-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.3703
Satellite 6.8 release
28 October 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Red Hat Satellite 6
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux WS/Desktop 7
Red Hat Enterprise Linux Server 7
Impact/Access: Root Compromise -- Existing Account
Access Privileged Data -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Cross-site Scripting -- Remote with User Interaction
Provide Misleading Information -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-14380 CVE-2020-14334 CVE-2020-14195
CVE-2020-14062 CVE-2020-14061 CVE-2020-11619
CVE-2020-10969 CVE-2020-10968 CVE-2020-10693
CVE-2020-9548 CVE-2020-9547 CVE-2020-9546
CVE-2020-8840 CVE-2020-8184 CVE-2020-8161
CVE-2020-7943 CVE-2020-7942 CVE-2020-7663
CVE-2020-7238 CVE-2020-5267 CVE-2020-5217
CVE-2020-5216 CVE-2019-16782 CVE-2019-12781
CVE-2018-11751 CVE-2018-3258
Reference: ASB-2020.0193
ASB-2020.0191
ASB-2020.0184
ASB-2020.0180
ASB-2018.0258
ESB-2020.3691
Original Bulletin:
https://access.redhat.com/errata/RHSA-2020:4366
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: Satellite 6.8 release
Advisory ID: RHSA-2020:4366-01
Product: Red Hat Satellite 6
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4366
Issue date: 2020-10-27
CVE Names: CVE-2018-3258 CVE-2018-11751 CVE-2019-12781
CVE-2019-16782 CVE-2020-5216 CVE-2020-5217
CVE-2020-5267 CVE-2020-7238 CVE-2020-7663
CVE-2020-7942 CVE-2020-7943 CVE-2020-8161
CVE-2020-8184 CVE-2020-8840 CVE-2020-9546
CVE-2020-9547 CVE-2020-9548 CVE-2020-10693
CVE-2020-10968 CVE-2020-10969 CVE-2020-11619
CVE-2020-14061 CVE-2020-14062 CVE-2020-14195
CVE-2020-14334 CVE-2020-14380
=====================================================================
1. Summary:
An update is now available for Red Hat Satellite 6.8 for RHEL 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Satellite 6.7 - noarch, x86_64
Red Hat Satellite Capsule 6.8 - noarch, x86_64
3. Description:
Red Hat Satellite is a systems management tool for Linux-based
infrastructure. It allows for provisioning, remote management, and
monitoring of multiple Linux deployments with a single centralized tool.
Security Fix(es):
* mysql-connector-java: Connector/J unspecified vulnerability (CPU October
2018) (CVE-2018-3258)
* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace
mishandling (CVE-2020-7238)
* rubygem-websocket-extensions: ReDoS vulnerability in
Sec-WebSocket-Extensions parser (CVE-2020-7663)
* puppet: puppet server and puppetDB may leak sensitive information via
metrics API (CVE-2020-7943)
* jackson-databind: multiple serialization gadgets (CVE-2020-8840
CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969
CVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195)
* foreman: unauthorized cache read on RPM-based installations through local
user (CVE-2020-14334)
* Satellite: Local user impersonation by Single sign-on (SSO) user leads to
account takeover (CVE-2020-14380)
* Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS
(CVE-2019-12781)
* rubygem-rack: hijack sessions by using timing attacks targeting the
session id (CVE-2019-16782)
* rubygem-secure_headers: limited header injection when using dynamic
overrides with user input (CVE-2020-5216)
* rubygem-secure_headers: directive injection when using dynamic overrides
with user input (CVE-2020-5217)
* rubygem-actionview: views that use the `j` or `escape_javascript` methods
are susceptible to XSS attacks (CVE-2020-5267)
* puppet: Arbitrary catalog retrieval (CVE-2020-7942)
* rubygem-rack: directory traversal in Rack::Directory (CVE-2020-8161)
* rubygem-rack: percent-encoded cookies can be used to overwrite existing
prefixed cookie names (CVE-2020-8184)
* hibernate-validator: Improper input validation in the interpolation of
constraint error messages (CVE-2020-10693)
* puppet-agent: Puppet Agent does not properly verify SSL connection when
downloading a CRL (CVE-2018-11751)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
* Provides the Satellite Ansible Modules that allow for full automation of
your Satellite configuration and deployment.
* Adds ability to install Satellite and Capsules and manage hosts in a IPv6
network environment
* Ansible based Capsule Upgrade automation: Ability to centrally upgrade
all of your Capsule servers with a single job execution.
* Platform upgrades to Postgres 12, Ansible 2.9, Ruby on Rails and latest
version of Puppet
* Support for HTTP UEFI provisioning
* Support for CAC card authentication with Keycloak integration
* Add ability to upgrade Red Hat Enterprise Linux 7 hosts to version 8
using the LEAPP based tooling.
* Support for Red Hat Enterprise Linux Traces integration
* satellite-maintain & foreman-maintain are now self updating
* Notifications in the UI to warn users when subscriptions are expiring.
The items above are not a complete list of changes. This update also fixes
several bugs and adds various enhancements. Documentation for these changes
is available from the Release Notes document linked to in the References
section.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1160344 - [RFE] Satellite support for cname as alternate cname for satellite server
1261802 - [RFE] Make the foreman bootdisk full-host image work on UEFI systems
1300211 - capsule-certs-generate failed to increment release number when generating
certificate rpm for foreman-proxy
1332702 - smart-proxy-openscap-send with additional features - alert if file corrupt
1398317 - For the vms built by Satellite 6 using "Network Based" installation mode on
VMWare, unable to change the boot sequence via BIOS
1410616 - [RFE] Prominent notification of expiring subscriptions.
1410916 - Should only be able to add repositories you have access to
1429033 - Host provisioned with RHEL Workstation OS, after provisioning displayed as
generic RedHat 7.3
1461781 - [RFE]A button should be available in the GUI to clear the recurring logics.
1469267 - need updated rubygem-rake
1486446 - Content view versions list has slow query for package count
1486696 - 'hammer host update' removes existing host parameters
1494180 - Sorting by network address for subnet doesn't work properly
1501499 - tomcat listens to 0.0.0.0 for serving requests but just needs localhost
1503037 - [RFE] Cancelled future/recurring job invocations should not get the status
"failed" but rather "cancelled"
1505842 - Remote Execution engine: Error initializing command: Net::SSH::HostKeyMismatch
- - fingerprint 20:a9:b7:45:1a:b7:d6:42:1e:03:d1:1f:06:20:4c:e2 does not match for "172.17.0.101"
1531674 - Operating System Templates are ordered inconsistently in UI.
1537320 - [RFE] Support for Capsules at 1 version lower than Satellite
1543316 - Satellite 6.2 Upgrade Fails with error "rake aborted! NoMethodError:
undefined method `first' for nil:NilClass" when there are custom bookmarks created
1563270 - Sync status information is lost after cleaning up old tasks related to sync.
1569324 - Webrick is unable to use 2 supported TLS v1.2 ciphers ('ECDHE-RSA-AES128-GCM-SHA256',
'ECDHE-RSA-AES256-GCM-SHA384')
1571907 - Passenger threads throwing tracebacks on API jobs after spawning
1576859 - [RFE] Implement automatic assigning subnets through data provided by facter
1584184 - [RFE] The locked template is getting overridden by default
1601101 - [RFE] Add autofill functionality to the Job invocation Search query box,
copy from Hosts search box
1607706 - [RFE] Add support for --vlanid in Satellite Kickstart Default provisioning template
1608001 - Rearrange search/filter options on Red Hat Repositories page.
1613391 - race condition on removing multiple organizations simultaneously
1619274 - [RFE] Red Hat Satellite should now be able to discover and provision bare
metal machines via UEFI HTTP boot
1619422 - User Agent for Downstream RSS feed still says Foreman and Foreman Version
1620214 - Page should auto-refresh after subscriptions have been modified on the Satellite webui
1624049 - Changing the organization in the Satellite WebUI does not change the sync plan
page information from the previous organization
1625258 - Having empty "Allocation (GB)" when creating a new Host, nil:NilClass returned
on creating the Host
1627066 - Unable to revert to the original version of the provisioning template
1630433 - [RFE] Include Ansible Satellite modules with Ansible Core modules
1630536 - yum repos password stored as cleartext
1632577 - Audit log show 'missing' for adding/removing repository to a CV
1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability
(CPU October 2018)
1645062 - host_collection controller responds with 200 instead of 201 to a POST request
1645749 - repositories controller responds with 200 instead of 201 to a POST request
1647216 - Lack of edit_smart_proxies permission causes error when setting host to Build
1647364 - [RFE] Extend the audits by the http request id
1647781 - Audits contain no data (Added foo to Missing(ID: x))
1651297 - Very slow query when using facts on user roles as filters
1653217 - [RFE] More evocative name for Play Ansible Roles option?
1654347 - Satellite may create duplicate CreateRssNotifications tasks after restarting
foreman tasks
1654375 - [RFE] Mention specifically uder the admin chexbox for AD LDAP user if its
created with admin role,
1659418 - katello-tracer-upload failing with error "ImportError: No module named katello"
1665277 - subscription manager register activation key with special character failed
1665893 - candlepin refuses to start or hangs periodically when having too many messages
in ActiveMQ journal
1666693 - Command "hammer subscription list" is not correctly showing the comment
"Guests of " in the "Type" field in the output.
