Skip to navigation

Security Advisory Moderate: Red Hat Network Satellite spacewalk-backend security update

Advisory: RHSA-2012:0436-1
Type: Security Advisory
Severity: Moderate
Issued on: 2012-03-29
Last updated on: 2012-03-29
Affected Products: Red Hat Network Satellite (v. 5.4 for RHEL 6)
CVEs (cve.mitre.org): CVE-2012-1145

Details

Updated spacewalk-backend packages that fix one security issue are now
available for Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Red Hat Network (RHN) Satellite is a systems management tool for
Linux-based infrastructures. It allows for provisioning, monitoring, and
remote management of multiple Linux deployments with a single, centralized
tool.

It was found that a remote attacker could upload packages to an RHN
Satellite server's NULL organization without any authorization or
authentication. (The NULL organization stores packages synced from RHN
Hosted.) Although an attacker cannot put packages into an arbitrary channel
and have client systems download them, they could use the flaw to consume
all the free space in the partition (/var/) used to store synced packages.
With no free space, Satellite would be unable to download updates and new
packages, preventing client systems from obtaining them. (CVE-2012-1145)

All users of Red Hat Network Satellite are advised to upgrade to these
updated packages, which correct this issue. For this update to take effect,
Red Hat Network Satellite must be restarted. Refer to the Solution section
for details.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Run the following command to restart the Red Hat Network Satellite
server:

# rhn-satellite restart

Updated packages

Red Hat Network Satellite (v. 5.4 for RHEL 6)

SRPMS:
spacewalk-backend-1.2.13-66.1.el6sat.src.rpm
File outdated by:  RHBA-2014:0184
    MD5: 20498e376a4d71dc476f799ec33c3723
SHA-256: d8254e31ab6d8c9edc33b6a0b4e941226678bebb59f336d2a9bf8adc6272e474
 
s390x:
spacewalk-backend-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: 415103a4f6484d6cffdcc9733bc8a3b8
SHA-256: bd527b83da231c1e0e41b3ab892c2add248d1e4e283754aa04b64914bcc56663
spacewalk-backend-app-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: cb80bb21026983f02da1de85e7e10642
SHA-256: 72dd9d7b3c80b31513eb30cbacdca71a3ac7b2a623c8235f9f957c6708aac5b1
spacewalk-backend-applet-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: 0a8b26c762494e7e6a96883c29df981a
SHA-256: c9e50fe46353fed0ae6d57ea1b8b5585fd260fab8518653c21e5c3ae7c2ed694
spacewalk-backend-config-files-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: 8c096fe9089ac4f104a846bb6571e7b2
SHA-256: dd6abc48e476262f53d0a74e23c577402e7907617f7c18b5e5c9b533f5ea7d86
spacewalk-backend-config-files-common-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: 40628c5cb9ff433f12fc63695add6045
SHA-256: f9cd9c906043a6914a5b27ac4898fff1beb62b6e389be45324705a68977484bc
spacewalk-backend-config-files-tool-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: b145f1cd367df9cb944243a28726d61d
SHA-256: c38bae4587073cce696487fb69271d710703aa1454cff799db6d147997b6ca9c
spacewalk-backend-iss-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: 18d00c08d58c65c181a8990372a60f4e
SHA-256: 71427c655556e4e1b69dbc9ffec013b9f087400461948815d6b1f08b0f59b042
spacewalk-backend-iss-export-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: c584a8b37fccb20e82b14aedb7003af6
SHA-256: 56b672b7321e90139208103dee8fa0596e743eb20db0a99bade94dede4015518
spacewalk-backend-libs-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: e1dd79bdd655057c3ee04122fc2cb5c1
SHA-256: 9d0b56719bf7ae01dcf94f2466bcf65840f1d9291d268731241993a5a2abeef8
spacewalk-backend-package-push-server-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: f9350a1e23b608264c16e0864e6bf6cf
SHA-256: ee162dd8601cef96f1d7d75c1e21483d427853b6606308b3c8d3edc7598d0985
spacewalk-backend-server-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: ebda4920e0ed593979b32ee3a00e581c
SHA-256: 8bf9f7f2f87b9d1e116bff7f932bb74d6690ce656701c55613f48e80427529b1
spacewalk-backend-sql-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: c8ddb3c7f33a1a0ec7e2eb9988daf030
SHA-256: 0055fc1934fddf35ab93b1cd8db6870ed33bcb36e04ee5c9b050b85ee7061080
spacewalk-backend-sql-oracle-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: f81d6c2ac30f75861acde6b65d50399d
SHA-256: d69d0729cc0e25779db01f1c2509db30850234f144682410fd6ec40a2e70626d
spacewalk-backend-tools-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: cff22a25397e4f34628760e153acaacd
SHA-256: df54a2d610993daf1f6efa3726a92d3e7f6d17c49f8b9f1d927e1eb45ffe26b4
spacewalk-backend-upload-server-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: f6790215506c6d683f0851a8f3257607
SHA-256: 06647db315284e783908b31a777f0183d44519cb4e5ba13e1f358627a1b9441d
spacewalk-backend-xml-export-libs-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: e064bb991b0102daf9254f57964e364e
SHA-256: 0a0621829e5c8ee96008a5f60a05c7d71775dd734f787a16143a67502bc766d0
spacewalk-backend-xmlrpc-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: 720bbd50a63e20a94bd866f308f452e2
SHA-256: 386ea8662de7f6a09c0d5c40c48e535ba162bc2f3304eb200ee724fdf88a87bc
spacewalk-backend-xp-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: 5cfd71e3abca8e66e2289db024b72203
SHA-256: 2ebdea2441ee163f6e3221c61c62cc1f935ba6a5c67d34a32ae9222d8b8d9bc9
 
x86_64:
spacewalk-backend-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: 415103a4f6484d6cffdcc9733bc8a3b8
SHA-256: bd527b83da231c1e0e41b3ab892c2add248d1e4e283754aa04b64914bcc56663
spacewalk-backend-app-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: cb80bb21026983f02da1de85e7e10642
SHA-256: 72dd9d7b3c80b31513eb30cbacdca71a3ac7b2a623c8235f9f957c6708aac5b1
spacewalk-backend-applet-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: 0a8b26c762494e7e6a96883c29df981a
SHA-256: c9e50fe46353fed0ae6d57ea1b8b5585fd260fab8518653c21e5c3ae7c2ed694
spacewalk-backend-config-files-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: 8c096fe9089ac4f104a846bb6571e7b2
SHA-256: dd6abc48e476262f53d0a74e23c577402e7907617f7c18b5e5c9b533f5ea7d86
spacewalk-backend-config-files-common-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: 40628c5cb9ff433f12fc63695add6045
SHA-256: f9cd9c906043a6914a5b27ac4898fff1beb62b6e389be45324705a68977484bc
spacewalk-backend-config-files-tool-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: b145f1cd367df9cb944243a28726d61d
SHA-256: c38bae4587073cce696487fb69271d710703aa1454cff799db6d147997b6ca9c
spacewalk-backend-iss-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: 18d00c08d58c65c181a8990372a60f4e
SHA-256: 71427c655556e4e1b69dbc9ffec013b9f087400461948815d6b1f08b0f59b042
spacewalk-backend-iss-export-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: c584a8b37fccb20e82b14aedb7003af6
SHA-256: 56b672b7321e90139208103dee8fa0596e743eb20db0a99bade94dede4015518
spacewalk-backend-libs-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: e1dd79bdd655057c3ee04122fc2cb5c1
SHA-256: 9d0b56719bf7ae01dcf94f2466bcf65840f1d9291d268731241993a5a2abeef8
spacewalk-backend-package-push-server-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: f9350a1e23b608264c16e0864e6bf6cf
SHA-256: ee162dd8601cef96f1d7d75c1e21483d427853b6606308b3c8d3edc7598d0985
spacewalk-backend-server-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: ebda4920e0ed593979b32ee3a00e581c
SHA-256: 8bf9f7f2f87b9d1e116bff7f932bb74d6690ce656701c55613f48e80427529b1
spacewalk-backend-sql-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: c8ddb3c7f33a1a0ec7e2eb9988daf030
SHA-256: 0055fc1934fddf35ab93b1cd8db6870ed33bcb36e04ee5c9b050b85ee7061080
spacewalk-backend-sql-oracle-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: f81d6c2ac30f75861acde6b65d50399d
SHA-256: d69d0729cc0e25779db01f1c2509db30850234f144682410fd6ec40a2e70626d
spacewalk-backend-tools-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: cff22a25397e4f34628760e153acaacd
SHA-256: df54a2d610993daf1f6efa3726a92d3e7f6d17c49f8b9f1d927e1eb45ffe26b4
spacewalk-backend-upload-server-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: f6790215506c6d683f0851a8f3257607
SHA-256: 06647db315284e783908b31a777f0183d44519cb4e5ba13e1f358627a1b9441d
spacewalk-backend-xml-export-libs-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: e064bb991b0102daf9254f57964e364e
SHA-256: 0a0621829e5c8ee96008a5f60a05c7d71775dd734f787a16143a67502bc766d0
spacewalk-backend-xmlrpc-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: 720bbd50a63e20a94bd866f308f452e2
SHA-256: 386ea8662de7f6a09c0d5c40c48e535ba162bc2f3304eb200ee724fdf88a87bc
spacewalk-backend-xp-1.2.13-66.1.el6sat.noarch.rpm
File outdated by:  RHBA-2014:0184
    MD5: 5cfd71e3abca8e66e2289db024b72203
SHA-256: 2ebdea2441ee163f6e3221c61c62cc1f935ba6a5c67d34a32ae9222d8b8d9bc9
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

800688 - CVE-2012-1145 satellite: remote package upload without authorization


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/