Security Advisory Moderate: Red Hat Network Satellite server security and enhancement update

Advisory: RHSA-2011:1299-1
Type: Security Advisory
Severity: Moderate
Issued on: 2011-09-15
Last updated on: 2011-09-15
Affected Products: Red Hat Network Satellite (v. 5.4 for RHEL 5)
Red Hat Network Satellite (v. 5.4 for RHEL 6)
CVEs (cve.mitre.org): CVE-2011-1594
CVE-2011-2919
CVE-2011-2920
CVE-2011-2927
CVE-2011-3344

Details

Updated packages that fix several security issues and add one enhancement
are now available for Red Hat Network Satellite 5.4.1 for Red Hat
Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Red Hat Network (RHN) Satellite provides a solution to organizations
requiring absolute control over and privacy of the maintenance and package
deployment of their servers. It allows organizations to utilize the
benefits of the Red Hat Network without having to provide public Internet
access to their servers or other client systems.

Multiple cross-site scripting (XSS) flaws were found in the RHN Satellite
web interface. A remote attacker could use these flaws to perform a
cross-site scripting attack against victims using the RHN Satellite web
interface. (CVE-2011-2919, CVE-2011-2920, CVE-2011-2927, CVE-2011-3344)

An open redirect flaw was found in the RHN Satellite web interface login
page. A remote attacker able to trick a victim to open the login page using
a specially-crafted link could redirect the victim to an arbitrary page
after they successfully log in. (CVE-2011-1594)

Red Hat would like to thank Daniel Karanja Muturi for reporting
CVE-2011-2919; Nils Juenemann and The Bearded Warriors for independently
reporting CVE-2011-2920; Nils Juenemann for reporting CVE-2011-2927;
Sylvain Maes for reporting CVE-2011-3344; and Thomas Biege of the SuSE
Security Team for reporting CVE-2011-1594.

This update also adds the following enhancement:

* Session cookies set by RHN Satellite are now marked as HTTPOnly. This
setting helps reduce the impact of cross-site scripting flaws by
instructing the browser to disallow scripts access to those cookies.
(BZ#713477)

Users of Red Hat Network Satellite 5.4.1 are advised to upgrade to these
updated packages, which contain patches to correct these issues and add
this enhancement. For this update to take effect, Red Hat Network Satellite
must be restarted. Refer to the Solution section for details.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Run the following command to restart the Red Hat Network Satellite
server:

# rhn-satellite restart

Updated packages

Red Hat Network Satellite (v. 5.4 for RHEL 5)

SRPMS:
spacewalk-config-1.2.2-7.el5sat.src.rpm     MD5: 8f623fc970e9bc0d27f612d463326a79
SHA-256: 990b1d5bf79eaa1b3eb3cef8d33088f21c341270e6ea1f199adc071f1f82b131
spacewalk-java-1.2.39-98.el5sat.src.rpm
File outdated by:  RHSA-2014:1184
    MD5: 6c61b662014e1233d315a4759763ee28
SHA-256: d28fecd5ab27aef46327d927a58e1da1ea4e513bd38b0c71e603d8f47c733cc9
spacewalk-web-1.2.7-20.el5sat.src.rpm
File outdated by:  RHBA-2012:0520
    MD5: b3c97c3411832b7c77ec60e5a825100a
SHA-256: 1aa7ae191ccf19d3a538e0ca8be84441ecca9141bd105569080d3f7cbebd41d0
 
