ESB-2018.0515 - [RedHat] Red Hat Satellite 6: Multiple vulnerabilities 2018-02-22

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.0515
    Important: Satellite 6.3 security, bug fix, and enhancement update
                             22 February 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Red Hat Satellite 6
Publisher:         Red Hat
Operating System:  Red Hat
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated      
                   Access Privileged Data          -- Existing Account            
                   Modify Arbitrary Files          -- Existing Account            
                   Cross-site Scripting            -- Remote with User Interaction
                   Provide Misleading Information  -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-2672 CVE-2017-2667 CVE-2016-9595
                   CVE-2016-9593 CVE-2016-8639 CVE-2016-6319
                   CVE-2016-4996 CVE-2016-4995 CVE-2016-4451
                   CVE-2016-3704 CVE-2016-3696 CVE-2016-3693
                   CVE-2016-1669 CVE-2014-8183 CVE-2013-6459

Reference:         ASB-2016.0055
                   ESB-2016.1383
                   ESB-2016.1209

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2018:0336

- --------------------------BEGIN INCLUDED TEXT--------------------

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: Satellite 6.3 security, bug fix, and
enhancement update
Advisory ID:       RHSA-2018:0336-01
Product:           Red Hat Satellite 6
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:0336
Issue date:        2018-02-21
CVE Names:         CVE-2013-6459 CVE-2014-8183 CVE-2016-1669
                   CVE-2016-3693 CVE-2016-3696 CVE-2016-3704
                   CVE-2016-4451 CVE-2016-4995 CVE-2016-4996
                   CVE-2016-6319 CVE-2016-8639 CVE-2016-9593
                   CVE-2016-9595 CVE-2017-2667 CVE-2017-2672
=====================================================================

1. Summary:

An update is now available for Red Hat Satellite.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Satellite 6.3 - noarch, x86_64
Red Hat Satellite Capsule 6.3 - noarch, x86_64

3. Description:

Red Hat Satellite is a systems management tool for Linux-based
infrastructure. It allows for provisioning, remote management, and
monitoring of multiple Linux deployments with a single centralized tool.

This update provides Satellite 6.3 packages for Red Hat Enterprise Linux 7
Satellite server. For the full list of new features provided by Satellite
6.3, see the Release Notes linked to in the references section. See the
Satellite 6 Installation Guide for detailed instructions on how to install
a new Satellite 6.3 environment, or the Satellite 6 Upgrading and Updating
guide for detailed instructions on how to upgrade from prior versions of
Satellite 6.

All users who require Satellite version 6.3 are advised to install these
new packages.

Security Fix(es):

* V8: integer overflow leading to buffer overflow in Zone::New
(CVE-2016-1669)

* rubygem-will_paginate: XSS vulnerabilities (CVE-2013-6459)

* foreman: models with a 'belongs_to' association to an Organization do not
verify association belongs to that Organization (CVE-2014-8183)

* foreman: inspect in a provisioning template exposes sensitive controller
information (CVE-2016-3693)

* pulp: Unsafe use of bash $RANDOM for NSS DB password and seed
(CVE-2016-3704)

* foreman: privilege escalation through Organization and Locations API
(CVE-2016-4451)

* foreman: inside discovery-debug, the root password is displayed in
plaintext (CVE-2016-4996)

* foreman: Persistent XSS in Foreman remote execution plugin
(CVE-2016-6319)

* foreman: Stored XSS via organization/location with HTML in name
(CVE-2016-8639)

* katello-debug: Possible symlink attacks due to use of predictable file
names (CVE-2016-9595)

* rubygem-hammer_cli: no verification of API server's SSL certificate
(CVE-2017-2667)

* foreman: Image password leak (CVE-2017-2672)

* pulp: Leakage of CA key in pulp-qpid-ssl-cfg (CVE-2016-3696)

* foreman: Information disclosure in provisioning template previews
(CVE-2016-4995)

* foreman-debug: missing obfuscation of sensitive information
(CVE-2016-9593)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Red Hat would like to thank Randy Barlow (RedHat) for reporting
CVE-2016-3704 and Sander Bos for reporting CVE-2016-3696. The CVE-2014-8183
issue was discovered by Eric Helms (Red Hat); the CVE-2016-3693 and
CVE-2016-4995 issues were discovered by Dominic Cleal (Red Hat); the
CVE-2016-4451 and CVE-2016-6319 issues were discovered by Marek HulA?n (Red
Hat); the CVE-2016-4996 issue was discovered by Thom Carlin (Red Hat); the
CVE-2016-8639 issue was discovered by Sanket Jagtap (Red Hat); the
CVE-2016-9595 issue was discovered by Evgeni Golov (Red Hat); the
CVE-2017-2667 issue was discovered by Tomas Strachota (Red Hat); and the
CVE-2016-9593 issue was discovered by Pavel Moravec (Red Hat).

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update this system to include these fixes, ensure your system has access
to the latest Red Hat packages, then execute the following steps.

