improved (BZ#1276443, BZ#1269509, BZ#1277269) * Synchronization tasks seemed to be randomly stuck to do timeouts. The locking in the qpid code has been improved to keep these tasks from getting stuck (BZ#1279502) * This change enables users of CloudForms 4.0 to proxy Red Hat Insights requests through Satellite. The Satellite can now act as a proxy for both CloudForms 4.0 and Satellite-only use cases. (BZ#1276676) Users of Red Hat Satellite are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update this system to include these fixes ensure your system has access to the latest Red Hat packages. For instructions how to apply this update, refer to: https://access.redhat.com/articles/11258 Then re-run the installer to complete the upgrade: # katello-installer --upgrade or # capsule-installer --upgrade 5. Bugs fixed (https://bugzilla.redhat.com/): 1180637 - katello-installer use character "\" in proxy-username option 1209139 - trailing double quote character when installer prints how to continue with capsule installer 1209929 - Task details popup window is automatically closed on task refresh 1230915 - hammer container list does not show the id 1246054 - Actions::Katello::Repository::Sync reports success regardless errors 1254909 - show diff on history tab opens two browser tabs with diff page 1255021 - default root_pass not used if password field is an empty string 1258061 - [RFE] PXELess Discovery 1258521 - Multiple selection does not work for Discovery 1258578 - Discovered hosts fail to move to 'built' due to DHCP conflict 1262443 - CVE-2015-5233 foreman: reports show/destroy not restricted by host authorization 1263741 - CVE-2015-5233 - reports show/destroy not restricted by host authorization 1269509 - Package installation via Satellite 6.1 is much slower than yum 1276443 - Package installation via the host errata page times out after ~120 seconds 1276676 - Red Hat Insights Proxy for CFME throws exception when creating report subsets 1277269 - Installing large number of errata updates causes rpmdb failures 1279502 - Pulp tasks randomly stuck at waiting or running 6. Package List: Red Hat Satellite Capsule 6.1: Source: foreman-1.7.2.49-1.el6_6sat.src.rpm foreman-discovery-image-3.0.5-3.el7sat.src.rpm foreman-discovery-image-3.0.5-3.el7sat.src.rpm foreman-proxy-1.7.2.7-1.el6.src.rpm gofer-2.6.8-1.el6.src.rpm katello-agent-2.2.6-1.el6.src.rpm katello-installer-base-2.3.22-1.el6.src.rpm python-nectar-1.3.4-1.el6.src.rpm python-qpid-0.30-7.el6.src.rpm qpid-dispatch-0.4-11.el6.src.rpm qpid-proton-0.9-11.el6.src.rpm rubygem-smart_proxy_discovery-1.0.3-2.el6.src.rpm rubygem-smart_proxy_discovery_image-1.0.5-3.el6.src.rpm noarch: capsule-installer-2.3.22-1.el6.noarch.rpm