-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2015.3140
                 Moderate: Satellite 6.1.5 bug fix update
                             16 December 2015

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Satellite 6.1.5
Publisher:         Red Hat
Operating System:  Red Hat
Impact/Access:     Delete Arbitrary Files   -- Existing Account
                   Access Confidential Data -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2015-5233  

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2015:2622

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: Satellite 6.1.5 bug fix update
Advisory ID:       RHSA-2015:2622-01
Product:           Red Hat Satellite 6
Advisory URL:      https://access.redhat.com/errata/RHSA-2015:2622
Issue date:        2015-12-15
CVE Names:         CVE-2015-5233 
=====================================================================

1. Summary:

Updated Satellite 6.1 packages that fix one security issue, add one
enhancement, and fix several bugs are available for Satellite 6.1.5.

Red Hat Product Security has rated this update as having Moderate
Security impact. Common Vulnerability Scoring System (CVSS) base 
scores, which give detailed severity ratings, are available for each 
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Satellite 6.1 - noarch, x86_64
Red Hat Satellite Capsule 6.1 - noarch, x86_64

3. Description:

Red Hat Satellite is a system management solution that allows
organizations to configure and maintain their systems without the
necessity to provide public Internet access to their servers or other
client systems. It performs provisioning and configuration management
of predefined standard operating environments.

The following security issue is addressed with this release:

Satellite failed to properly enforce permissions on the show and destroy
actions for reports. This could lead to an authenticated user with show
and/or destroy report permissions being able to view and/or delete any
reports held in Foreman. (CVE-2015-5233)

In addition, this update adds the following enhancement:

* Satellite 6 has been enhanced with the PXE-Less Discovery feature.
This feature supports the use of a single ISO to provision machines
against specific host groups. The users can provide the network
information so that the host does not need to be created on Satellite
in advance and DHCP does not need to be used. (BZ#1258061)

This update also fixes the following bugs:

* The installer was not processing the '\' character correctly, leading
to failed installations using proxies. This character is now handled
correctly, improving the installation experience. (BZ#1180637) 

* Help text provided by the installer had a typo which has now been
fixed. (BZ#1209139)

* The hammer container list command did not provide the container ID. 
This data is now provided. (BZ#1230915)

* Repository Sync Tasks in the UI were reported as successful if there
was an unhandled exception in the code. These exceptions are now
handled correctly, and the correct status is reported. (BZ#1246054)

* The installer would remove the dhcpd.conf even if the installer was
told not to. This would remove users' configurations. The installer
has been updated to not manage this file unless requested.
(BZ#1247397)

* The history diff page for templates was opening two pages when only
one was required. The duplicate page is no longer opened. (BZ#1254909)

* During provisioning, the default root password was not used when a
hostgroup had a blank string for the root password. Since the UI can
not set an empty value, the code was updated to cause either no or an
empty root password to use the default. (BZ#1255021)

* Multi selection was not working for discovered hosts. This feature
is now working. (BZ#1258521)

* When there is a mac address conflict, discovered hosts to not change
their state to "Built." The code has been updated to handle this case.
(BZ#1258578)

* Deleting a lifecycle environment would fail with a "dependent hosts"
error. This was due to an incorrect mapping between environments and
hosts. This mapping has been fixed, and the environments can be
deleted. (BZ#1269441)

* There were performance issues in package installations. The speed of
this action has been improved (BZ#1276443, BZ#1269509, BZ#1277269)

* Synchronization tasks seemed to be randomly stuck to do timeouts.
The locking in the qpid code has been improved to keep these tasks
from getting stuck (BZ#1279502)

* This change enables users of CloudForms 4.0 to proxy Red Hat
Insights requests through Satellite.  The Satellite can now act as a
proxy for both CloudForms 4.0 and Satellite-only use cases.
(BZ#1276676)

Users of Red Hat Satellite are advised to upgrade to these updated
packages, which contain backported patches to correct these issues
and add this enhancement.

4. Solution:

Before applying this update, make sure all previously released
errata relevant to your system have been applied.