If you are on a self-registered Satellite, download all packages before
stopping Satellite Server:
# yum update --downloadonly

Stop Katello services:
# katello-service stop

Update all packages:
# yum update

Perform the update:
# satellite-installer --upgrade

For detailed instructions how to apply this update, refer to:

https://access.redhat.com/documentation/en-us/red_hat_satellite/6.3/html/in
stallation_guide/updating_satellite_server_capsule_server_and_content_hosts

5. Bugs fixed (https://bugzilla.redhat.com/):

1019214 - [RFE] Connect foreman bootiso when creating a new VM and boot
from it.
1046642 - CVE-2013-6459 rubygem-will_paginate: XSS vulnerabilities
1132402 - [RFE] Support Facter 2 structured facts
1133515 - [RFE] Hammer repository upload-content doesn't support globs
1140671 - [RFE] API Missing creation of smart proxy autosign entries
1144042 - [RFE] API Missing activation key listing available service_levels
1145653 - [RFE] Satellite 6: UEFI PXE support
1154382 - [RFE] Ability to use tokenized authentication to hammer in lieu
of username/password in configuration file.
1177766 - [RFE] Republish composite content views on republished component
content view
1187338 - [RFE] Patch management functionality of satellite missing patch
management functionality
1190002 - [RFE] add "update all" button to host collections package update,
selecting multiple content hosts
1199204 - [RFE] Content Hosts: UI should have some indicator as if/which
capsule is providing content
1210878 - [RFE] Allow user to disable SSL verification for custom
repositories hosted via SSL
1215825 - [RFE] Showing Packages that can be updated on a content-host
via the UI
1217523 - [RFE] Request for the support of mirrorlists for rpm repository
feeds
1245642 - [RFE] Allow editing of taxonomy for discovered hosts
1255484 - [RFE] Make subnet an optional field
1257588 - [RFE] API routes for repositories in consistent with filter on
per product and per organization
1260697 - [RFE] As a CLI user, I should be able to set the Content Source
for a host and hostgroup.
1263748 - [RFE] Using Dynconsole to review tasks, unable to get back to
Satellite GUI missing a "back" button
1264043 - [RFE] Unable to edit Mail configuration in API and WebUI
1264732 - [RFE] Predefined role which is equivalent of ORG ADMIN
1265125 - [RFE] Allow activation keys to enable product repos regardless
of whether there is a subscription attached or not
1270771 - [RFE] Possibility to set value of memory for compute profile
under RHEV other then dropdown list
1274159 - [RFE] Add content counters to Content View Versions Repositories
overview
1278642 - [RFE] Expose config groups in host yaml
1278644 - [RFE] manage provisioning templates outside of the web interface
1284686 - [RFE] Support use of snapshots in katello-backup to allow service
to be restored quickly
1291935 - [RFE] support for Parametized Subnets
1292510 - [RFE] Satellite should support OpenSCAP tailoring file
1293538 - [RFE] Netgroup LDAP Authentication with Satellite 6.
1303103 - [RFE] Allow ISO repositories to be added to a content view and
published/distributed
1304608 - [RFE] Manager and viewer role do not contain permissions for
katello, rex and other plugins actions
1305059 - [RFE] [Sat6] allow multiple rpms to be added via hammer
content-view filter rule create
1306723 - [RFE] add multiple content views to a CCV which contain the
same repository
1309569 - [RFE] Composite Content View Web UI: show if "Latest" view is
in use or if new version of content view available
1309944 - [RFE] Create/update composite content-view by content-view Names
1313634 - [RFE] Warning message while pulp-puppet-module-builder overwrites
existing module files.
1317614 - [RFE] - "hammer info" command should have information related to
"Host Status"
1318534 - [RFE] Puppet classes inherited from a parent should indicate
which one
1323436 - [RFE] Latest available packages are not listed in the update
list over the Satellite Server Web UI
1324508 - [RFE] Accept 'organization' and 'location' parameters for POST/PUT
requests for discovery rules
1327030 - [RFE] Add extension point to Subnets form for Discovery Proxy
1327471 - CVE-2016-3693 foreman: inspect in a provisioning template exposes
sensitive controller information
1328238 - [RFE] katello-backup report times
1328930 - CVE-2016-3696 pulp: Leakage of CA key in pulp-qpid-ssl-cfg
1330264 - CVE-2016-3704 pulp: Unsafe use of bash $RANDOM for NSS DB password
and seed
1335449 - CVE-2016-1669 V8: integer overflow leading to buffer overflow
in Zone::New
1336924 - [RFE]hypervisors that do NOT have a subscription attached should
NOT be green under content hosts
1339715 - [RFE] Initiate OpenSCAP scan from web ui
1339889 - CVE-2016-4451 foreman: privilege escalation through Organization
and Locations API
1340559 - [RFE] Add ability to Sort Content Hosts by additional column
headers in WebUI
1342623 - [RFE] Extend the foreman API for improved compliance/openscap usage
1344049 - [RFE] Ability to use subscription associated to hypervisor when
adding a server with activation key
1348939 - CVE-2016-4995 foreman: Information disclosure in provisioning
template previews
1349136 - CVE-2016-4996 foreman: inside discovery-debug, the root password
is displayed in plaintext
1361473 - [RFE] - Display the errata or packages that would
applicable/installable for a given host using Hammer CLI
1365815 - CVE-2016-6319 foreman: Persistent XSS in Foreman remote execution
plugin
1366029 - [RFE] satellite installer doesn't allow for upgrading puppet
1370168 - [RFE] Update foreman-debug to by default not disclose confidential
passwords and private keys
1376134 - [RFE] Pulp should log content unit downloads at a level other
than DEBUG
1376191 - [RFE] Capability to Red Hat Satellite 6 to provision clients on
IBM POWER
1382356 - [RFE] Delete smart class parameter when a puppet class is deleted
1382735 - [RFE] Allow accessing all template names for a host (in safe mode)
1384146 - [RFE] Discovery should not create an entry if the mac/serialnumber
already exists as managed
1384548 - [RFE] cronjob to clear old tasks
1386266 - [RFE] krb5 support for remote execution job invocations
1386278 - [RFE] Job invocations should timeout
1390545 - [RFE] hammer sync-plan info should show associated products
1391831 - [RFE] Include Host's Host Collection to YAML definition.
1393291 - CVE-2016-8639 foreman: Stored XSS via organization/location with
HTML in name
1393409 - [RFE] Enable Process Recycling for Pulp Worker Processes
1394056 - [RFE] Getting IP Auto-Suggestion via API
1402922 - [RFE] Publishing provisioning template by version control system
1406384 - CVE-2016-9593 foreman-debug: missing obfuscation of sensitive
information
1406729 - CVE-2016-9595 katello-debug: Possible symlink attacks due to
use of predictable file names
1410872 - [RFE] Rake task needed to clean up repos published to wrong
directory
1412186 - [RFE] Track what user executed remote job in the production.log
1413851 - [RFE] OpenSCAP download full report XML is not usable, include
the html or PDF report.
1416119 - [RFE] foreman-debug takes >  1 hour  to complete at scale
1417073 - [RFE] Enhance Satelltie 6 UI to make the need for virt-who apparent
1420711 - [RFE] - Applying Erratum to a client, Cancel and Next button
only visible while scrolling through the entire list of content-hosts
1422458 - [RFE] The search function shows dummy facts that are not used
any more and the dummy facts should be deleted
1425121 - [RFE] Sort smart class parameter overrides by resolution order
1425523 - [RFE] Update Subscriptions Page in Satellite 6 to point to
customer portal landing page.
1426404 - [RFE] Backport session/request id in logs
1426411 - [RFE] Allow batched content install actions during errata install
1426448 - [RFE] Add schema to full backup if dbfiles are corrupted
1428761 - [RFE] Show upgradable package count in Content Hosts list and
at the Content Host page
1429426 - [RFE] set release version of a content host via bulk action
1434069 - [RFE] max_memory_per_executor support
1435972 - [RFE] - Option to disable autostart for puppet agent
1436262 - CVE-2017-2667 rubygem-hammer_cli: no verification of API server's
SSL certificate
1438376 - [RFE] Hammer location list to optionally show parents of location
1439537 - CVE-2017-2672 foreman: Image password leak
1439850 - [RFE] Allow setting HTTPS CDN URLs in Satellite
1445807 - [RFE] Allow choice of target shell in Remote Execution
1446707 - [RFE] add confirmation step for manifest deletion (explaining
when refresh will do, and when have to use delete)
1446719 - [RFE] Refreshing a manifest should re-generate entitlement
certificates.
1452124 - [RFE] Hammer cli does not list Type field when listing
subscriptions.
1455057 - [RFE] As a user, I expect the smart proxies page list of features
to be sorted consistently
1455455 - [RFE] PXE less provisioning - Add delay to discovery image boot
for slow DHCP networks
1458817 - [RFE] Prioritize attribute order in puppet classes limited to
255 chars
1464224 - [RFE] make the "Type" of a subscription a searchable unit
1468248 - [RFE] add task start time to "latest warning/error task"
dashboard widget
1480346 - [RFE] Need a server side tool to assist with the process of
changing the hostname of the Katello server
1480348 - [RFE] API to fetch list of hosts without full host details
1480886 - CVE-2014-8183 foreman: models with a 'belongs_to' association
to an Organization do not verify association belongs to that Organization
1493001 - [RFE] Add NIC ignore patterns for OpenStack and OpenShift
1493494 - [RFE] While adding a content-view to a composite view which is
not published, clicking "Add Content Views" button does nothing, it should
give an error.
1517827 - [RFE] Satellite 6: add the ability to choose supported cipher
suites for Tomcat
1529099 - [RFE] Users with email address more than 60 characters should
be able to login to Satellite GUI

6. Package List:

Red Hat Satellite Capsule 6.3:

Source:
foreman-1.15.6.34-1.el7sat.src.rpm
foreman-bootloaders-redhat-201801241201-2.el7sat.src.rpm
foreman-discovery-image-3.4.4-1.el7sat.src.rpm
foreman-installer-1.15.6.8-1.el7sat.src.rpm
foreman-proxy-1.15.6.4-1.el7sat.src.rpm
foreman-selinux-1.15.6.2-1.el7sat.src.rpm
hiera-1.3.1-2.el7sat.src.rpm
katello-3.4.5-15.el7sat.src.rpm
katello-certs-tools-2.4.0-1.el7sat.src.rpm
katello-client-bootstrap-1.5.1-1.el7sat.src.rpm
katello-installer-base-3.4.5.26-1.el7sat.src.rpm
katello-selinux-3.0.2-1.el7sat.src.rpm
kobo-0.5.1-1.el7sat.src.rpm
pulp-2.13.4.6-1.el7sat.src.rpm
pulp-docker-2.4.1-2.el7sat.src.rpm
pulp-katello-1.0.2-1.el7sat.src.rpm
pulp-ostree-1.2.1.1-1.el7sat.src.rpm
pulp-puppet-2.13.4-3.el7sat.src.rpm
pulp-rpm-2.13.4.8-1.el7sat.src.rpm
puppet-foreman_scap_client-0.3.16-1.el7sat.src.rpm
python-zope-interface-4.0.5-4.el7.src.rpm
redhat-access-insights-puppet-0.0.9-2.el7sat.src.rpm
rubygem-kafo-2.0.2-1.el7sat.src.rpm
rubygem-kafo_parsers-0.1.6-1.el7sat.src.rpm
rubygem-kafo_wizards-0.0.1-2.el7sat.src.rpm
rubygem-smart_proxy_dhcp_remote_isc-0.0.2.1-1.fm1_15.el7sat.src.rpm
rubygem-smart_proxy_discovery-1.0.4-3.el7sat.src.rpm
rubygem-smart_proxy_discovery_image-1.0.9-1.el7sat.src.rpm
rubygem-smart_proxy_dynflow-0.1.10-1.el7sat.src.rpm
rubygem-smart_proxy_openscap-0.6.9-1.el7sat.src.rpm
rubygem-smart_proxy_pulp-1.3.0-1.git.0.b5c2768.el7sat.src.rpm
rubygem-smart_proxy_remote_execution_ssh-0.1.6-1.el7sat.src.rpm
rubygem-tilt-1.3.7-2.git.0.3b416c9.el7sat.src.rpm
satellite-6.3.0-23.0.el7sat.src.rpm
satellite-installer-6.3.0.12-1.el7sat.src.rpm
tfm-rubygem-foreman-tasks-core-0.1.8-1.fm1_15.el7sat.src.rpm
tfm-rubygem-foreman_remote_execution_core-1.0.6-1.fm1_15.el7sat.src.rpm
tfm-rubygem-smart_proxy_dynflow_core-0.1.10-1.fm1_15.el7sat.src.rpm