foreman-debug-1.7.2.49-1.el6_6sat.noarch.rpm foreman-discovery-image-3.0.5-3.el7sat.noarch.rpm foreman-discovery-image-3.0.5-3.el7sat.noarch.rpm foreman-proxy-1.7.2.7-1.el6.noarch.rpm gofer-2.6.8-1.el6.noarch.rpm katello-agent-2.2.6-1.el6.noarch.rpm katello-installer-base-2.3.22-1.el6.noarch.rpm python-gofer-2.6.8-1.el6.noarch.rpm python-gofer-proton-2.6.8-1.el6.noarch.rpm python-gofer-qpid-2.6.8-1.el6.noarch.rpm python-nectar-1.3.4-1.el6.noarch.rpm python-qpid-0.30-7.el6.noarch.rpm rubygem-smart_proxy_discovery-1.0.3-2.el6.noarch.rpm rubygem-smart_proxy_discovery_image-1.0.5-3.el6.noarch.rpm x86_64: libqpid-dispatch-0.4-11.el6.x86_64.rpm python-qpid-proton-0.9-11.el6.x86_64.rpm qpid-dispatch-debuginfo-0.4-11.el6.x86_64.rpm qpid-dispatch-router-0.4-11.el6.x86_64.rpm qpid-proton-c-0.9-11.el6.x86_64.rpm qpid-proton-debuginfo-0.9-11.el6.x86_64.rpm Red Hat Satellite 6.1: Source: foreman-1.7.2.49-1.el6_6sat.src.rpm foreman-discovery-image-3.0.5-3.el7sat.src.rpm foreman-discovery-image-3.0.5-3.el7sat.src.rpm foreman-proxy-1.7.2.7-1.el6.src.rpm gofer-2.6.8-1.el6.src.rpm katello-agent-2.2.6-1.el6.src.rpm katello-installer-base-2.3.22-1.el6.src.rpm python-nectar-1.3.4-1.el6.src.rpm python-qpid-0.30-7.el6.src.rpm qpid-dispatch-0.4-11.el6.src.rpm qpid-proton-0.9-11.el6.src.rpm ruby193-rubygem-foreman-redhat_access-0.2.4-1.el6_6sat.src.rpm ruby193-rubygem-foreman_bootdisk-4.0.2.14-1.el6_6sat.src.rpm ruby193-rubygem-foreman_discovery-2.0.0.23-1.el6_6sat.src.rpm ruby193-rubygem-katello-2.2.0.77-1.el6_6sat.src.rpm ruby193-rubygem-redhat_access_lib-0.0.6-1.el6_6sat.src.rpm rubygem-hammer_cli_foreman_docker-0.0.3.10-1.el6.src.rpm rubygem-newt-0.9.6-1.el6.src.rpm rubygem-smart_proxy_discovery-1.0.3-2.el6.src.rpm rubygem-smart_proxy_discovery_image-1.0.5-3.el6.src.rpm noarch: foreman-1.7.2.49-1.el6_6sat.noarch.rpm foreman-compute-1.7.2.49-1.el6_6sat.noarch.rpm foreman-debug-1.7.2.49-1.el6_6sat.noarch.rpm foreman-discovery-image-3.0.5-3.el7sat.noarch.rpm foreman-discovery-image-3.0.5-3.el7sat.noarch.rpm foreman-gce-1.7.2.49-1.el6_6sat.noarch.rpm foreman-libvirt-1.7.2.49-1.el6_6sat.noarch.rpm foreman-ovirt-1.7.2.49-1.el6_6sat.noarch.rpm foreman-postgresql-1.7.2.49-1.el6_6sat.noarch.rpm foreman-proxy-1.7.2.7-1.el6.noarch.rpm foreman-vmware-1.7.2.49-1.el6_6sat.noarch.rpm gofer-2.6.8-1.el6.noarch.rpm katello-agent-2.2.6-1.el6.noarch.rpm katello-installer-2.3.22-1.el6.noarch.rpm katello-installer-base-2.3.22-1.el6.noarch.rpm python-gofer-2.6.8-1.el6.noarch.rpm python-gofer-proton-2.6.8-1.el6.noarch.rpm python-gofer-qpid-2.6.8-1.el6.noarch.rpm python-nectar-1.3.4-1.el6.noarch.rpm python-qpid-0.30-7.el6.noarch.rpm ruby193-rubygem-foreman-redhat_access-0.2.4-1.el6_6sat.noarch.rpm