-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Satellite 6.7.4 Async Bug Fix Update Advisory ID: RHSA-2020:4127-01 Product: Red Hat Satellite 6 Advisory URL: https://access.redhat.com/errata/RHSA-2020:4127 Issue date: 2020-09-30 CVE Names: CVE-2020-14334 ==================================================================== 1. Summary: Updated Satellite 6.7 packages that fix several bugs are now available for Red Hat Satellite. 2. Relevant releases/architectures: Red Hat Satellite 6.7 - noarch Red Hat Satellite Capsule 6.7 - noarch 3. Description: Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments. Security Fix(es): * foreman: unauthorized cache read on RPM-based installations through local user (CVE-2020-14334) This update fixes the following bugs: 1305773 - Changing Content View of a Content Host needs to better inform the user around client needs 1666324 - The Host configuration chart shows 100% even if few hosts are not in sync or reporting. 1781875 - Red Hat Inventory Uploads does not use proxy 1793416 - Searching for task requires clicking Search twice to get correct results 1816464 - Decreased performance in GenerateApplicability in 6.6 1822564 - vmrc not working 6.7 1823396 - Hosts are rejected due to mismatch of metadata.json and actual hosts included in satellite inventory report 1829412 - Unable to search by value of certain Hostgroup parameter 1853466 - RH Cloud -> Insights page does not report error when rh_cloud_token setting is not set 1854711 - Sync Plan fails with 'uninitialized constant Actions::Foreman::Exception' 1858307 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user [rhn_satellite_6.7] 1862260 - Default job templates are not locked 1867258 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For detailed instructions how to apply this update, refer to: https://access.redhat.com/documentation/en-us/red_hat_satellite/6.7/html/up grading_and_updating_red_hat_satellite/updating_satellite_server_capsule_se rver_and_content_hosts 5. Bugs fixed (https://bugzilla.redhat.com/): 1305773 - Changing Content View of a Content Host needs to better inform the user around client needs 1666324 - The Host configuration chart shows 100% even if few hosts are not in sync or reporting. 1781875 - Red Hat Inventory Uploads does not use proxy 1793416 - Searching for task requires clicking Search twice to get correct results 1816464 - Decreased performance in GenerateApplicability in 6.6 1822564 - vmrc not working 6.7 1823396 - Hosts are rejected due to mismatch of metadata.json and actual hosts included in satellite inventory report 1829412 - Unable to search by value of certain Hostgroup parameter 1853466 - RH Cloud -> Insights page does not report error when rh_cloud_token setting is not set 1854711 - Sync Plan fails with 'uninitialized constant Actions::Foreman::Exception' 1858284 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user 1862260 - Default job templates are not locked 1867258 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow 6. Package List: Red Hat Satellite Capsule 6.7: Source: foreman-1.24.1.28-3.el7sat.src.rpm foreman-proxy-1.24.1-3.el7sat.src.rpm pulp-2.21.0.4-1.el7sat.src.rpm satellite-6.7.4-1.el7sat.src.rpm noarch: foreman-debug-1.24.1.28-3.el7sat.noarch.rpm foreman-proxy-1.24.1-3.el7sat.noarch.rpm foreman-proxy-journald-1.24.1-3.el7sat.noarch.rpm pulp-admin-client-2.21.0.4-1.el7sat.noarch.rpm pulp-maintenance-2.21.0.4-1.el7sat.noarch.rpm pulp-nodes-child-2.21.0.4-1.el7sat.noarch.rpm pulp-nodes-common-2.21.0.4-1.el7sat.noarch.rpm pulp-nodes-parent-2.21.0.4-1.el7sat.noarch.rpm