noarch:
foreman-bootloaders-redhat-201801241201-2.el7sat.noarch.rpm
foreman-bootloaders-redhat-tftpboot-201801241201-2.el7sat.noarch.rpm
foreman-debug-1.15.6.34-1.el7sat.noarch.rpm
foreman-discovery-image-3.4.4-1.el7sat.noarch.rpm
foreman-installer-1.15.6.8-1.el7sat.noarch.rpm
foreman-installer-katello-3.4.5.26-1.el7sat.noarch.rpm
foreman-proxy-1.15.6.4-1.el7sat.noarch.rpm
foreman-proxy-content-3.4.5-15.el7sat.noarch.rpm
foreman-selinux-1.15.6.2-1.el7sat.noarch.rpm
hiera-1.3.1-2.el7sat.noarch.rpm
katello-certs-tools-2.4.0-1.el7sat.noarch.rpm
katello-client-bootstrap-1.5.1-1.el7sat.noarch.rpm
katello-debug-3.4.5-15.el7sat.noarch.rpm
katello-installer-base-3.4.5.26-1.el7sat.noarch.rpm
katello-selinux-3.0.2-1.el7sat.noarch.rpm
katello-service-3.4.5-15.el7sat.noarch.rpm
kobo-0.5.1-1.el7sat.noarch.rpm
pulp-admin-client-2.13.4.6-1.el7sat.noarch.rpm
pulp-docker-admin-extensions-2.4.1-2.el7sat.noarch.rpm
pulp-docker-plugins-2.4.1-2.el7sat.noarch.rpm
pulp-katello-1.0.2-1.el7sat.noarch.rpm
pulp-nodes-child-2.13.4.6-1.el7sat.noarch.rpm
pulp-nodes-common-2.13.4.6-1.el7sat.noarch.rpm
pulp-nodes-parent-2.13.4.6-1.el7sat.noarch.rpm
pulp-ostree-admin-extensions-1.2.1.1-1.el7sat.noarch.rpm
pulp-ostree-plugins-1.2.1.1-1.el7sat.noarch.rpm
pulp-puppet-admin-extensions-2.13.4-3.el7sat.noarch.rpm
pulp-puppet-plugins-2.13.4-3.el7sat.noarch.rpm
pulp-rpm-admin-extensions-2.13.4.8-1.el7sat.noarch.rpm
pulp-rpm-plugins-2.13.4.8-1.el7sat.noarch.rpm
pulp-selinux-2.13.4.6-1.el7sat.noarch.rpm
pulp-server-2.13.4.6-1.el7sat.noarch.rpm
puppet-foreman_scap_client-0.3.16-1.el7sat.noarch.rpm
python-pulp-agent-lib-2.13.4.6-1.el7sat.noarch.rpm
python-pulp-bindings-2.13.4.6-1.el7sat.noarch.rpm
python-pulp-client-lib-2.13.4.6-1.el7sat.noarch.rpm
python-pulp-common-2.13.4.6-1.el7sat.noarch.rpm
python-pulp-docker-common-2.4.1-2.el7sat.noarch.rpm
python-pulp-oid_validation-2.13.4.6-1.el7sat.noarch.rpm
python-pulp-ostree-common-1.2.1.1-1.el7sat.noarch.rpm
python-pulp-puppet-common-2.13.4-3.el7sat.noarch.rpm
python-pulp-repoauth-2.13.4.6-1.el7sat.noarch.rpm
python-pulp-rpm-common-2.13.4.8-1.el7sat.noarch.rpm
python-pulp-streamer-2.13.4.6-1.el7sat.noarch.rpm
redhat-access-insights-puppet-0.0.9-2.el7sat.noarch.rpm
rubygem-kafo-2.0.2-1.el7sat.noarch.rpm
rubygem-kafo_parsers-0.1.6-1.el7sat.noarch.rpm
rubygem-kafo_wizards-0.0.1-2.el7sat.noarch.rpm
rubygem-smart_proxy_dhcp_remote_isc-0.0.2.1-1.fm1_15.el7sat.noarch.rpm
rubygem-smart_proxy_discovery-1.0.4-3.el7sat.noarch.rpm
rubygem-smart_proxy_discovery_image-1.0.9-1.el7sat.noarch.rpm
rubygem-smart_proxy_dynflow-0.1.10-1.el7sat.noarch.rpm
rubygem-smart_proxy_openscap-0.6.9-1.el7sat.noarch.rpm
rubygem-smart_proxy_pulp-1.3.0-1.git.0.b5c2768.el7sat.noarch.rpm
rubygem-smart_proxy_remote_execution_ssh-0.1.6-1.el7sat.noarch.rpm
rubygem-tilt-1.3.7-2.git.0.3b416c9.el7sat.noarch.rpm
satellite-capsule-6.3.0-23.0.el7sat.noarch.rpm
satellite-common-6.3.0-23.0.el7sat.noarch.rpm
satellite-debug-tools-6.3.0-23.0.el7sat.noarch.rpm
satellite-installer-6.3.0.12-1.el7sat.noarch.rpm
tfm-rubygem-foreman-tasks-core-0.1.8-1.fm1_15.el7sat.noarch.rpm
tfm-rubygem-foreman_remote_execution_core-1.0.6-1.fm1_15.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dynflow_core-0.1.10-1.fm1_15.el7sat.noarch.rpm

x86_64:
python-zope-interface-4.0.5-4.el7.x86_64.rpm
python-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm

Red Hat Satellite 6.3:

Source:
candlepin-2.1.14-1.el7.src.rpm
foreman-1.15.6.34-1.el7sat.src.rpm
foreman-bootloaders-redhat-201801241201-2.el7sat.src.rpm
foreman-discovery-image-3.4.4-1.el7sat.src.rpm
foreman-installer-1.15.6.8-1.el7sat.src.rpm
foreman-proxy-1.15.6.4-1.el7sat.src.rpm
foreman-selinux-1.15.6.2-1.el7sat.src.rpm
hiera-1.3.1-2.el7sat.src.rpm
katello-3.4.5-15.el7sat.src.rpm
katello-certs-tools-2.4.0-1.el7sat.src.rpm
katello-client-bootstrap-1.5.1-1.el7sat.src.rpm
katello-installer-base-3.4.5.26-1.el7sat.src.rpm
katello-selinux-3.0.2-1.el7sat.src.rpm
kobo-0.5.1-1.el7sat.src.rpm
pulp-2.13.4.6-1.el7sat.src.rpm
pulp-docker-2.4.1-2.el7sat.src.rpm
pulp-katello-1.0.2-1.el7sat.src.rpm
pulp-ostree-1.2.1.1-1.el7sat.src.rpm
pulp-puppet-2.13.4-3.el7sat.src.rpm
pulp-rpm-2.13.4.8-1.el7sat.src.rpm
puppet-foreman_scap_client-0.3.16-1.el7sat.src.rpm
python-zope-interface-4.0.5-4.el7.src.rpm
redhat-access-insights-puppet-0.0.9-2.el7sat.src.rpm
rubygem-foreman_scap_client-0.3.0-2.el7sat.src.rpm
rubygem-kafo-2.0.2-1.el7sat.src.rpm
rubygem-kafo_parsers-0.1.6-1.el7sat.src.rpm
rubygem-kafo_wizards-0.0.1-2.el7sat.src.rpm
rubygem-smart_proxy_dhcp_remote_isc-0.0.2.1-1.fm1_15.el7sat.src.rpm
rubygem-smart_proxy_discovery-1.0.4-3.el7sat.src.rpm
rubygem-smart_proxy_discovery_image-1.0.9-1.el7sat.src.rpm
rubygem-smart_proxy_dynflow-0.1.10-1.el7sat.src.rpm
rubygem-smart_proxy_openscap-0.6.9-1.el7sat.src.rpm
rubygem-smart_proxy_pulp-1.3.0-1.git.0.b5c2768.el7sat.src.rpm
rubygem-smart_proxy_remote_execution_ssh-0.1.6-1.el7sat.src.rpm
rubygem-tilt-1.3.7-2.git.0.3b416c9.el7sat.src.rpm
satellite-6.3.0-23.0.el7sat.src.rpm
satellite-installer-6.3.0.12-1.el7sat.src.rpm
tfm-rubygem-bastion-5.1.1.4-1.fm1_15.el7sat.src.rpm
tfm-rubygem-foreman-redhat_access-2.0.13-1.el7sat.src.rpm
tfm-rubygem-foreman-tasks-0.9.6.4-1.fm1_15.el7sat.src.rpm
tfm-rubygem-foreman-tasks-core-0.1.8-1.fm1_15.el7sat.src.rpm
tfm-rubygem-foreman_bootdisk-10.0.2.2-1.fm1_15.el7sat.src.rpm
tfm-rubygem-foreman_discovery-9.1.5.3-1.fm1_15.el7sat.src.rpm
tfm-rubygem-foreman_docker-3.1.0.3-1.fm1_15.el7sat.src.rpm
tfm-rubygem-foreman_hooks-0.3.14-1.fm1_15.el7sat.src.rpm
tfm-rubygem-foreman_openscap-0.7.11-1.fm1_15.el7sat.src.rpm
tfm-rubygem-foreman_remote_execution-1.3.7.2-1.fm1_15.el7sat.src.rpm
tfm-rubygem-foreman_remote_execution_core-1.0.6-1.fm1_15.el7sat.src.rpm
tfm-rubygem-foreman_templates-5.0.1-1.fm1_15.el7sat.src.rpm
tfm-rubygem-foreman_theme_satellite-1.0.4.16-1.el7sat.src.rpm
tfm-rubygem-foreman_virt_who_configure-0.1.9-1.fm1_15.el7sat.src.rpm
tfm-rubygem-hammer_cli-0.11.0.1-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_csv-2.3.0-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman-0.11.0.5-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_admin-0.0.8-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_bootdisk-0.1.3.3-2.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_discovery-1.0.0-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_docker-0.0.6-2.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_openscap-0.1.5-1.fm1_15.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_remote_execution-0.0.6-1.fm1_15.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_tasks-0.0.12-1.fm1_15.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.3-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_katello-0.11.3.5-1.el7sat.src.rpm
tfm-rubygem-katello-3.4.5.58-1.el7sat.src.rpm
tfm-rubygem-ovirt_provision_plugin-1.0.2-1.fm1_15.el7sat.src.rpm
tfm-rubygem-smart_proxy_dynflow_core-0.1.10-1.fm1_15.el7sat.src.rpm