ruby193-rubygem-foreman_bootdisk-4.0.2.14-1.el6_6sat.noarch.rpm ruby193-rubygem-foreman_discovery-2.0.0.23-1.el6_6sat.noarch.rpm ruby193-rubygem-katello-2.2.0.77-1.el6_6sat.noarch.rpm ruby193-rubygem-redhat_access_lib-0.0.6-1.el6_6sat.noarch.rpm rubygem-hammer_cli_foreman_docker-0.0.3.10-1.el6.noarch.rpm rubygem-hammer_cli_foreman_docker-doc-0.0.3.10-1.el6.noarch.rpm rubygem-smart_proxy_discovery-1.0.3-2.el6.noarch.rpm rubygem-smart_proxy_discovery_image-1.0.5-3.el6.noarch.rpm x86_64: libqpid-dispatch-0.4-11.el6.x86_64.rpm python-qpid-proton-0.9-11.el6.x86_64.rpm qpid-dispatch-debuginfo-0.4-11.el6.x86_64.rpm qpid-dispatch-router-0.4-11.el6.x86_64.rpm qpid-dispatch-tools-0.4-11.el6.x86_64.rpm qpid-proton-c-0.9-11.el6.x86_64.rpm qpid-proton-debuginfo-0.9-11.el6.x86_64.rpm rubygem-newt-0.9.6-1.el6.x86_64.rpm rubygem-newt-debuginfo-0.9.6-1.el6.x86_64.rpm Red Hat Satellite Capsule 6.1: Source: foreman-1.7.2.49-1.el7sat.src.rpm foreman-discovery-image-3.0.5-3.el7sat.src.rpm foreman-discovery-image-3.0.5-3.el7sat.src.rpm foreman-proxy-1.7.2.7-1.el7sat.src.rpm gofer-2.6.8-1.el7sat.src.rpm katello-agent-2.2.6-1.el7sat.src.rpm katello-installer-base-2.3.22-1.el7sat.src.rpm python-nectar-1.3.4-1.el7sat.src.rpm python-qpid-0.30-7.el7.src.rpm qpid-dispatch-0.4-11.el7.src.rpm qpid-proton-0.9-11.el7.src.rpm rubygem-hammer_cli_foreman_docker-0.0.3.10-1.el7sat.src.rpm rubygem-smart_proxy_discovery-1.0.3-2.el7sat.src.rpm rubygem-smart_proxy_discovery_image-1.0.5-3.el7sat.src.rpm noarch: capsule-installer-2.3.22-1.el7sat.noarch.rpm foreman-debug-1.7.2.49-1.el7sat.noarch.rpm foreman-discovery-image-3.0.5-3.el7sat.noarch.rpm foreman-discovery-image-3.0.5-3.el7sat.noarch.rpm foreman-proxy-1.7.2.7-1.el7sat.noarch.rpm gofer-2.6.8-1.el7sat.noarch.rpm katello-agent-2.2.6-1.el7sat.noarch.rpm katello-installer-base-2.3.22-1.el7sat.noarch.rpm python-gofer-2.6.8-1.el7sat.noarch.rpm python-gofer-proton-2.6.8-1.el7sat.noarch.rpm python-gofer-qpid-2.6.8-1.el7sat.noarch.rpm python-nectar-1.3.4-1.el7sat.noarch.rpm python-qpid-0.30-7.el7.noarch.rpm rubygem-hammer_cli_foreman_docker-0.0.3.10-1.el7sat.noarch.rpm rubygem-hammer_cli_foreman_docker-doc-0.0.3.10-1.el7sat.noarch.rpm rubygem-smart_proxy_discovery-1.0.3-2.el7sat.noarch.rpm rubygem-smart_proxy_discovery_image-1.0.5-3.el7sat.noarch.rpm x86_64: libqpid-dispatch-0.4-11.el7.x86_64.rpm python-qpid-proton-0.9-11.el7.x86_64.rpm qpid-dispatch-debuginfo-0.4-11.el7.x86_64.rpm qpid-dispatch-router-0.4-11.el7.x86_64.rpm qpid-proton-c-0.9-11.el7.x86_64.rpm qpid-proton-debuginfo-0.9-11.el7.x86_64.rpm Red Hat Satellite 6.1: Source: foreman-1.7.2.49-1.el7sat.src.rpm foreman-discovery-image-3.0.5-3.el7sat.src.rpm foreman-discovery-image-3.0.5-3.el7sat.src.rpm