Bug 1469267 - need updated rubygem-rake
need updated rubygem-rake
Status: ASSIGNED
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Packaging (Show other bugs)
6.2.10
All Linux
medium Severity medium (vote)
: Unspecified
: --
Assigned To: Adam Price
Katello QA List
: PrioBumpField, PrioBumpGSS, Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-10 15:00 EDT by Nithin Thomas
Modified: 2018-06-15 18:37 EDT (History)
12 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
hotfix RPM for RHEL 7 (91.16 KB, application/x-rpm)
2018-01-31 12:47 EST, Mike McCune
no flags Details

  None (edit)
Description Nithin Thomas 2017-07-10 15:00:56 EDT
package installed from rhel-7-server-satellite-capsule-6.2-rpms:

   rubygem-rake.noarch-0.9.2.2-41.el7sat 

But the following errata are available from rhel-7-server-optional-rpms:

# yum list-sec --enablerepo=rhel-7-server-optional-rpms | grep rubygem-rake

RHSA-2014:1912 Moderate/Sec.  rubygem-rake-0.9.6-22.el7_0.noarch
RHBA-2015:0594 bugfix         rubygem-rake-0.9.6-24.el7.noarch
RHBA-2015:1158 bugfix         rubygem-rake-0.9.6-25.el7_1.noarch
RHEA-2016:2422 enhancement    rubygem-rake-0.9.6-29.el7.noarch

we are currently shipping rubygem-rake-0.9.2.2-41.el7sat which is outdated and vulnerable to the above CVE.

We need to get an updated version of this rubygem into Satellite 6.2
Comment 12 Mike McCune 2018-01-31 12:46:40 EST
*** HOTFIX PACKAGE AVAILABLE ***

For users who need to update rubygem-rake to remove warnings around RHSA-2014:1912 you can utilize the attached hotfix package in this bug.

Instructions:

1) download rubygem-rake-0.9.6-30.el7.noarch.rpm from this bug and copy to Satellite server

2) yum upgrade ./rubygem-rake-0.9.6-30.el7.noarch.rpm

3) katello-service restart
Comment 13 Mike McCune 2018-01-31 12:47 EST
Created attachment 1389116 [details]
hotfix RPM for RHEL 7
Comment 16 Mike McCune 2018-03-08 10:05:09 EST
The above hotfix in comment #12 can be applied to Satellite 6.3+ as well.
Comment 18 Mike McCune 2018-04-27 13:48:54 EDT
yes, feel free to get the updated rubygem-rake-0.9.6-33 from 

https://access.redhat.com/errata/RHSA-2018:0378

Note You need to log in before you can comment on or make changes to this bug.