exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2016-1083-01

Red Hat Security Advisory 2016-1083-01
Posted May 17, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1083-01 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments. Security Fix: An input sanitization flaw was found in the scoped search parameters sort_by and sort_order in the REST API. An authenticated user could use this flaw to perform an SQL injection attack on the Katello back end database.

tags | advisory, sql injection
systems | linux, redhat
advisories | CVE-2016-3072
SHA-256 | 16c634ffd6be21f4086f926a66feee82da9905f491a151635564f12cd7807517

Red Hat Security Advisory 2016-1083-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Important: ruby193-rubygem-katello security update
Advisory ID: RHSA-2016:1083-01
Product: Red Hat Satellite 6
Advisory URL: https://access.redhat.com/errata/RHSA-2016:1083
Issue date: 2016-05-16
CVE Names: CVE-2016-3072
=====================================================================

1. Summary:

An update for ruby193-rubygem-katello is now available for Red Hat
Satellite 6.1.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Satellite 6.1 - noarch

3. Description:

Red Hat Satellite is a system management solution that allows
organizations to configure and maintain their systems without the
necessity to provide public Internet access to their servers or
other client systems. It performs provisioning and configuration
management of predefined standard operating environments.

Security Fix(es):

* An input sanitization flaw was found in the scoped search parameters
sort_by and sort_order in the REST API. An authenticated user could use
this flaw to perform an SQL injection attack on the Katello back end
database. (CVE-2016-3072)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running applications using the ruby193 collection must be restarted for
this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1322050 - CVE-2016-3072 Katello: Authenticated sql injection via sort_by and sort_order request parameter

6. Package List:

Red Hat Satellite 6.1:

Source:
ruby193-rubygem-katello-2.2.0.86-1.el6_6sat.src.rpm

noarch:
ruby193-rubygem-katello-2.2.0.86-1.el6_6sat.noarch.rpm

Red Hat Satellite 6.1:

Source:
ruby193-rubygem-katello-2.2.0.86-1.el7sat.src.rpm

noarch:
ruby193-rubygem-katello-2.2.0.86-1.el7sat.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2016-3072
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFXOwjCXlSAg2UNWIIRAgtoAJ4xhEN8aoD+t+tpSwumwh9rFrCDkgCfYIVD
XVqXXWyJt+5iCKpF1nVJVho=
=uvbF
-----END PGP SIGNATURE-----


--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close