exploit the possibilities

Red Hat Security Advisory 2020-4127-01

Red Hat Security Advisory 2020-4127-01
Posted Sep 30, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4127-01 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-14334
MD5 | b9350d3e5450f53a2dd23aff01ee1665

Red Hat Security Advisory 2020-4127-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: Satellite 6.7.4 Async Bug Fix Update
Advisory ID: RHSA-2020:4127-01
Product: Red Hat Satellite 6
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4127
Issue date: 2020-09-30
CVE Names: CVE-2020-14334
====================================================================
1. Summary:

Updated Satellite 6.7 packages that fix several bugs are now available for
Red Hat Satellite.

2. Relevant releases/architectures:

Red Hat Satellite 6.7 - noarch
Red Hat Satellite Capsule 6.7 - noarch

3. Description:

Red Hat Satellite is a system management solution that allows organizations
to configure and maintain their systems without the necessity to provide
public Internet access to their servers or other client systems. It
performs provisioning and configuration management of predefined standard
operating environments.

Security Fix(es):

* foreman: unauthorized cache read on RPM-based installations through local
user (CVE-2020-14334)

This update fixes the following bugs:

1305773 - Changing Content View of a Content Host needs to better inform
the user around client needs
1666324 - The Host configuration chart shows 100% even if few hosts are
not in sync or reporting.
1781875 - Red Hat Inventory Uploads does not use proxy
1793416 - Searching for task requires clicking Search twice to get correct
results
1816464 - Decreased performance in GenerateApplicability in 6.6
1822564 - vmrc not working 6.7
1823396 - Hosts are rejected due to mismatch of metadata.json and actual
hosts included in satellite inventory report
1829412 - Unable to search by value of certain Hostgroup parameter
1853466 - RH Cloud -> Insights page does not report error when
rh_cloud_token setting is not set
1854711 - Sync Plan fails with 'uninitialized constant
Actions::Foreman::Exception'
1858307 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based
installations through local user [rhn_satellite_6.7]
1862260 - Default job templates are not locked
1867258 - After upgrading to 6.7 and promoting content, Capsule sync is
extremely slow

Users of Red Hat Satellite are advised to upgrade to these updated
packages, which fix these bugs.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For detailed instructions how to apply this update, refer to:

https://access.redhat.com/documentation/en-us/red_hat_satellite/6.7/html/up
grading_and_updating_red_hat_satellite/updating_satellite_server_capsule_se
rver_and_content_hosts

5. Bugs fixed (https://bugzilla.redhat.com/):

1305773 - Changing Content View of a Content Host needs to better inform the user around client needs
1666324 - The Host configuration chart shows 100% even if few hosts are not in sync or reporting.
1781875 - Red Hat Inventory Uploads does not use proxy
1793416 - Searching for task requires clicking Search twice to get correct results
1816464 - Decreased performance in GenerateApplicability in 6.6
1822564 - vmrc not working 6.7
1823396 - Hosts are rejected due to mismatch of metadata.json and actual hosts included in satellite inventory report
1829412 - Unable to search by value of certain Hostgroup parameter
1853466 - RH Cloud -> Insights page does not report error when rh_cloud_token setting is not set
1854711 - Sync Plan fails with 'uninitialized constant Actions::Foreman::Exception'
1858284 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user
1862260 - Default job templates are not locked
1867258 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow

6. Package List:

Red Hat Satellite Capsule 6.7:

Source:
foreman-1.24.1.28-3.el7sat.src.rpm
foreman-proxy-1.24.1-3.el7sat.src.rpm
pulp-2.21.0.4-1.el7sat.src.rpm
satellite-6.7.4-1.el7sat.src.rpm

noarch:
foreman-debug-1.24.1.28-3.el7sat.noarch.rpm
foreman-proxy-1.24.1-3.el7sat.noarch.rpm
foreman-proxy-journald-1.24.1-3.el7sat.noarch.rpm
pulp-admin-client-2.21.0.4-1.el7sat.noarch.rpm
pulp-maintenance-2.21.0.4-1.el7sat.noarch.rpm
pulp-nodes-child-2.21.0.4-1.el7sat.noarch.rpm
pulp-nodes-common-2.21.0.4-1.el7sat.noarch.rpm
pulp-nodes-parent-2.21.0.4-1.el7sat.noarch.rpm
pulp-selinux-2.21.0.4-1.el7sat.noarch.rpm
pulp-server-2.21.0.4-1.el7sat.noarch.rpm
python-pulp-agent-lib-2.21.0.4-1.el7sat.noarch.rpm
python-pulp-bindings-2.21.0.4-1.el7sat.noarch.rpm
python-pulp-client-lib-2.21.0.4-1.el7sat.noarch.rpm
python-pulp-common-2.21.0.4-1.el7sat.noarch.rpm
python-pulp-oid_validation-2.21.0.4-1.el7sat.noarch.rpm
python-pulp-repoauth-2.21.0.4-1.el7sat.noarch.rpm
python-pulp-streamer-2.21.0.4-1.el7sat.noarch.rpm
satellite-capsule-6.7.4-1.el7sat.noarch.rpm
satellite-common-6.7.4-1.el7sat.noarch.rpm
satellite-debug-tools-6.7.4-1.el7sat.noarch.rpm

Red Hat Satellite 6.7:

