Bug 428819 - unescaped '&', '<', '>' in updateinfo.xml and failing yum-security plugin
unescaped '&', '<', '>' in updateinfo.xml and failing yum-security plugin
Status: CLOSED CURRENTRELEASE
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Client (Show other bugs)
501
All Linux
low Severity medium
: ---
: ---
Assigned To: Pradeep Kilambi
John Matthews
:
Depends On:
Blocks: 456985 469732 470932 470933 471466
  Show dependency treegraph
 
Reported: 2008-01-15 08:40 EST by Jan Hutař
Modified: 2011-01-10 10:46 EST (History)
9 users (show)

See Also:
Fixed In Version: sat530
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-09-10 16:23:15 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jan Hutař 2008-01-15 08:40:43 EST
Description of problem:
While testing yum-security against Satellite 5.0.1, I was getting traceback 
attached below. I believe it is because of unescaped '&' in updateinfo.xml


Version-Release number of selected component (if applicable):
yum-3.0.1-5.el5.noarch
yum-security-1.0.4-3.el5.noarch
Satellite 5.0.1


How reproducible:
always


Steps to Reproduce:
1. yum list-security


Actual results:
# yum list-security
Loading "rhnplugin" plugin
Loading "security" plugin
Setting up repositories
rhel-i386-server-cluster- 100% |=========================| 1.4 kB    00:00     
rhel-i386-server-5        100% |=========================| 1.4 kB    00:00     
rhel-i386-server-vt-5     100% |=========================| 1.4 kB    00:00     
rhel-i386-server-cluster- 100% |=========================| 1.4 kB    00:00     
rhel-i386-server-suppleme 100% |=========================| 1.2 kB    00:00     
rhn-tools-rhel-i386-serve 100% |=========================| 1.2 kB    00:00     
Reading repository metadata in from local files
Traceback (most recent call last):
  File "/usr/bin/yum", line 29, in ?
    yummain.main(sys.argv[1:])
  File "/usr/share/yum-cli/yummain.py", line 102, in main
    result, resultmsgs = do()
  File "/usr/share/yum-cli/cli.py", line 359, in doCommands
    return self.yum_cli_commands[self.basecmd].doCommand(self, self.basecmd, 
self.extcmds)
  File "/usr/lib/yum-plugins/security.py", line 193, in doCommand
    md_info = ysp_gen_metadata(self)
  File "/usr/lib/yum-plugins/security.py", line 58, in ysp_gen_metadata
    md_info.add(repo)
  File "/usr/lib/python2.4/site-packages/yum/update_md.py", line 235, in add
    for event, elem in iterparse(infile):
  File "<string>", line 64, in __iter__
SyntaxError: not well-formed (invalid token): line 767, column 15


Expected results:
Security sensitive updates listed


Additional info:
I have checked file /var/cache/yum/rhel-i386-server-cluster-storage-5/
updateinfo.xml.gz and found out, that problem is with advisory 2007:0576:

Line 767 from satelite 5.0.1:
       <reference href="http://bugzilla.redhat.com/bugzilla/show_bug.cgi?
id=218134" id="218134" type="bugzilla">
        ['GFS & GFS2: umount while busy gives bogus error message']
      </reference>

Similar line from rhn.redhat.stage:
       <reference href="http://bugzilla.redhat.com/bugzilla/show_bug.cgi?
id=218134" id="218134" type="bugzilla">
        GFS &amp; GFS2: umount while busy gives bogus error message
      </reference>
Comment 5 Xixi 2008-11-10 17:32:12 EST
Per Prad, this fix also covers '<' and '>' -

...
 def text_filter(text):
     # do & first
     s = text.replace('&', '&amp;')
     s = s.replace('<', '&lt;')
     s = s.replace('>', '&gt;')
     return s
...
Comment 7 Jan Hutař 2008-11-11 04:11:26 EST
Hello,
please check http://wiki.python.org/moin/EscapingXml
Comment 15 Brandon Perkins 2009-09-10 16:23:15 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-1434.html
Comment 16 Will Darton 2011-01-10 10:46:00 EST
Description of Problem 
While testing yum-security plugin against Satellite 5.4, receive traceback messages.  

Versions:
yum-updatesd-0.9-2.el5
yum-3.2.22-26.el5_5.1
yum-metadata-parser-1.1.2-3.el5
yum-rhn-plugin-0.5.4-13.el5
yum-security-1.1.16-13.el5_4.1

Satellite 5.4.0

Steps to reproduce:
1.  yum list-security

Actual Results:
# yum list-security
Loaded plugins: rhnplugin, security
prod-pci-rhel-x86_64-server-5                                                                                                         | 1.3 kB     00:00     
prod-pci-rhel-x86_64-server-5/primary                                                                                                 | 3.7 MB     00:00     
prod-pci-rhel-x86_64-server-5                                                                                                                    10310/10310
prod-pci-rhn-tools-rhel-x86_64-server-5                                                                                               | 1.1 kB     00:00     
prod-pci-rhn-tools-rhel-x86_64-server-5/primary                                                                                       |  38 kB     00:00     
prod-pci-rhn-tools-rhel-x86_64-server-5                                                                                                              459/459
prod-pci-rhel-x86_64-server-5/updateinfo                                                                                              | 1.3 MB     00:00     
Traceback (most recent call last):
  File "/usr/bin/yum", line 29, in ?
    yummain.user_main(sys.argv[1:], exit_code=True)
  File "/usr/share/yum-cli/yummain.py", line 309, in user_main
    errcode = main(args)
  File "/usr/share/yum-cli/yummain.py", line 178, in main
    result, resultmsgs = base.doCommands()
  File "/usr/share/yum-cli/cli.py", line 349, in doCommands
    return self.yum_cli_commands[self.basecmd].doCommand(self, self.basecmd, self.extcmds)
  File "/usr/lib/yum-plugins/security.py", line 203, in doCommand
    md_info = ysp_gen_metadata(self.repos.listEnabled())
  File "/usr/lib/yum-plugins/security.py", line 76, in ysp_gen_metadata
    md_info.add(repo)
  File "/usr/lib/python2.4/site-packages/yum/update_md.py", line 376, in add
    for event, elem in iterparse(infile):
  File "<string>", line 64, in __iter__
SyntaxError: not well-formed (invalid token): line 820, column 52

Expected results:
Security sensitive updates listed

I have checked the file /var/cache/yum/prod-pci-rhel-x86_64-server-5/updateinfo.xml.gz

Issue appears to be similar
 * two minor fixes were performed in the php substr_compare and substr_count
    820 functions to correct integer overflows. (BZ#469807 & BZ#470971)

Note You need to log in before you can comment on or make changes to this bug.