IA-32:
spacewalk-base-1.2.7-20.el5sat.noarch.rpm
File outdated by:  RHBA-2012:0520
    MD5: edd1004e4ee7e301e782d124fd1d0f50
SHA-256: 0e709dce0b250dc642b9667d1956f7b96c105052156557c5f4a8a886f9c60c93
spacewalk-base-minimal-1.2.7-20.el5sat.noarch.rpm
File outdated by:  RHBA-2012:0520
    MD5: 315a2458b4ed110c429e040d797f88d9
SHA-256: edc30372c12dc20d4178465cce31e0d595da2a4311fccaef4aa2760fb35013d2
spacewalk-config-1.2.2-7.el5sat.noarch.rpm     MD5: a06b4b5dce3445729392366eed13599f
SHA-256: 077d7756f8f468c31f7def441efac804da12a84c2752784e540de9529ffd7795
spacewalk-dobby-1.2.7-20.el5sat.noarch.rpm
File outdated by:  RHBA-2012:0520
    MD5: 3256819b0a07bfccc48508a9dd7d4371
SHA-256: 80d81c6d8697ca68784f07451d97f50ecaaa502b468bd8e56f4a864cdd9db307
spacewalk-grail-1.2.7-20.el5sat.noarch.rpm
File outdated by:  RHBA-2012:0520
    MD5: a3008306026c6c113d2ff34eb397ee29
SHA-256: 6cc69cb3427164adc41baaef3554fa5e7ae2d272e94d1a5aaf2b2aca411b31e0
spacewalk-html-1.2.7-20.el5sat.noarch.rpm
File outdated by:  RHBA-2012:0520
    MD5: 4de0fefb2095ac7f1f18b4a80e3b76f8
SHA-256: 57f87d90a71e270bcc57c3ad0fae08fbf7a213a30bdd1b8e55327c1bcf77c0cf
spacewalk-java-1.2.39-98.el5sat.noarch.rpm
File outdated by:  RHSA-2014:1184
    MD5: 1784709052b55bac26f76c3c2bf199cb
SHA-256: 93d4cbbb231792d284d0e354c71e91aa533881ddac88840f2be3e8ad9c91c028
spacewalk-java-config-1.2.39-98.el5sat.noarch.rpm
File outdated by:  RHSA-2014:1184
    MD5: a84e4ecc33446d51f005492c8b8fe74a
SHA-256: 40317db73d68ee8d113099e77f722b7fc75f8d834e3cb8bfcb78aa3752756cc5
spacewalk-java-lib-1.2.39-98.el5sat.noarch.rpm
File outdated by:  RHSA-2014:1184
    MD5: 380919051e02cf233b8fcaac4af11a53
SHA-256: 12af71731a0c48680ba44aea9273fc1bffb7315b83c20d30f734cc4ecd75b353
spacewalk-java-oracle-1.2.39-98.el5sat.noarch.rpm
File outdated by:  RHSA-2014:1184
    MD5: bd2794b814a254426ee9ab90e8ea1fe1
SHA-256: cace4017e0d80507d90efd6bb33eea826b740328995a0c8fbca538d92a67f478
spacewalk-pxt-1.2.7-20.el5sat.noarch.rpm
File outdated by:  RHBA-2012:0520
    MD5: 1eb1cbf049b76e9ae58364a3efbb3dbf
SHA-256: 0a5fd82010ec7056614801756001aa4b718023af95af3baedcb1e2e78b444438
spacewalk-sniglets-1.2.7-20.el5sat.noarch.rpm
File outdated by:  RHBA-2012:0520
    MD5: 15d504df94ddc252c39b3712e9aa4e62
SHA-256: fde885dc37fa25757ba9fcc7e0d3c6ea40ff3d60bd4619247f5d4f25bab8bd92
spacewalk-taskomatic-1.2.39-98.el5sat.noarch.rpm
File outdated by:  RHSA-2014:1184
    MD5: 8f4645f5f4524060ce464f53c4085993
SHA-256: 1ac951191fca7ee1d812149a41e582795e2db20f80033ebe75a774ac8407e394
 
s390x:
spacewalk-base-1.2.7-20.el5sat.noarch.rpm
File outdated by:  RHBA-2012:0520
    MD5: edd1004e4ee7e301e782d124fd1d0f50
SHA-256: 0e709dce0b250dc642b9667d1956f7b96c105052156557c5f4a8a886f9c60c93
spacewalk-base-minimal-1.2.7-20.el5sat.noarch.rpm
File outdated by:  RHBA-2012:0520
    MD5: 315a2458b4ed110c429e040d797f88d9
SHA-256: edc30372c12dc20d4178465cce31e0d595da2a4311fccaef4aa2760fb35013d2
spacewalk-config-1.2.2-7.el5sat.noarch.rpm     MD5: a06b4b5dce3445729392366eed13599f
SHA-256: 077d7756f8f468c31f7def441efac804da12a84c2752784e540de9529ffd7795
spacewalk-dobby-1.2.7-20.el5sat.noarch.rpm
File outdated by:  RHBA-2012:0520
    MD5: 3256819b0a07bfccc48508a9dd7d4371
SHA-256: 80d81c6d8697ca68784f07451d97f50ecaaa502b468bd8e56f4a864cdd9db307
spacewalk-grail-1.2.7-20.el5sat.noarch.rpm
File outdated by:  RHBA-2012:0520
    MD5: a3008306026c6c113d2ff34eb397ee29
SHA-256: 6cc69cb3427164adc41baaef3554fa5e7ae2d272e94d1a5aaf2b2aca411b31e0
spacewalk-html-1.2.7-20.el5sat.noarch.rpm
File outdated by:  RHBA-2012:0520
    MD5: 4de0fefb2095ac7f1f18b4a80e3b76f8
SHA-256: 57f87d90a71e270bcc57c3ad0fae08fbf7a213a30bdd1b8e55327c1bcf77c0cf
spacewalk-java-1.2.39-98.el5sat.noarch.rpm
File outdated by:  RHSA-2014:1184
    MD5: 1784709052b55bac26f76c3c2bf199cb
SHA-256: 93d4cbbb231792d284d0e354c71e91aa533881ddac88840f2be3e8ad9c91c028
spacewalk-java-config-1.2.39-98.el5sat.noarch.rpm
File outdated by:  RHSA-2014:1184
    MD5: a84e4ecc33446d51f005492c8b8fe74a
SHA-256: 40317db73d68ee8d113099e77f722b7fc75f8d834e3cb8bfcb78aa3752756cc5
spacewalk-java-lib-1.2.39-98.el5sat.noarch.rpm
File outdated by:  RHSA-2014:1184
    MD5: 380919051e02cf233b8fcaac4af11a53
SHA-256: 12af71731a0c48680ba44aea9273fc1bffb7315b83c20d30f734cc4ecd75b353
spacewalk-java-oracle-1.2.39-98.el5sat.noarch.rpm
File outdated by:  RHSA-2014:1184
    MD5: bd2794b814a254426ee9ab90e8ea1fe1
SHA-256: cace4017e0d80507d90efd6bb33eea826b740328995a0c8fbca538d92a67f478
spacewalk-pxt-1.2.7-20.el5sat.noarch.rpm
File outdated by:  RHBA-2012:0520
    MD5: 1eb1cbf049b76e9ae58364a3efbb3dbf
SHA-256: 0a5fd82010ec7056614801756001aa4b718023af95af3baedcb1e2e78b444438
spacewalk-sniglets-1.2.7-20.el5sat.noarch.rpm
File outdated by:  RHBA-2012:0520
    MD5: 15d504df94ddc252c39b3712e9aa4e62
SHA-256: fde885dc37fa25757ba9fcc7e0d3c6ea40ff3d60bd4619247f5d4f25bab8bd92
spacewalk-taskomatic-1.2.39-98.el5sat.noarch.rpm
File outdated by:  RHSA-2014:1184
    MD5: 8f4645f5f4524060ce464f53c4085993
SHA-256: 1ac951191fca7ee1d812149a41e582795e2db20f80033ebe75a774ac8407e394
 
x86_64:
spacewalk-base-1.2.7-20.el5sat.noarch.rpm
File outdated by:  RHBA-2012:0520
    MD5: edd1004e4ee7e301e782d124fd1d0f50
SHA-256: 0e709dce0b250dc642b9667d1956f7b96c105052156557c5f4a8a886f9c60c93
spacewalk-base-minimal-1.2.7-20.el5sat.noarch.rpm
File outdated by:  RHBA-2012:0520
    MD5: 315a2458b4ed110c429e040d797f88d9
SHA-256: edc30372c12dc20d4178465cce31e0d595da2a4311fccaef4aa2760fb35013d2
spacewalk-config-1.2.2-7.el5sat.noarch.rpm     MD5: a06b4b5dce3445729392366eed13599f
SHA-256: 077d7756f8f468c31f7def441efac804da12a84c2752784e540de9529ffd7795
spacewalk-dobby-1.2.7-20.el5sat.noarch.rpm
File outdated by:  RHBA-2012:0520
    MD5: 3256819b0a07bfccc48508a9dd7d4371
SHA-256: 80d81c6d8697ca68784f07451d97f50ecaaa502b468bd8e56f4a864cdd9db307
spacewalk-grail-1.2.7-20.el5sat.noarch.rpm
File outdated by:  RHBA-2012:0520
    MD5: a3008306026c6c113d2ff34eb397ee29
SHA-256: 6cc69cb3427164adc41baaef3554fa5e7ae2d272e94d1a5aaf2b2aca411b31e0
spacewalk-html-1.2.7-20.el5sat.noarch.rpm
File outdated by:  RHBA-2012:0520
    MD5: 4de0fefb2095ac7f1f18b4a80e3b76f8
SHA-256: 57f87d90a71e270bcc57c3ad0fae08fbf7a213a30bdd1b8e55327c1bcf77c0cf
spacewalk-java-1.2.39-98.el5sat.noarch.rpm
File outdated by:  RHSA-2014:1184
    MD5: 1784709052b55bac26f76c3c2bf199cb
SHA-256: 93d4cbbb231792d284d0e354c71e91aa533881ddac88840f2be3e8ad9c91c028
spacewalk-java-config-1.2.39-98.el5sat.noarch.rpm
File outdated by:  RHSA-2014:1184
    MD5: a84e4ecc33446d51f005492c8b8fe74a
SHA-256: 40317db73d68ee8d113099e77f722b7fc75f8d834e3cb8bfcb78aa3752756cc5
spacewalk-java-lib-1.2.39-98.el5sat.noarch.rpm
File outdated by:  RHSA-2014:1184
    MD5: 380919051e02cf233b8fcaac4af11a53
SHA-256: 12af71731a0c48680ba44aea9273fc1bffb7315b83c20d30f734cc4ecd75b353
spacewalk-java-oracle-1.2.39-98.el5sat.noarch.rpm
File outdated by:  RHSA-2014:1184
    MD5: bd2794b814a254426ee9ab90e8ea1fe1
SHA-256: cace4017e0d80507d90efd6bb33eea826b740328995a0c8fbca538d92a67f478
spacewalk-pxt-1.2.7-20.el5sat.noarch.rpm
File outdated by:  RHBA-2012:0520
    MD5: 1eb1cbf049b76e9ae58364a3efbb3dbf
SHA-256: 0a5fd82010ec7056614801756001aa4b718023af95af3baedcb1e2e78b444438
spacewalk-sniglets-1.2.7-20.el5sat.noarch.rpm
File outdated by:  RHBA-2012:0520
    MD5: 15d504df94ddc252c39b3712e9aa4e62
SHA-256: fde885dc37fa25757ba9fcc7e0d3c6ea40ff3d60bd4619247f5d4f25bab8bd92
spacewalk-taskomatic-1.2.39-98.el5sat.noarch.rpm
File outdated by:  RHSA-2014:1184
    MD5: 8f4645f5f4524060ce464f53c4085993
SHA-256: 1ac951191fca7ee1d812149a41e582795e2db20f80033ebe75a774ac8407e394
 
Red Hat Network Satellite (v. 5.4 for RHEL 6)

SRPMS:
spacewalk-config-1.2.2-7.el6sat.src.rpm     MD5: ed4e94fb15d4c76cea4168f26fd171f0
SHA-256: 7c9321c7710db5ed6e35f24796c20afacbe3919153de3c935b7447193ac8531b
spacewalk-java-1.2.39-98.el6sat.src.rpm
File outdated by:  RHSA-2014:1184
    MD5: 580f0a4ce62fb0bd6728cac691646e31
SHA-256: cd3d0d8de15bf280c5cd7fd4246a21111e8d8468345c6c656b8d566001c09044
spacewalk-web-1.2.7-20.el6sat.src.rpm
File outdated by:  RHBA-2012:0520
    MD5: 78f150381164feff0eb29cb80b0fa23f
SHA-256: 967526de78194ec2c107c868c0527077626229b7efe5c8f08e99b915784ec555
 
s390x:
spacewalk-base-1.2.7-20.el6sat.noarch.rpm
File outdated by:  RHBA-2012:0520
    MD5: 4fd1b684c87401a369e8bfd2aa43782b
SHA-256: 01694cde5596ccb0c19df8039d133b0b094864d941c9ce204f68b7bc19ffc75e
spacewalk-base-minimal-1.2.7-20.el6sat.noarch.rpm
File outdated by:  RHBA-2012:0520
    MD5: 2ce11278187766e54051cca7ef8c71aa
SHA-256: fb46d7321e883d67be2d780b06f3ffbb8449edb2265d6c8659a83d25ee842489
spacewalk-config-1.2.2-7.el6sat.noarch.rpm     MD5: db66ad091c74153848e773d7c7124cfa
SHA-256: d4c0f702080f83bf30622979d368cd9f4b54e9ca510ac4649dee93dd63b915dd
spacewalk-dobby-1.2.7-20.el6sat.noarch.rpm
File outdated by:  RHBA-2012:0520
    MD5: 7397ba9c755943e6eac7388e8ba0a95c
SHA-256: ecb21d42977f7fb7332b18f96e7af2a766dbb5372e411281581366f0546a6711
spacewalk-grail-1.2.7-20.el6sat.noarch.rpm
File outdated by:  RHBA-2012:0520
    MD5: 004eeca0b59ad5a42ef8865084c0b439
SHA-256: 98642d30529f6d2c8d682370591b43c6aa88449cceeecb04052acf741fb6dca2
spacewalk-html-1.2.7-20.el6sat.noarch.rpm
File outdated by:  RHBA-2012:0520
    MD5: 7b7be31d7703b57a5073c1f29a193bad
SHA-256: 85cbfd1b9882a9701af3c911c18601598fb5b9fc5d1af02de6211019bedfd89d
spacewalk-java-1.2.39-98.el6sat.noarch.rpm
File outdated by:  RHSA-2014:1184
    MD5: f675d78b5fde120e2e907a0e90df2dda
SHA-256: 1741d34e30f132db61e7cebb8c83c955c4540876b37c1922387000bf0d772c97
spacewalk-java-config-1.2.39-98.el6sat.noarch.rpm
File outdated by:  RHSA-2014:1184
    MD5: 36127e2689375058ed3b3fe2729cb0e0
SHA-256: 07fc5b8c06307db263b8e62af9c591d2a79b6d5d64776db3d84100b3e2334bbe
spacewalk-java-lib-1.2.39-98.el6sat.noarch.rpm
File outdated by:  RHSA-2014:1184
    MD5: 8a0b1b92886088d64c9ced4677d74607
SHA-256: 26905e8e9e5f55b64e9c1ccca14190b57a6f779e441fe403e5f577080e721ed7
spacewalk-java-oracle-1.2.39-98.el6sat.noarch.rpm
File outdated by:  RHSA-2014:1184
    MD5: 2e537f60c94b5f05db876e180f1b627a
SHA-256: 817b44a67315327baa6af8eddb3214652ea7e219efda71c1a07848de86ba5ccf
spacewalk-pxt-1.2.7-20.el6sat.noarch.rpm
File outdated by:  RHBA-2012:0520
    MD5: a75668f794724263baa7125e150006c4
SHA-256: 1ed47d29e6b127ea1fd3fc60e14031ba7a2deaf174da1c510e2ab9c4896249fa
spacewalk-sniglets-1.2.7-20.el6sat.noarch.rpm
File outdated by:  RHBA-2012:0520
    MD5: da9951d6699a7d3fafa4f3adb7eccdf5
SHA-256: 53860658be03b21b1f31d4b32bf50314ad40b8ba415ab224a940f4af0ae33736
spacewalk-taskomatic-1.2.39-98.el6sat.noarch.rpm
File outdated by:  RHSA-2014:1184
    MD5: c28f64722504e2d051fc9a1f0288971b
SHA-256: fd081d1491440043ae2fbb740ab155abcf54adf8898fe11241e355ee6aab3e8d
 
x86_64:
spacewalk-base-1.2.7-20.el6sat.noarch.rpm
File outdated by:  RHBA-2012:0520
    MD5: 4fd1b684c87401a369e8bfd2aa43782b
SHA-256: 01694cde5596ccb0c19df8039d133b0b094864d941c9ce204f68b7bc19ffc75e
spacewalk-base-minimal-1.2.7-20.el6sat.noarch.rpm
File outdated by:  RHBA-2012:0520
    MD5: 2ce11278187766e54051cca7ef8c71aa
SHA-256: fb46d7321e883d67be2d780b06f3ffbb8449edb2265d6c8659a83d25ee842489
spacewalk-config-1.2.2-7.el6sat.noarch.rpm     MD5: db66ad091c74153848e773d7c7124cfa
SHA-256: d4c0f702080f83bf30622979d368cd9f4b54e9ca510ac4649dee93dd63b915dd
spacewalk-dobby-1.2.7-20.el6sat.noarch.rpm
File outdated by:  RHBA-2012:0520
    MD5: 7397ba9c755943e6eac7388e8ba0a95c
SHA-256: ecb21d42977f7fb7332b18f96e7af2a766dbb5372e411281581366f0546a6711
spacewalk-grail-1.2.7-20.el6sat.noarch.rpm
File outdated by:  RHBA-2012:0520
    MD5: 004eeca0b59ad5a42ef8865084c0b439
SHA-256: 98642d30529f6d2c8d682370591b43c6aa88449cceeecb04052acf741fb6dca2
spacewalk-html-1.2.7-20.el6sat.noarch.rpm
File outdated by:  RHBA-2012:0520
    MD5: 7b7be31d7703b57a5073c1f29a193bad
SHA-256: 85cbfd1b9882a9701af3c911c18601598fb5b9fc5d1af02de6211019bedfd89d
spacewalk-java-1.2.39-98.el6sat.noarch.rpm
File outdated by:  RHSA-2014:1184
    MD5: f675d78b5fde120e2e907a0e90df2dda
SHA-256: 1741d34e30f132db61e7cebb8c83c955c4540876b37c1922387000bf0d772c97
spacewalk-java-config-1.2.39-98.el6sat.noarch.rpm
File outdated by:  RHSA-2014:1184
    MD5: 36127e2689375058ed3b3fe2729cb0e0
SHA-256: 07fc5b8c06307db263b8e62af9c591d2a79b6d5d64776db3d84100b3e2334bbe
spacewalk-java-lib-1.2.39-98.el6sat.noarch.rpm
File outdated by:  RHSA-2014:1184
    MD5: 8a0b1b92886088d64c9ced4677d74607
SHA-256: 26905e8e9e5f55b64e9c1ccca14190b57a6f779e441fe403e5f577080e721ed7
spacewalk-java-oracle-1.2.39-98.el6sat.noarch.rpm
File outdated by:  RHSA-2014:1184
    MD5: 2e537f60c94b5f05db876e180f1b627a
SHA-256: 817b44a67315327baa6af8eddb3214652ea7e219efda71c1a07848de86ba5ccf
spacewalk-pxt-1.2.7-20.el6sat.noarch.rpm
File outdated by:  RHBA-2012:0520
    MD5: a75668f794724263baa7125e150006c4
SHA-256: 1ed47d29e6b127ea1fd3fc60e14031ba7a2deaf174da1c510e2ab9c4896249fa
spacewalk-sniglets-1.2.7-20.el6sat.noarch.rpm
File outdated by:  RHBA-2012:0520
    MD5: da9951d6699a7d3fafa4f3adb7eccdf5
SHA-256: 53860658be03b21b1f31d4b32bf50314ad40b8ba415ab224a940f4af0ae33736
spacewalk-taskomatic-1.2.39-98.el6sat.noarch.rpm
File outdated by:  RHSA-2014:1184
    MD5: c28f64722504e2d051fc9a1f0288971b
SHA-256: fd081d1491440043ae2fbb740ab155abcf54adf8898fe11241e355ee6aab3e8d
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

672167 - CVE-2011-1594 RHN Satellite / Spacewalk: login page open redirect via url_bounce
681032 - CVE-2011-2920 Satellite: XSS flaw(s) in filter handling
713477 - [RFE] RHN Satellite / Spacewalk: Enable HTTPOnly cookies support in Satellite / Spacewalk (CWE-79)
713478 - CVE-2011-2919 RHN Satellite / Spacewalk: XSS on SystemGroupList.do page
730955 - CVE-2011-2927 Satellite/Spacewalk: XSS flaw in channels search
731647 - CVE-2011-3344 Satellite/Spacewalk: XSS on the Lost Password page


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/