Bug 959524 (CVE-2013-2056)
| Summary: | CVE-2013-2056 Satellite: Inter-Satellite Sync (ISS) does not require authentication/authorization | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> | ||||
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
| Status: | CLOSED ERRATA | QA Contact: | |||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | unspecified | CC: | cperry, jpazdziora, jrusnack, meissner, sclewis, security-response-team | ||||
| Target Milestone: | --- | Keywords: | Security | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2013-06-04 19:56:47 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 959457, 960651, 960652, 960653, 965809 | ||||||
| Bug Blocks: | 959526 | ||||||
| Attachments: |
|
||||||
|
Description
Vincent Danen
2013-05-03 16:58:48 UTC
Created attachment 745586 [details]
The patch we used to address the issue for Satellite 5.5.
The Inter-Satellite Sync (ISS) feature was introduced in Satellite 5.3, so this issue does not affect Satellite 5.2. Acknowledgements: This issue was discovered by Jan Pazdziora of the Red Hat Satellite Engineering team. This issue has been addressed in following products: Red Hat Network Satellite Server v 5.4 Red Hat Network Satellite Server v 5.5 Red Hat Network Satellite Server v 5.3 Via RHSA-2013:0848 https://rhn.redhat.com/errata/RHSA-2013-0848.html |