noarch:
candlepin-2.1.14-1.el7.noarch.rpm
candlepin-selinux-2.1.14-1.el7.noarch.rpm
foreman-1.15.6.34-1.el7sat.noarch.rpm
foreman-bootloaders-redhat-201801241201-2.el7sat.noarch.rpm
foreman-bootloaders-redhat-tftpboot-201801241201-2.el7sat.noarch.rpm
foreman-cli-1.15.6.34-1.el7sat.noarch.rpm
foreman-compute-1.15.6.34-1.el7sat.noarch.rpm
foreman-debug-1.15.6.34-1.el7sat.noarch.rpm
foreman-discovery-image-3.4.4-1.el7sat.noarch.rpm
foreman-ec2-1.15.6.34-1.el7sat.noarch.rpm
foreman-gce-1.15.6.34-1.el7sat.noarch.rpm
foreman-installer-1.15.6.8-1.el7sat.noarch.rpm
foreman-installer-katello-3.4.5.26-1.el7sat.noarch.rpm
foreman-libvirt-1.15.6.34-1.el7sat.noarch.rpm
foreman-openstack-1.15.6.34-1.el7sat.noarch.rpm
foreman-ovirt-1.15.6.34-1.el7sat.noarch.rpm
foreman-postgresql-1.15.6.34-1.el7sat.noarch.rpm
foreman-proxy-1.15.6.4-1.el7sat.noarch.rpm
foreman-proxy-content-3.4.5-15.el7sat.noarch.rpm
foreman-rackspace-1.15.6.34-1.el7sat.noarch.rpm
foreman-selinux-1.15.6.2-1.el7sat.noarch.rpm
foreman-vmware-1.15.6.34-1.el7sat.noarch.rpm
hiera-1.3.1-2.el7sat.noarch.rpm
katello-3.4.5-15.el7sat.noarch.rpm
katello-certs-tools-2.4.0-1.el7sat.noarch.rpm
katello-client-bootstrap-1.5.1-1.el7sat.noarch.rpm
katello-common-3.4.5-15.el7sat.noarch.rpm
katello-debug-3.4.5-15.el7sat.noarch.rpm
katello-installer-base-3.4.5.26-1.el7sat.noarch.rpm
katello-selinux-3.0.2-1.el7sat.noarch.rpm
katello-service-3.4.5-15.el7sat.noarch.rpm
kobo-0.5.1-1.el7sat.noarch.rpm
pulp-admin-client-2.13.4.6-1.el7sat.noarch.rpm
pulp-docker-admin-extensions-2.4.1-2.el7sat.noarch.rpm
pulp-docker-plugins-2.4.1-2.el7sat.noarch.rpm
pulp-katello-1.0.2-1.el7sat.noarch.rpm
pulp-ostree-admin-extensions-1.2.1.1-1.el7sat.noarch.rpm
pulp-ostree-plugins-1.2.1.1-1.el7sat.noarch.rpm
pulp-puppet-admin-extensions-2.13.4-3.el7sat.noarch.rpm
pulp-puppet-plugins-2.13.4-3.el7sat.noarch.rpm
pulp-puppet-tools-2.13.4-3.el7sat.noarch.rpm
pulp-rpm-admin-extensions-2.13.4.8-1.el7sat.noarch.rpm
pulp-rpm-plugins-2.13.4.8-1.el7sat.noarch.rpm
pulp-selinux-2.13.4.6-1.el7sat.noarch.rpm
pulp-server-2.13.4.6-1.el7sat.noarch.rpm
puppet-foreman_scap_client-0.3.16-1.el7sat.noarch.rpm
python-pulp-bindings-2.13.4.6-1.el7sat.noarch.rpm
python-pulp-client-lib-2.13.4.6-1.el7sat.noarch.rpm
python-pulp-common-2.13.4.6-1.el7sat.noarch.rpm
python-pulp-docker-common-2.4.1-2.el7sat.noarch.rpm
python-pulp-oid_validation-2.13.4.6-1.el7sat.noarch.rpm
python-pulp-ostree-common-1.2.1.1-1.el7sat.noarch.rpm
python-pulp-puppet-common-2.13.4-3.el7sat.noarch.rpm
python-pulp-repoauth-2.13.4.6-1.el7sat.noarch.rpm
python-pulp-rpm-common-2.13.4.8-1.el7sat.noarch.rpm
python-pulp-streamer-2.13.4.6-1.el7sat.noarch.rpm
redhat-access-insights-puppet-0.0.9-2.el7sat.noarch.rpm
rubygem-foreman_scap_client-0.3.0-2.el7sat.noarch.rpm
rubygem-kafo-2.0.2-1.el7sat.noarch.rpm
rubygem-kafo_parsers-0.1.6-1.el7sat.noarch.rpm
rubygem-kafo_wizards-0.0.1-2.el7sat.noarch.rpm
rubygem-smart_proxy_dhcp_remote_isc-0.0.2.1-1.fm1_15.el7sat.noarch.rpm
rubygem-smart_proxy_discovery-1.0.4-3.el7sat.noarch.rpm
rubygem-smart_proxy_discovery_image-1.0.9-1.el7sat.noarch.rpm
rubygem-smart_proxy_dynflow-0.1.10-1.el7sat.noarch.rpm
rubygem-smart_proxy_openscap-0.6.9-1.el7sat.noarch.rpm
rubygem-smart_proxy_pulp-1.3.0-1.git.0.b5c2768.el7sat.noarch.rpm
rubygem-smart_proxy_remote_execution_ssh-0.1.6-1.el7sat.noarch.rpm
rubygem-tilt-1.3.7-2.git.0.3b416c9.el7sat.noarch.rpm
satellite-6.3.0-23.0.el7sat.noarch.rpm
satellite-capsule-6.3.0-23.0.el7sat.noarch.rpm
satellite-cli-6.3.0-23.0.el7sat.noarch.rpm
satellite-common-6.3.0-23.0.el7sat.noarch.rpm
satellite-debug-tools-6.3.0-23.0.el7sat.noarch.rpm
satellite-installer-6.3.0.12-1.el7sat.noarch.rpm
tfm-rubygem-bastion-5.1.1.4-1.fm1_15.el7sat.noarch.rpm
tfm-rubygem-foreman-redhat_access-2.0.13-1.el7sat.noarch.rpm
tfm-rubygem-foreman-tasks-0.9.6.4-1.fm1_15.el7sat.noarch.rpm
tfm-rubygem-foreman-tasks-core-0.1.8-1.fm1_15.el7sat.noarch.rpm
tfm-rubygem-foreman_bootdisk-10.0.2.2-1.fm1_15.el7sat.noarch.rpm
tfm-rubygem-foreman_discovery-9.1.5.3-1.fm1_15.el7sat.noarch.rpm
tfm-rubygem-foreman_docker-3.1.0.3-1.fm1_15.el7sat.noarch.rpm
tfm-rubygem-foreman_hooks-0.3.14-1.fm1_15.el7sat.noarch.rpm
tfm-rubygem-foreman_openscap-0.7.11-1.fm1_15.el7sat.noarch.rpm
tfm-rubygem-foreman_remote_execution-1.3.7.2-1.fm1_15.el7sat.noarch.rpm
tfm-rubygem-foreman_remote_execution_core-1.0.6-1.fm1_15.el7sat.noarch.rpm
tfm-rubygem-foreman_templates-5.0.1-1.fm1_15.el7sat.noarch.rpm
tfm-rubygem-foreman_theme_satellite-1.0.4.16-1.el7sat.noarch.rpm
tfm-rubygem-foreman_virt_who_configure-0.1.9-1.fm1_15.el7sat.noarch.rpm
tfm-rubygem-hammer_cli-0.11.0.1-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_csv-2.3.0-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman-0.11.0.5-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_admin-0.0.8-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_bootdisk-0.1.3.3-2.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_discovery-1.0.0-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_docker-0.0.6-2.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_openscap-0.1.5-1.fm1_15.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_remote_execution-0.0.6-1.fm1_15.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_tasks-0.0.12-1.fm1_15.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.3-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_katello-0.11.3.5-1.el7sat.noarch.rpm
tfm-rubygem-katello-3.4.5.58-1.el7sat.noarch.rpm
tfm-rubygem-katello_ostree-3.4.5.58-1.el7sat.noarch.rpm
tfm-rubygem-ovirt_provision_plugin-1.0.2-1.fm1_15.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dynflow_core-0.1.10-1.fm1_15.el7sat.noarch.rpm