To update this system to include these fixes ensure your system has 
access to the latest Red Hat packages.  For instructions how to apply this
update, refer to:

https://access.redhat.com/articles/11258

Then re-run the installer to complete the upgrade:

# katello-installer --upgrade

or

# capsule-installer --upgrade

5. Bugs fixed (https://bugzilla.redhat.com/):

1180637 - katello-installer use character "\" in proxy-username option
1209139 - trailing double quote character when installer prints how to continue with capsule installer
1209929 - Task details popup window is automatically closed on task refresh
1230915 - hammer container list does not show the id
1246054 - Actions::Katello::Repository::Sync reports success regardless errors
1254909 - show diff on history tab opens two browser tabs with diff page
1255021 - default root_pass not used if password field is an empty string
1258061 - [RFE] PXELess Discovery
1258521 - Multiple selection does not work for Discovery
1258578 - Discovered hosts fail to move to 'built' due to DHCP conflict
1262443 - CVE-2015-5233 foreman: reports show/destroy not restricted by host authorization
1263741 - CVE-2015-5233 - reports show/destroy not restricted by host authorization
1269509 - Package installation via Satellite 6.1 is much slower than yum
1276443 - Package installation via the host errata page times out after ~120 seconds
1276676 - Red Hat Insights Proxy for CFME throws exception when creating report subsets
1277269 - Installing large number of errata updates causes rpmdb failures
1279502 - Pulp tasks randomly stuck at waiting or running

6. Package List:

Red Hat Satellite Capsule 6.1:

Source:
foreman-1.7.2.49-1.el6_6sat.src.rpm
foreman-discovery-image-3.0.5-3.el7sat.src.rpm
foreman-discovery-image-3.0.5-3.el7sat.src.rpm
foreman-proxy-1.7.2.7-1.el6.src.rpm
gofer-2.6.8-1.el6.src.rpm
katello-agent-2.2.6-1.el6.src.rpm
katello-installer-base-2.3.22-1.el6.src.rpm
python-nectar-1.3.4-1.el6.src.rpm
python-qpid-0.30-7.el6.src.rpm
qpid-dispatch-0.4-11.el6.src.rpm
qpid-proton-0.9-11.el6.src.rpm
rubygem-smart_proxy_discovery-1.0.3-2.el6.src.rpm
rubygem-smart_proxy_discovery_image-1.0.5-3.el6.src.rpm

noarch:
capsule-installer-2.3.22-1.el6.noarch.rpm
foreman-debug-1.7.2.49-1.el6_6sat.noarch.rpm
foreman-discovery-image-3.0.5-3.el7sat.noarch.rpm
foreman-discovery-image-3.0.5-3.el7sat.noarch.rpm
foreman-proxy-1.7.2.7-1.el6.noarch.rpm
gofer-2.6.8-1.el6.noarch.rpm
katello-agent-2.2.6-1.el6.noarch.rpm
katello-installer-base-2.3.22-1.el6.noarch.rpm
python-gofer-2.6.8-1.el6.noarch.rpm
python-gofer-proton-2.6.8-1.el6.noarch.rpm
python-gofer-qpid-2.6.8-1.el6.noarch.rpm
python-nectar-1.3.4-1.el6.noarch.rpm
python-qpid-0.30-7.el6.noarch.rpm
rubygem-smart_proxy_discovery-1.0.3-2.el6.noarch.rpm
rubygem-smart_proxy_discovery_image-1.0.5-3.el6.noarch.rpm

x86_64:
libqpid-dispatch-0.4-11.el6.x86_64.rpm
python-qpid-proton-0.9-11.el6.x86_64.rpm
qpid-dispatch-debuginfo-0.4-11.el6.x86_64.rpm
qpid-dispatch-router-0.4-11.el6.x86_64.rpm
qpid-proton-c-0.9-11.el6.x86_64.rpm
qpid-proton-debuginfo-0.9-11.el6.x86_64.rpm

Red Hat Satellite 6.1:

Source:
foreman-1.7.2.49-1.el6_6sat.src.rpm
foreman-discovery-image-3.0.5-3.el7sat.src.rpm
foreman-discovery-image-3.0.5-3.el7sat.src.rpm
foreman-proxy-1.7.2.7-1.el6.src.rpm
gofer-2.6.8-1.el6.src.rpm
katello-agent-2.2.6-1.el6.src.rpm
katello-installer-base-2.3.22-1.el6.src.rpm
python-nectar-1.3.4-1.el6.src.rpm
python-qpid-0.30-7.el6.src.rpm
qpid-dispatch-0.4-11.el6.src.rpm
qpid-proton-0.9-11.el6.src.rpm
ruby193-rubygem-foreman-redhat_access-0.2.4-1.el6_6sat.src.rpm
ruby193-rubygem-foreman_bootdisk-4.0.2.14-1.el6_6sat.src.rpm
ruby193-rubygem-foreman_discovery-2.0.0.23-1.el6_6sat.src.rpm
ruby193-rubygem-katello-2.2.0.77-1.el6_6sat.src.rpm
ruby193-rubygem-redhat_access_lib-0.0.6-1.el6_6sat.src.rpm
rubygem-hammer_cli_foreman_docker-0.0.3.10-1.el6.src.rpm
rubygem-newt-0.9.6-1.el6.src.rpm
rubygem-smart_proxy_discovery-1.0.3-2.el6.src.rpm
rubygem-smart_proxy_discovery_image-1.0.5-3.el6.src.rpm

noarch:
foreman-1.7.2.49-1.el6_6sat.noarch.rpm
foreman-compute-1.7.2.49-1.el6_6sat.noarch.rpm
foreman-debug-1.7.2.49-1.el6_6sat.noarch.rpm
foreman-discovery-image-3.0.5-3.el7sat.noarch.rpm
foreman-discovery-image-3.0.5-3.el7sat.noarch.rpm
foreman-gce-1.7.2.49-1.el6_6sat.noarch.rpm
foreman-libvirt-1.7.2.49-1.el6_6sat.noarch.rpm
foreman-ovirt-1.7.2.49-1.el6_6sat.noarch.rpm
foreman-postgresql-1.7.2.49-1.el6_6sat.noarch.rpm
foreman-proxy-1.7.2.7-1.el6.noarch.rpm
foreman-vmware-1.7.2.49-1.el6_6sat.noarch.rpm
gofer-2.6.8-1.el6.noarch.rpm
katello-agent-2.2.6-1.el6.noarch.rpm
katello-installer-2.3.22-1.el6.noarch.rpm
katello-installer-base-2.3.22-1.el6.noarch.rpm
python-gofer-2.6.8-1.el6.noarch.rpm
python-gofer-proton-2.6.8-1.el6.noarch.rpm
python-gofer-qpid-2.6.8-1.el6.noarch.rpm
python-nectar-1.3.4-1.el6.noarch.rpm
python-qpid-0.30-7.el6.noarch.rpm
ruby193-rubygem-foreman-redhat_access-0.2.4-1.el6_6sat.noarch.rpm
ruby193-rubygem-foreman_bootdisk-4.0.2.14-1.el6_6sat.noarch.rpm
ruby193-rubygem-foreman_discovery-2.0.0.23-1.el6_6sat.noarch.rpm
ruby193-rubygem-katello-2.2.0.77-1.el6_6sat.noarch.rpm
ruby193-rubygem-redhat_access_lib-0.0.6-1.el6_6sat.noarch.rpm
rubygem-hammer_cli_foreman_docker-0.0.3.10-1.el6.noarch.rpm
rubygem-hammer_cli_foreman_docker-doc-0.0.3.10-1.el6.noarch.rpm
rubygem-smart_proxy_discovery-1.0.3-2.el6.noarch.rpm
rubygem-smart_proxy_discovery_image-1.0.5-3.el6.noarch.rpm

x86_64:
libqpid-dispatch-0.4-11.el6.x86_64.rpm
python-qpid-proton-0.9-11.el6.x86_64.rpm
qpid-dispatch-debuginfo-0.4-11.el6.x86_64.rpm
qpid-dispatch-router-0.4-11.el6.x86_64.rpm
qpid-dispatch-tools-0.4-11.el6.x86_64.rpm
qpid-proton-c-0.9-11.el6.x86_64.rpm
qpid-proton-debuginfo-0.9-11.el6.x86_64.rpm
rubygem-newt-0.9.6-1.el6.x86_64.rpm
rubygem-newt-debuginfo-0.9.6-1.el6.x86_64.rpm

Red Hat Satellite Capsule 6.1:

Source:
foreman-1.7.2.49-1.el7sat.src.rpm
foreman-discovery-image-3.0.5-3.el7sat.src.rpm
foreman-discovery-image-3.0.5-3.el7sat.src.rpm
foreman-proxy-1.7.2.7-1.el7sat.src.rpm
gofer-2.6.8-1.el7sat.src.rpm
katello-agent-2.2.6-1.el7sat.src.rpm
katello-installer-base-2.3.22-1.el7sat.src.rpm
python-nectar-1.3.4-1.el7sat.src.rpm
python-qpid-0.30-7.el7.src.rpm
qpid-dispatch-0.4-11.el7.src.rpm
qpid-proton-0.9-11.el7.src.rpm
rubygem-hammer_cli_foreman_docker-0.0.3.10-1.el7sat.src.rpm
rubygem-smart_proxy_discovery-1.0.3-2.el7sat.src.rpm
rubygem-smart_proxy_discovery_image-1.0.5-3.el7sat.src.rpm

noarch:
capsule-installer-2.3.22-1.el7sat.noarch.rpm
foreman-debug-1.7.2.49-1.el7sat.noarch.rpm
foreman-discovery-image-3.0.5-3.el7sat.noarch.rpm
foreman-discovery-image-3.0.5-3.el7sat.noarch.rpm
foreman-proxy-1.7.2.7-1.el7sat.noarch.rpm
gofer-2.6.8-1.el7sat.noarch.rpm
katello-agent-2.2.6-1.el7sat.noarch.rpm
katello-installer-base-2.3.22-1.el7sat.noarch.rpm
python-gofer-2.6.8-1.el7sat.noarch.rpm
python-gofer-proton-2.6.8-1.el7sat.noarch.rpm
python-gofer-qpid-2.6.8-1.el7sat.noarch.rpm
python-nectar-1.3.4-1.el7sat.noarch.rpm
python-qpid-0.30-7.el7.noarch.rpm
rubygem-hammer_cli_foreman_docker-0.0.3.10-1.el7sat.noarch.rpm
rubygem-hammer_cli_foreman_docker-doc-0.0.3.10-1.el7sat.noarch.rpm
rubygem-smart_proxy_discovery-1.0.3-2.el7sat.noarch.rpm
rubygem-smart_proxy_discovery_image-1.0.5-3.el7sat.noarch.rpm

x86_64:
libqpid-dispatch-0.4-11.el7.x86_64.rpm
python-qpid-proton-0.9-11.el7.x86_64.rpm
qpid-dispatch-debuginfo-0.4-11.el7.x86_64.rpm
qpid-dispatch-router-0.4-11.el7.x86_64.rpm
qpid-proton-c-0.9-11.el7.x86_64.rpm
qpid-proton-debuginfo-0.9-11.el7.x86_64.rpm

Red Hat Satellite 6.1:

Source:
foreman-1.7.2.49-1.el7sat.src.rpm
foreman-discovery-image-3.0.5-3.el7sat.src.rpm
foreman-discovery-image-3.0.5-3.el7sat.src.rpm
foreman-proxy-1.7.2.7-1.el7sat.src.rpm
gofer-2.6.8-1.el7sat.src.rpm
katello-agent-2.2.6-1.el7sat.src.rpm
katello-installer-base-2.3.22-1.el7sat.src.rpm
python-nectar-1.3.4-1.el7sat.src.rpm
python-qpid-0.30-7.el7.src.rpm
qpid-dispatch-0.4-11.el7.src.rpm
qpid-proton-0.9-11.el7.src.rpm
ruby193-rubygem-foreman-redhat_access-0.2.4-1.el7sat.src.rpm
ruby193-rubygem-foreman_bootdisk-4.0.2.14-1.el7sat.src.rpm
ruby193-rubygem-foreman_discovery-2.0.0.23-1.el7sat.src.rpm
ruby193-rubygem-katello-2.2.0.77-1.el7sat.src.rpm
ruby193-rubygem-redhat_access_lib-0.0.6-1.el7sat.src.rpm
rubygem-hammer_cli_foreman_docker-0.0.3.10-1.el7sat.src.rpm
rubygem-smart_proxy_discovery-1.0.3-2.el7sat.src.rpm
rubygem-smart_proxy_discovery_image-1.0.5-3.el7sat.src.rpm

noarch:
foreman-1.7.2.49-1.el7sat.noarch.rpm
foreman-compute-1.7.2.49-1.el7sat.noarch.rpm
foreman-debug-1.7.2.49-1.el7sat.noarch.rpm
foreman-discovery-image-3.0.5-3.el7sat.noarch.rpm
foreman-discovery-image-3.0.5-3.el7sat.noarch.rpm
foreman-gce-1.7.2.49-1.el7sat.noarch.rpm
foreman-libvirt-1.7.2.49-1.el7sat.noarch.rpm
foreman-ovirt-1.7.2.49-1.el7sat.noarch.rpm
foreman-postgresql-1.7.2.49-1.el7sat.noarch.rpm
foreman-proxy-1.7.2.7-1.el7sat.noarch.rpm
foreman-vmware-1.7.2.49-1.el7sat.noarch.rpm
gofer-2.6.8-1.el7sat.noarch.rpm
katello-agent-2.2.6-1.el7sat.noarch.rpm
katello-installer-2.3.22-1.el7sat.noarch.rpm
katello-installer-base-2.3.22-1.el7sat.noarch.rpm
python-gofer-2.6.8-1.el7sat.noarch.rpm
python-gofer-proton-2.6.8-1.el7sat.noarch.rpm
python-gofer-qpid-2.6.8-1.el7sat.noarch.rpm
python-nectar-1.3.4-1.el7sat.noarch.rpm
python-qpid-0.30-7.el7.noarch.rpm
ruby193-rubygem-foreman-redhat_access-0.2.4-1.el7sat.noarch.rpm
ruby193-rubygem-foreman_bootdisk-4.0.2.14-1.el7sat.noarch.rpm
ruby193-rubygem-foreman_discovery-2.0.0.23-1.el7sat.noarch.rpm
ruby193-rubygem-katello-2.2.0.77-1.el7sat.noarch.rpm
ruby193-rubygem-redhat_access_lib-0.0.6-1.el7sat.noarch.rpm
rubygem-hammer_cli_foreman_docker-0.0.3.10-1.el7sat.noarch.rpm
rubygem-hammer_cli_foreman_docker-doc-0.0.3.10-1.el7sat.noarch.rpm
rubygem-smart_proxy_discovery-1.0.3-2.el7sat.noarch.rpm
rubygem-smart_proxy_discovery_image-1.0.5-3.el7sat.noarch.rpm

x86_64:
libqpid-dispatch-0.4-11.el7.x86_64.rpm
python-qpid-proton-0.9-11.el7.x86_64.rpm
qpid-dispatch-debuginfo-0.4-11.el7.x86_64.rpm
qpid-dispatch-router-0.4-11.el7.x86_64.rpm
qpid-dispatch-tools-0.4-11.el7.x86_64.rpm
qpid-proton-c-0.9-11.el7.x86_64.rpm
qpid-proton-debuginfo-0.9-11.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-5233
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFWb+HxXlSAg2UNWIIRAqUdAJ9iQ3O46Vs6ASoliRETDmMop3jqQwCfdoIK
KKbqCEzjNu3NZGH2Y40KVb4=
=Q9xJ
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVnC01n6ZAP0PgtI9AQLppw//XDey+F6MeyilpBF43PxbtmZPQDpIAsyM
b1QsUw/tD7/9tcTpOelZ09xsB+l0ri/oGjoYAty09XOyR+ClTTwpXDoB3brfwajV
sldia91Amwt+PNzeyl0bEK7COCQz6Ac0eAJkHBcOvWNS2M02JcrkB3QdVqNP5eIJ
MmVcWoBhlzlfXazyPaWNxJOENfJZKCtNlxiqEuHesuU/jDpUjko7ChgYcP3YVNe5
7xwyiUTI6Svyn6+iXTq0lmJxZ4LvTfkhSw5r52pzHMXY5qQ0rupDqbfV1A6pA+8k
/MFm8MYuX0OZsYr+5yeUqnNnmhiQ36uIL7hD+gZoLZbSBCLXnSxuDRYyvN1IHwY8
coL4ulGZuK+TWskuOnKgc7ImNUxXXuc7resd2RhVtT/l9tv3AXEdTxOtxtl6KeFh
0ZjHuobAlZgaEURrAZQtHjE4S8AAFfcisGPJRG45TdIst8ToEKWGbyQtOMQ/nhaH
jWzgA2BpyR6M/EEi5FaKI2B61EwcZRXY4LuiXBQ/2dr48blaViHyFmkwkhm+tfH6
JmR7IVCx/Rmhp9b8ma47RL9jJKwCs4ZHFDgm544twhciov7kwpzuttmlmXY7OWx7
Hz38rnRz0RAGunoEYKcC7+YgIjsgd0XBo9V0VS8ujMupX+q8ahAL3Cl3fBpceCkA
E9bjizUk2nM=
=oMGv
-----END PGP SIGNATURE-----