1677907 - Ansible API endpoints return 404
1680157 - [RFE] Puppet 'package' provider type does not support selecting modularity streams
1680458 - Locked Report Templates are getting removed.
1680567 - Reporting Engine API to list report template per organization/location
returns 404 error
1681619 - [RFE] Disable the option to enter a MAC address after selecting a compute
resource while creating new hosts through Satellite
1685949 - [RFE] Support passing of attribute name instead of Id's in RHV workflow
1687116 - kernel version checks should not use /lib/modules to determine running version
1688886 - subscription-manager not attaching the right quantity per the cpu core
1691416 - Delays when many clients upload tracer data simultaneously
1697476 - [RFE] To be able to see the name of the provisioning template being used
to build a host from the host itself
1702434 - foreman-bootloaders-redhat-tftpboot expected file permissions in package
don't match runtime permissions
1705097 - An empty report file doesn't show any headers
1709557 - [RFE] warn the user if they have done a select all and it includes the
restart|reboot service
1709842 - Tracer shows the machines needs rebooting even after reboot if kernel-debug
is installed
1710511 - Filter by os_minor includes unexpected values on the Satellite web UI.
1715999 - Use Infoblox API for DNS conflict check and not system resolver
1716423 - Nonexistent quota can be set
1717403 - Broken breadcrumbs link to compute resource VM list on VM detail page
1718012 - [RFE] Add a hard limit of 100 items to restrict any fact child-hash/array
1718954 - [RFE] When the contentAccessMode is set to org_environment for an owner,
we should disable auto-attach globally
1719509 - [RFE] "hammer host list" including erratas information
1719516 - [RFE] "hammer host-collection hosts" including erratas information
1720725 - [RFE] Ability to override DHCP options and wait_after_restart option for
race condition
1721419 - SSH key cannot be added when FIPS enabled
1722954 - Slow performance when running "hammer host list" with a high number of
Content Hosts (15k+ for example)
1723313 - foreman_tasks:cleanup description contain inconsistent information
1724494 - [Capsule][smart_proxy_dynflow_core]
"PID file /var/run/foreman-proxy/smart_proxy_dynflow_core.pid not readable (yet?) after start"
1724497 - CVE-2019-12781 Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS
1726768 - [RFE] Red Hat Satellite 6 GUI, Tasks should show Full name
1729968 - Editing disk size of a Compute Profile for a VMware Compute Resource makes
the whole Storage section disappear
1730083 - [RFE] Add Jobs button to host detail page
1731155 - Cloud init template missing snippet compared to Kickstart default user data
1731229 - podman search against Red Hat Satellite 6 fails.
1731235 - [RFE] Create Report Template to list inactive hosts
1733241 - [RFE] hammer does not inherit parent location information
1733650 - Satellite receives RPM1004 pulp error and 403 Forbidden http error
retrieving packages from CDN
1736809 - undefined method `split' for nil:NilClass when viewing the host info with hammer
1737135 - Content Hosts loses subscriptions after Vmotion and auto attach is unable
to assigned the subscriptions if any other subscription is already attached to the host.
1737564 - [RFE] Support custom images on Azure
1738548 - Parameter --openscap-proxy-id is missing in hammer host create command.
1740943 - Increasing Ansible verbosity level does not increase the verbosity of output
1743056 - While creating a host for a particular location, all the domains are in
the pull down list, even if only one domain is selected for that location.
1743776 - Error while deleting the content view version.
1745516 - Multiple duplicate index entries are present in candlepin database
1746936 - satellite6 is not using remote execution by default even after setting
remote execution by default from satellite web-UI.
1749692 - Default Rhel8 scap content does not get populated on the Satellite
1749916 - [RFE] Satellite should support certificates with > 2048 Key size
1751981 - Parent object properties are not propagated to Child objects in Location
and Host Group
1752880 - katello-host-tools-tracer stats paths abusively, leading to a hang or
slowness of yum command
1753551 - Traces output from Satellite GUI has mismatches with client tracer output
1756991 - 2 inputs with same name -> uninitialized constant
#
Read More
The post ESB-2020.3703 – [RedHat] Red Hat Satellite 6: Multiple vulnerabilities appeared first on Malware Devil.
https://malwaredevil.com/2020/10/28/esb-2020-3703-redhat-red-hat-satellite-6-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3703-redhat-red-hat-satellite-6-multiple-vulnerabilities
No comments:
Post a Comment