pulp-selinux-2.21.0.4-1.el7sat.noarch.rpm pulp-server-2.21.0.4-1.el7sat.noarch.rpm python-pulp-agent-lib-2.21.0.4-1.el7sat.noarch.rpm python-pulp-bindings-2.21.0.4-1.el7sat.noarch.rpm python-pulp-client-lib-2.21.0.4-1.el7sat.noarch.rpm python-pulp-common-2.21.0.4-1.el7sat.noarch.rpm python-pulp-oid_validation-2.21.0.4-1.el7sat.noarch.rpm python-pulp-repoauth-2.21.0.4-1.el7sat.noarch.rpm python-pulp-streamer-2.21.0.4-1.el7sat.noarch.rpm satellite-capsule-6.7.4-1.el7sat.noarch.rpm satellite-common-6.7.4-1.el7sat.noarch.rpm satellite-debug-tools-6.7.4-1.el7sat.noarch.rpm Red Hat Satellite 6.7: Source: foreman-1.24.1.28-3.el7sat.src.rpm foreman-proxy-1.24.1-3.el7sat.src.rpm pulp-2.21.0.4-1.el7sat.src.rpm satellite-6.7.4-1.el7sat.src.rpm tfm-rubygem-foreman-tasks-0.17.5.8-1.el7sat.src.rpm tfm-rubygem-foreman_ansible-4.0.3.8-1.el7sat.src.rpm tfm-rubygem-foreman_openscap-2.0.2.1-1.el7sat.src.rpm tfm-rubygem-foreman_rh_cloud-1.0.10-1.el7sat.src.rpm tfm-rubygem-katello-3.14.0.31-1.el7sat.src.rpm noarch: foreman-1.24.1.28-3.el7sat.noarch.rpm foreman-cli-1.24.1.28-3.el7sat.noarch.rpm foreman-debug-1.24.1.28-3.el7sat.noarch.rpm foreman-ec2-1.24.1.28-3.el7sat.noarch.rpm foreman-gce-1.24.1.28-3.el7sat.noarch.rpm foreman-journald-1.24.1.28-3.el7sat.noarch.rpm foreman-libvirt-1.24.1.28-3.el7sat.noarch.rpm foreman-openstack-1.24.1.28-3.el7sat.noarch.rpm foreman-ovirt-1.24.1.28-3.el7sat.noarch.rpm foreman-postgresql-1.24.1.28-3.el7sat.noarch.rpm foreman-proxy-1.24.1-3.el7sat.noarch.rpm foreman-proxy-journald-1.24.1-3.el7sat.noarch.rpm foreman-rackspace-1.24.1.28-3.el7sat.noarch.rpm foreman-telemetry-1.24.1.28-3.el7sat.noarch.rpm foreman-vmware-1.24.1.28-3.el7sat.noarch.rpm pulp-admin-client-2.21.0.4-1.el7sat.noarch.rpm pulp-maintenance-2.21.0.4-1.el7sat.noarch.rpm pulp-selinux-2.21.0.4-1.el7sat.noarch.rpm pulp-server-2.21.0.4-1.el7sat.noarch.rpm python-pulp-bindings-2.21.0.4-1.el7sat.noarch.rpm python-pulp-client-lib-2.21.0.4-1.el7sat.noarch.rpm python-pulp-common-2.21.0.4-1.el7sat.noarch.rpm python-pulp-oid_validation-2.21.0.4-1.el7sat.noarch.rpm python-pulp-repoauth-2.21.0.4-1.el7sat.noarch.rpm python-pulp-streamer-2.21.0.4-1.el7sat.noarch.rpm satellite-6.7.4-1.el7sat.noarch.rpm satellite-capsule-6.7.4-1.el7sat.noarch.rpm satellite-cli-6.7.4-1.el7sat.noarch.rpm satellite-common-6.7.4-1.el7sat.noarch.rpm satellite-debug-tools-6.7.4-1.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-0.17.5.8-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible-4.0.3.8-1.el7sat.noarch.rpm tfm-rubygem-foreman_openscap-2.0.2.1-1.el7sat.noarch.rpm tfm-rubygem-foreman_rh_cloud-1.0.10-1.el7sat.noarch.rpm tfm-rubygem-katello-3.14.0.31-1.el7sat.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-14334 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX3SFCNzjgjWX9erEAQj/vw/+MbhzTnUsm6nWumrFzA6TgklXqIs3WPRD FOylT3DVGa4B4zKBBoICMyjF5Vq1XN1fYhYKc+DYWNd3XKKZBD/tF78qzWz+DHe4 pVwr9eTBaTewzZIJEFQ32uOWBNQKxHqOe029twQCZp53Jv61UFS8pFw1w6vZj4MV dNKZj/CStfARm6ucsQHRcW8DdNBL02Jr4NGaQV8MLn/qhO6d8S+q3+3WtsYprQqt A+LrYj0iIl9CZPS5486nHgPUlZ1aoFOSooeO426Eyi901hh8jStt9FiXZIJAkuDH 13icrsdcc+rUhshdzRwB0UpKcBxx+2IWvAtXvoMACgkw9Cf+a3Ogg5BSMUoqJc1l s/bl8HqyzOO+6fvQvSH4NVfDqu35oUDRAdV3MRL8bAtU31+LFDKZ6ypttz0e4DbM 0YfLTPskPAmIXwNm5e9/S9KV/v6o8CAB7x36J9CRpKyO0dZEtqq9xkb+6Gi9cAj7 EFv3jA3V8/3ToTvjnClHeT88aq2mO1tLu7MRDAZx+JQM5LIpM/nNdBzscBhNpKhb cIZ/q7QriVm+ncW3RrqL/7PVXY2jm3egqLfE8Ht3c54jqIy8JpxAH6AvrZ8Ayzvm DXxK3GYo20I1iUUu+8cdsNwASM1OAwKbN+4T2/E59yFrEHQw5lbSI94W1/DA+6fn XHE6J8DFynQ=6gjZ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce