Security Advisory Low: Red Hat Network Satellite Server security update

Advisory: RHSA-2008:0630-3
Type: Security Advisory
Severity: Low
Issued on: 2008-08-13
Last updated on: 2008-08-13
Affected Products: Red Hat Network Satellite (v. 5.1 for RHEL 4)
CVEs (cve.mitre.org): CVE-2005-4838
CVE-2006-0254
CVE-2006-0898
CVE-2007-1349
CVE-2007-1355
CVE-2007-1358
CVE-2007-2449
CVE-2007-5461
CVE-2007-6306
CVE-2008-0128
CVE-2008-2369

Details

Red Hat Network Satellite Server version 5.1.1 is now available. This
update includes fixes for a number of security issues in Red Hat Network
Satellite Server components.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

During an internal security audit, it was discovered that Red Hat Network
Satellite Server shipped with an XML-RPC script, manzier.pxt, which had a
single hard-coded authentication key. A remote attacker who is able to
connect to the Satellite Server XML-RPC service could use this flaw to
obtain limited information about Satellite Server users, such as login
names, associated email addresses, internal user IDs, and partial
information about entitlements. (CVE-2008-2369)

This release also corrects several security vulnerabilities in various
components shipped as part of Red Hat Network Satellite Server 5.1. In a
typical operating environment, these components are not exposed to users
of Satellite Server in a vulnerable manner. These security updates will
reduce risk in unique Satellite Server environments.

A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)

Multiple cross-site scripting flaws were fixed in the image map feature in
the JFreeChart package. (CVE-2007-6306)

A flaw which could result in weak encryption was fixed in the
perl-Crypt-CBC package. (CVE-2006-0898)

Multiple flaws were fixed in the Apache Tomcat package. (CVE-2005-4838,
CVE-2006-0254, CVE-2007-1355, CVE-2007-1358, CVE-2007-2449, CVE-2007-5461,
CVE-2008-0128)

Users of Red Hat Network Satellite Server 5.1 are advised to upgrade to
5.1.1, which resolves these issues.


Solution

This update is available via Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
http://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html

Updated packages

Red Hat Network Satellite (v. 5.1 for RHEL 4)

SRPMS:
mod_perl-2.0.2-12.el4.src.rpm     MD5: e3e48510b260f26ee791c6a5eb452996
perl-Crypt-CBC-2.24-1.el4.src.rpm     MD5: 7e9eebbedaa008aaabad10bf72e2d530
 
IA-32:
jfreechart-0.9.20-3.rhn.noarch.rpm     MD5: cfc7603d28a252820ca9f9fa299b8f4f
mod_perl-2.0.2-12.el4.i386.rpm     MD5: 19e788fb2392e663a95a48d3aff5b507
perl-Crypt-CBC-2.24-1.el4.noarch.rpm     MD5: 035aa79fece479a9264aa58309398e16
rhn-html-5.1.1-7.noarch.rpm     MD5: 3ef2949623a06ada06a724a97193440f
tomcat5-5.0.30-0jpp_10rh.noarch.rpm
File outdated by:  RHSA-2009:1617
    MD5: 0b2b76b8b4354872ba7446bfcc192057
 
s390:
jfreechart-0.9.20-3.rhn.noarch.rpm     MD5: cfc7603d28a252820ca9f9fa299b8f4f
mod_perl-2.0.2-12.el4.s390.rpm     MD5: af01dacbcf284aa3dc1c472c2bbe245f
perl-Crypt-CBC-2.24-1.el4.noarch.rpm     MD5: 035aa79fece479a9264aa58309398e16
rhn-html-5.1.1-7.noarch.rpm     MD5: 3ef2949623a06ada06a724a97193440f
tomcat5-5.0.30-0jpp_10rh.noarch.rpm
File outdated by:  RHSA-2009:1617
    MD5: 0b2b76b8b4354872ba7446bfcc192057
 
s390x:
jfreechart-0.9.20-3.rhn.noarch.rpm     MD5: cfc7603d28a252820ca9f9fa299b8f4f
mod_perl-2.0.2-12.el4.s390x.rpm     MD5: 60e6955ec537140e7d8685f7f71b2cdd
perl-Crypt-CBC-2.24-1.el4.noarch.rpm     MD5: 035aa79fece479a9264aa58309398e16
rhn-html-5.1.1-7.noarch.rpm     MD5: 3ef2949623a06ada06a724a97193440f
tomcat5-5.0.30-0jpp_10rh.noarch.rpm
File outdated by:  RHSA-2009:1617
    MD5: 0b2b76b8b4354872ba7446bfcc192057
 
x86_64:
jfreechart-0.9.20-3.rhn.noarch.rpm     MD5: cfc7603d28a252820ca9f9fa299b8f4f
mod_perl-2.0.2-12.el4.x86_64.rpm     MD5: 517f3ed6b117087665ddb63571cabfa8
perl-Crypt-CBC-2.24-1.el4.noarch.rpm     MD5: 035aa79fece479a9264aa58309398e16
rhn-html-5.1.1-7.noarch.rpm     MD5: 3ef2949623a06ada06a724a97193440f
tomcat5-5.0.30-0jpp_10rh.noarch.rpm
File outdated by:  RHSA-2009:1617
    MD5: 0b2b76b8b4354872ba7446bfcc192057
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

238401 - CVE-2005-4838 tomcat manager example DoS
240423 - CVE-2007-1349 mod_perl PerlRun denial of service
244803 - CVE-2007-1358 tomcat accept-language xss flaw
244804 - CVE-2007-2449 tomcat examples jsp XSS
253166 - CVE-2007-1355 tomcat XSS in samples
333791 - CVE-2007-5461 Absolute path traversal Apache Tomcat WEBDAV
421081 - CVE-2007-6306 JFreeChart: XSS vulnerabilities in the image map feature
429821 - CVE-2008-0128 tomcat5 SSO cookie login information disclosure
430522 - CVE-2006-0898 perl-Crypt-CBC weaker encryption with some ciphers
430646 - CVE-2006-0254 tomcat examples XSS
452461 - CVE-2008-2369 RHN Satellite: information disclosure via manzier.pxt RPC script


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/