ESB-2018.3451 - [RedHat] Red Hat Satellite: Reduced security - Unknown/unspecified 2018-11-05

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.3451
          Red Hat Satellite Server 5 - 90 day End Of Life Notice
                              5 November 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Red Hat Satellite
Publisher:         Red Hat
Operating System:  Red Hat
Impact/Access:     Reduced Security -- Unknown/Unspecified
Resolution:        Patch/Upgrade

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2018:3456

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Low: Red Hat Satellite Server 5 - 90 day End Of Life Notice
Advisory ID:       RHSA-2018:3456-01
Product:           Red Hat Satellite
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:3456
Issue date:        2018-11-02
=====================================================================

1. Summary:

This is the 90 day notification of the End Of Life (EOL) plans for the
following versions of Red Hat Satellite 5:

* Red Hat Satellite 5.6
* Red Hat Satellite 5.7

2. Relevant releases/architectures:

Red Hat Satellite 5.6 (RHEL v.6) - noarch
Red Hat Satellite 5.7 (RHEL v.6) - noarch

3. Description:

The RHN service for Satellite 5.7, 5.6, and earlier versions of Satellite 5
will exit the existing Limited Maintenance Release phase and be permanently
shut down on January 31, 2019.

After this date, for the affected Satellite 5 versions:

* No content will be available from RHN. Both system level updates and
channel synchronization will be stopped as a result;

* No Satellite certificates for these versions will be generated or
provided for these EOL product versions;

* As per the life-cycle support policy for Red Hat Satellite, Red Hat will
discontinue technical support services as well as software maintenance
services;

* New bug fixes, security updates, and product enhancements will no longer
be provided.

Details of the Satellite support policy can be found at:

https://access.redhat.com/support/policy/updates/satellite/

Notes:

1) Red Hat will continue to support Red Hat Satellite and Proxy version
5.8.

2) Red Hat Satellite 5.6 and Red Hat Satellite 5.7 will be EOL on January
31, 2019. They will have to be upgraded.

How to proceed:

* Plan to upgrade to a newer version prior to January 31, 2019. You are
strongly encouraged to upgrade to Red Hat Satellite 5.8 immediately, which
will be supported through May 31, 2020. You are also encouraged to plan a
longer-term transition to Satellite 6, but to first ensure all Satellite
and Proxy versions 5.7 and earlier have been upgraded prior to January 31,
2019.

* If you have a Technical Account Manager, consider contacting that person
immediately to assist with your upgrade plans. Otherwise, contact Red Hat
support for assistance at https://www.redhat.com/en/services/support

* Alternatively, Red Hat Consulting can be engaged to assist with a smooth
upgrade, or migration to Satellite 6, see
https://www.redhat.com/en/resources/consulting-offering-transition-to-satel
lite-6-datasheet

Details of the Red Hat Satellite life cycle can be found at
https://access.redhat.com/support/policy/updates/satellite/

4. Solution:

The documentation of the Satellite 5 upgrade process is available in the
Red Hat Satellite 5.8 Installation Guide, linked to in the References
section.

For detailed instructions on upgrading Red Hat Satellite, see the
/etc/sysconfig/rhn/satellite-upgrade/README file within the rhn-upgrade
package. Before proceeding, it is important to read the complete details,
contained within the most current rhn-upgrade package README file.

Before the upgrade, ensure that known good backups are available,
especially of the database.

5. Bugs fixed (https://bugzilla.redhat.com/):

1640535 - Satellite 5.7 and prior end of life - 90 day warning

6. Package List:

Red Hat Satellite 5.6 (RHEL v.6):

Source:
spacewalk-backend-2.0.3-49.el6sat.src.rpm

noarch:
spacewalk-backend-2.0.3-49.el6sat.noarch.rpm
spacewalk-backend-app-2.0.3-49.el6sat.noarch.rpm
spacewalk-backend-applet-2.0.3-49.el6sat.noarch.rpm
spacewalk-backend-config-files-2.0.3-49.el6sat.noarch.rpm
spacewalk-backend-config-files-common-2.0.3-49.el6sat.noarch.rpm
spacewalk-backend-config-files-tool-2.0.3-49.el6sat.noarch.rpm
spacewalk-backend-iss-2.0.3-49.el6sat.noarch.rpm
spacewalk-backend-iss-export-2.0.3-49.el6sat.noarch.rpm
spacewalk-backend-libs-2.0.3-49.el6sat.noarch.rpm
spacewalk-backend-package-push-server-2.0.3-49.el6sat.noarch.rpm
spacewalk-backend-server-2.0.3-49.el6sat.noarch.rpm
spacewalk-backend-sql-2.0.3-49.el6sat.noarch.rpm
spacewalk-backend-sql-oracle-2.0.3-49.el6sat.noarch.rpm
spacewalk-backend-sql-postgresql-2.0.3-49.el6sat.noarch.rpm
spacewalk-backend-tools-2.0.3-49.el6sat.noarch.rpm
spacewalk-backend-xml-export-libs-2.0.3-49.el6sat.noarch.rpm
spacewalk-backend-xmlrpc-2.0.3-49.el6sat.noarch.rpm

Red Hat Satellite 5.7 (RHEL v.6):

Source:
spacewalk-backend-2.3.3-56.el6sat.src.rpm

noarch:
spacewalk-backend-2.3.3-56.el6sat.noarch.rpm
spacewalk-backend-app-2.3.3-56.el6sat.noarch.rpm
spacewalk-backend-applet-2.3.3-56.el6sat.noarch.rpm
spacewalk-backend-config-files-2.3.3-56.el6sat.noarch.rpm
spacewalk-backend-config-files-common-2.3.3-56.el6sat.noarch.rpm
spacewalk-backend-config-files-tool-2.3.3-56.el6sat.noarch.rpm
spacewalk-backend-iss-2.3.3-56.el6sat.noarch.rpm
spacewalk-backend-iss-export-2.3.3-56.el6sat.noarch.rpm
spacewalk-backend-libs-2.3.3-56.el6sat.noarch.rpm
spacewalk-backend-package-push-server-2.3.3-56.el6sat.noarch.rpm
spacewalk-backend-server-2.3.3-56.el6sat.noarch.rpm
spacewalk-backend-sql-2.3.3-56.el6sat.noarch.rpm
spacewalk-backend-sql-oracle-2.3.3-56.el6sat.noarch.rpm
spacewalk-backend-sql-postgresql-2.3.3-56.el6sat.noarch.rpm
spacewalk-backend-tools-2.3.3-56.el6sat.noarch.rpm
spacewalk-backend-xml-export-libs-2.3.3-56.el6sat.noarch.rpm
spacewalk-backend-xmlrpc-2.3.3-56.el6sat.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/updates/classification/#low
https://access.redhat.com/documentation/en-us/red_hat_satellite/5.8/html/installation_guide/upgrading_red_hat_satellite_to_a_new_version

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBW9xtBNzjgjWX9erEAQhXRxAAhBel5/t+3M1v1GXYS+OlUusu1hzXShk8
9rNPLRCbag2/UUuomGEK1AO+m8x/0j7vC9XU3aUbG2iBiaons0oMGoVzMbFPyGjV
Oilv2GwhyBNSyeeGERK7J4u47UXhwU1KrIixBw6QVyN6wBeuSJAWSO0dHzsLPPeF
QaWTKab81E93ulHk2lJPnpEJDrzJfSAf4LIpzYgIDDBTt2K1I4Ydyg0xIlGzP6Qc
4T0MReg6gAZQETX97MDWKyeqNwJu9dhpM6U7zqzh9+dTB8LNIPjGhG1ph3PvE0z7
96xmRzM+nXsfN/AvlO6uSj8rSgbFrxCeQ77f+j0aEWBLBNRSW3h20Flct7+281Pu
WLLkuWG/JZ+21Hbhl5N1TDosTHMGN1OimnaxsUffFfVmOpfGVW3pIviA35ZKBq2D
fRZpJIA3tfysl5jn6IQF10Lu9rD5qPrc1KlgZ2b6E7Ms+ROhgm+LAuEAnBEVqAk6
q/Pj21VJ25uCTOrRgwTLzoDgwKXhYDRdRebkLqoo2wxQbeL6+SPXR/+kf2Q8oVov
4uba2p0+KfQ1toUgWVjW9tE4rKSNJm0BXPePHWfYnndnRE1+9TsK8Zgz09fH2Xj3
X+F1ij4C8nRLtKXJ1veqJSq4p1ww50XcXdXSLud76nodQfOXQbIIzbr3vgWGywsM
/TxuWUnLnr8=
=ASqZ
- -----END PGP SIGNATURE-----

- --
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW9+PSWaOgq3Tt24GAQjOQw//ZqzWN49MNa4iPjYNJJqb6CC+WOWD8tfs
AqTCaUjowXL2SEmh5SQ3sZNpYDr6/iprkEMzwRKBTHgskj+gymzepJjqA2oknZUQ
Y1vYjNEzTJNcC4aEkbGVo93XxsJWbLe8d/Wc7VuVFLxfG8SdZ80ykLCrINuo2nCo
wi46Ltj/XXOsbXKafULk2JYGWL3mVnBGC8VmhMAtpmpWpbZsAQf8CKv066xJ8R+g
JKmC53qAK4+6ye1UPfmBf4Bt8I1YK0X9C7mOzinMj+N3fYcp7pgplc81BBsjcDxC
tXLEoxbRgoLB36zMHYpBmmzbneyQ6GXx0zkMjVENKoEKVtIWGeqEO6z0wdSuBbtf
vOC5GsyxcnWVetmKiWbUKAxA1MpHX8kKxYGT6M00QT2geSd03Zkbg0ypEt4yxvJ2
Ygh0xI1DUgLQsozeo+JZ5MjtC/UF+2QPdX5k2wwr7TGY/Fd2PR1mVC/0+K5iiMSm
Scj/B8UOdBEG1MCmyv4p9Uq94bDAo3o7qpj2dGXj+D+CtE72IbHP0PHxPXrl1XoP
FEPmetmoIKQdaz3bWcRWtvMa0k3fOkZLSv6rnxhWs93O7p5iLlZQWHGGEd7b0ylr
Z6adskbExNBedJdceYXM8q4ij7usnogyamHJDHAthw+SwweWa9JtKWbGypZ+kXc6
5u9pt5k7dks=
=emHf
-----END PGP SIGNATURE-----

« Back to bulletins