Source:
foreman-1.24.1.28-3.el7sat.src.rpm
foreman-proxy-1.24.1-3.el7sat.src.rpm
pulp-2.21.0.4-1.el7sat.src.rpm
satellite-6.7.4-1.el7sat.src.rpm
tfm-rubygem-foreman-tasks-0.17.5.8-1.el7sat.src.rpm
tfm-rubygem-foreman_ansible-4.0.3.8-1.el7sat.src.rpm
tfm-rubygem-foreman_openscap-2.0.2.1-1.el7sat.src.rpm
tfm-rubygem-foreman_rh_cloud-1.0.10-1.el7sat.src.rpm
tfm-rubygem-katello-3.14.0.31-1.el7sat.src.rpm

noarch:
foreman-1.24.1.28-3.el7sat.noarch.rpm
foreman-cli-1.24.1.28-3.el7sat.noarch.rpm
foreman-debug-1.24.1.28-3.el7sat.noarch.rpm
foreman-ec2-1.24.1.28-3.el7sat.noarch.rpm
foreman-gce-1.24.1.28-3.el7sat.noarch.rpm
foreman-journald-1.24.1.28-3.el7sat.noarch.rpm
foreman-libvirt-1.24.1.28-3.el7sat.noarch.rpm
foreman-openstack-1.24.1.28-3.el7sat.noarch.rpm
foreman-ovirt-1.24.1.28-3.el7sat.noarch.rpm
foreman-postgresql-1.24.1.28-3.el7sat.noarch.rpm
foreman-proxy-1.24.1-3.el7sat.noarch.rpm
foreman-proxy-journald-1.24.1-3.el7sat.noarch.rpm
foreman-rackspace-1.24.1.28-3.el7sat.noarch.rpm
foreman-telemetry-1.24.1.28-3.el7sat.noarch.rpm
foreman-vmware-1.24.1.28-3.el7sat.noarch.rpm
pulp-admin-client-2.21.0.4-1.el7sat.noarch.rpm
pulp-maintenance-2.21.0.4-1.el7sat.noarch.rpm
pulp-selinux-2.21.0.4-1.el7sat.noarch.rpm
pulp-server-2.21.0.4-1.el7sat.noarch.rpm
python-pulp-bindings-2.21.0.4-1.el7sat.noarch.rpm
python-pulp-client-lib-2.21.0.4-1.el7sat.noarch.rpm
python-pulp-common-2.21.0.4-1.el7sat.noarch.rpm
python-pulp-oid_validation-2.21.0.4-1.el7sat.noarch.rpm
python-pulp-repoauth-2.21.0.4-1.el7sat.noarch.rpm
python-pulp-streamer-2.21.0.4-1.el7sat.noarch.rpm
satellite-6.7.4-1.el7sat.noarch.rpm
satellite-capsule-6.7.4-1.el7sat.noarch.rpm
satellite-cli-6.7.4-1.el7sat.noarch.rpm
satellite-common-6.7.4-1.el7sat.noarch.rpm
satellite-debug-tools-6.7.4-1.el7sat.noarch.rpm
tfm-rubygem-foreman-tasks-0.17.5.8-1.el7sat.noarch.rpm
tfm-rubygem-foreman_ansible-4.0.3.8-1.el7sat.noarch.rpm
tfm-rubygem-foreman_openscap-2.0.2.1-1.el7sat.noarch.rpm
tfm-rubygem-foreman_rh_cloud-1.0.10-1.el7sat.noarch.rpm
tfm-rubygem-katello-3.14.0.31-1.el7sat.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-14334
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX3SFCNzjgjWX9erEAQj/vw/+MbhzTnUsm6nWumrFzA6TgklXqIs3WPRD
FOylT3DVGa4B4zKBBoICMyjF5Vq1XN1fYhYKc+DYWNd3XKKZBD/tF78qzWz+DHe4
pVwr9eTBaTewzZIJEFQ32uOWBNQKxHqOe029twQCZp53Jv61UFS8pFw1w6vZj4MV
dNKZj/CStfARm6ucsQHRcW8DdNBL02Jr4NGaQV8MLn/qhO6d8S+q3+3WtsYprQqt
A+LrYj0iIl9CZPS5486nHgPUlZ1aoFOSooeO426Eyi901hh8jStt9FiXZIJAkuDH
13icrsdcc+rUhshdzRwB0UpKcBxx+2IWvAtXvoMACgkw9Cf+a3Ogg5BSMUoqJc1l
s/bl8HqyzOO+6fvQvSH4NVfDqu35oUDRAdV3MRL8bAtU31+LFDKZ6ypttz0e4DbM
0YfLTPskPAmIXwNm5e9/S9KV/v6o8CAB7x36J9CRpKyO0dZEtqq9xkb+6Gi9cAj7
EFv3jA3V8/3ToTvjnClHeT88aq2mO1tLu7MRDAZx+JQM5LIpM/nNdBzscBhNpKhb
cIZ/q7QriVm+ncW3RrqL/7PVXY2jm3egqLfE8Ht3c54jqIy8JpxAH6AvrZ8Ayzvm
DXxK3GYo20I1iUUu+8cdsNwASM1OAwKbN+4T2/E59yFrEHQw5lbSI94W1/DA+6fn
XHE6J8DFynQ=6gjZ
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    1 Files
  • 26
    Oct 26th
    17 Files
  • 27
    Oct 27th
    19 Files
  • 28
    Oct 28th
    29 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close