foreman-proxy-1.7.2.7-1.el7sat.src.rpm gofer-2.6.8-1.el7sat.src.rpm katello-agent-2.2.6-1.el7sat.src.rpm katello-installer-base-2.3.22-1.el7sat.src.rpm python-nectar-1.3.4-1.el7sat.src.rpm python-qpid-0.30-7.el7.src.rpm qpid-dispatch-0.4-11.el7.src.rpm qpid-proton-0.9-11.el7.src.rpm ruby193-rubygem-foreman-redhat_access-0.2.4-1.el7sat.src.rpm ruby193-rubygem-foreman_bootdisk-4.0.2.14-1.el7sat.src.rpm ruby193-rubygem-foreman_discovery-2.0.0.23-1.el7sat.src.rpm ruby193-rubygem-katello-2.2.0.77-1.el7sat.src.rpm ruby193-rubygem-redhat_access_lib-0.0.6-1.el7sat.src.rpm rubygem-hammer_cli_foreman_docker-0.0.3.10-1.el7sat.src.rpm rubygem-smart_proxy_discovery-1.0.3-2.el7sat.src.rpm rubygem-smart_proxy_discovery_image-1.0.5-3.el7sat.src.rpm noarch: foreman-1.7.2.49-1.el7sat.noarch.rpm foreman-compute-1.7.2.49-1.el7sat.noarch.rpm foreman-debug-1.7.2.49-1.el7sat.noarch.rpm foreman-discovery-image-3.0.5-3.el7sat.noarch.rpm foreman-discovery-image-3.0.5-3.el7sat.noarch.rpm foreman-gce-1.7.2.49-1.el7sat.noarch.rpm foreman-libvirt-1.7.2.49-1.el7sat.noarch.rpm foreman-ovirt-1.7.2.49-1.el7sat.noarch.rpm foreman-postgresql-1.7.2.49-1.el7sat.noarch.rpm foreman-proxy-1.7.2.7-1.el7sat.noarch.rpm foreman-vmware-1.7.2.49-1.el7sat.noarch.rpm gofer-2.6.8-1.el7sat.noarch.rpm katello-agent-2.2.6-1.el7sat.noarch.rpm katello-installer-2.3.22-1.el7sat.noarch.rpm katello-installer-base-2.3.22-1.el7sat.noarch.rpm python-gofer-2.6.8-1.el7sat.noarch.rpm python-gofer-proton-2.6.8-1.el7sat.noarch.rpm python-gofer-qpid-2.6.8-1.el7sat.noarch.rpm python-nectar-1.3.4-1.el7sat.noarch.rpm python-qpid-0.30-7.el7.noarch.rpm ruby193-rubygem-foreman-redhat_access-0.2.4-1.el7sat.noarch.rpm ruby193-rubygem-foreman_bootdisk-4.0.2.14-1.el7sat.noarch.rpm ruby193-rubygem-foreman_discovery-2.0.0.23-1.el7sat.noarch.rpm ruby193-rubygem-katello-2.2.0.77-1.el7sat.noarch.rpm ruby193-rubygem-redhat_access_lib-0.0.6-1.el7sat.noarch.rpm rubygem-hammer_cli_foreman_docker-0.0.3.10-1.el7sat.noarch.rpm rubygem-hammer_cli_foreman_docker-doc-0.0.3.10-1.el7sat.noarch.rpm rubygem-smart_proxy_discovery-1.0.3-2.el7sat.noarch.rpm rubygem-smart_proxy_discovery_image-1.0.5-3.el7sat.noarch.rpm x86_64: libqpid-dispatch-0.4-11.el7.x86_64.rpm python-qpid-proton-0.9-11.el7.x86_64.rpm qpid-dispatch-debuginfo-0.4-11.el7.x86_64.rpm qpid-dispatch-router-0.4-11.el7.x86_64.rpm qpid-dispatch-tools-0.4-11.el7.x86_64.rpm qpid-proton-c-0.9-11.el7.x86_64.rpm qpid-proton-debuginfo-0.9-11.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5233 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWb+HxXlSAg2UNWIIRAqUdAJ9iQ3O46Vs6ASoliRETDmMop3jqQwCfdoIK KKbqCEzjNu3NZGH2Y40KVb4= =Q9xJ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce