1063915 – Apply RHSA-2014-0148 fixes to Spacewalk

Bug 1063915 - Apply RHSA-2014-0148 fixes to Spacewalk

Summary: Apply RHSA-2014-0148 fixes to Spacewalk

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Spacewalk
Classification:	Community
Component:	Server
Sub Component:
Version:	2.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Grant Gainey
QA Contact:	Red Hat Satellite QA List
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	space21
TreeView+	depends on / blocked

Reported:	2014-02-11 16:01 UTC by Grant Gainey
Modified:	2014-03-04 13:09 UTC (History)
CC List:	0 users
Fixed In Version:	spacewalk-java-2.1.148-1, spacewalk-web-2.1.55-1, spacewalk-branding-2.1.27-1
Clone Of:
Environment:
Last Closed:	2014-03-04 12:37:22 UTC
Embargoed:

Attachments	(Terms of Use)

Description Grant Gainey 2014-02-11 16:01:36 UTC

Satellite security-errata RHSA-2014-0148 was released on 10-FEB to fix the following Satellite BZs:

882000 CVE-2012-6149 Satellite, Spacewalk: XSS in system.addNote XML-RPC call due improper sanitization of note's subject and content

1022687 CVE-2012-6149 Server: Satellite, Spacewalk (spacewalk-java): XSS in system.addNote XML-RPC call due improper sanitization of note's subject and content

915467 vulnerabilities in satellite server web interface

923464 CVE-2013-1869 Satellite/Spacewalk: header injection flaw

923467 CVE-2013-1871 Satellite/Spacewalk: XSS in EditAddress page

979452 CVE-2013-4415 Red Hat Satellite, Spacewalk: PAGE_SIZE_LABEL_SELECTED cross-site scripting (XSS)

1022683 CVE-2013-4415 Server: Red Hat Satellite, Spacewalk: PAGE_SIZE_LABEL_SELECTED cross-site scripting (XSS)

This BZ tracks applying the pertinent patches to Spacewalk.

Comment 1 Grant Gainey 2014-02-11 16:57:16 UTC

Fixed by the following commits:

1d0f4b4a78ea03d9f2d05fbd52236b1f2ab68e85
041c2dd067f91f22087c9be6bb264d00c9ffdd0b
c41c87a9dc9dac771eb761dd63ada05b2f9104f9
6727a332466ef4339747b35fe5a639afefb8e584
431663ba6b2d1631afc4bca018c31f1661fe1263
cfda69feffd04cb3280ed4c87e420ef446777839
13351dd38339ae3635196894ae73c5dbb9058b99

Comment 2 Grant Gainey 2014-02-11 19:36:21 UTC

Perl-side commit: 
a1447d9a892756af6d90f9c6d7454c9630ca03d6

Comment 3 Matej Kollar 2014-03-04 13:08:40 UTC

Spacewalk 2.1 has been released.
https://fedorahosted.org/spacewalk/wiki/ReleaseNotes21

Comment 4 Matej Kollar 2014-03-04 13:09:10 UTC

Spacewalk 2.1 has been released.
https://fedorahosted.org/spacewalk/wiki/ReleaseNotes21

Note You need to log in before you can comment on or make changes to this bug.