x86_64:
python-zope-interface-4.0.5-4.el7.x86_64.rpm
python-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2013-6459
https://access.redhat.com/security/cve/CVE-2014-8183
https://access.redhat.com/security/cve/CVE-2016-1669
https://access.redhat.com/security/cve/CVE-2016-3693
https://access.redhat.com/security/cve/CVE-2016-3696
https://access.redhat.com/security/cve/CVE-2016-3704
https://access.redhat.com/security/cve/CVE-2016-4451
https://access.redhat.com/security/cve/CVE-2016-4995
https://access.redhat.com/security/cve/CVE-2016-4996
https://access.redhat.com/security/cve/CVE-2016-6319
https://access.redhat.com/security/cve/CVE-2016-8639
https://access.redhat.com/security/cve/CVE-2016-9593
https://access.redhat.com/security/cve/CVE-2016-9595
https://access.redhat.com/security/cve/CVE-2017-2667
https://access.redhat.com/security/cve/CVE-2017-2672
https://access.redhat.com/documentation/en-us/red_hat_satellite/6.3/html/release_notes/
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWo4JBox+lLeg9Ub1AQhY/g/8CsDi+iLU5pYl8bGVAeCyu9tTrqKsIsjp
8Lwn8/Ic+/dSJ7m2jLup2LT6IYNVbf6Jvd0oNLYOIYzivmgrHDiwRjobTXLJt0j5
HKgIuwrYSS+3vXuDRgKC3/Z1ioaOlW2ARg1Gfeh0h38diJmGOX0cwQPBzLLc0ajk
3R7IjnOCP0ORrf8yUAJotXBRwVVva3q34Ad7gh6WYAjtObNXjD2GIuCZ9T4mIsWu
p6bem7sHwUfPHfHzhjW1sJeN3eo37pPOxVmaIV6E5oM0pe3DPjo1mvokavIjJi+z
uCmUrHXQ4fIQi7NtZtUYFEVrnukjvxQY2cNi4WoTgIZgYfG6E67eZBeBdZhacU/o
Ep8AAr4N3+UGmO+fsF4YR8KKYjdqoeAQavevmhoq8SvCGU9IGHRMKE4Q5RJFp/U8
aJ/tliSqR8AqeOn8iaAMPQYS9ii+GFbUok3Lc1OR9L5iVWul9KJRwMLNs9yyqH69
xBi/9DgPRTsgbHOJpaqBK0h8yeM9aGA2/ZbmE2XgC3GhPLqhRPVvS4o9ZBim9G29
dYhdyKUtOYzmpsoH4MR9qkDkYe5ahrMnQi8lmB5ElI/dQqEdndu9S6p3n9w5iOeH
E/4rYbbfnCsep2/x3UX3Uu9ktFRxwLkMS4M0/sLnSHj/K8hZqdw54s7Tfv6R9ErJ
4itxZZ5yGxQ=
=jZzV
-----END PGP SIGNATURE-----

« Back to bulletins