Red Hat Bugzilla – Bug 584118
CVE-2010-1171 rhn_satellite: Improper channel comps information management
Last modified: 2013-08-02 12:29:52 EDT
RHN Satellite incorrectly exposed an obsolete XML-RPC API for
configuring package group (comps.xml) files for channels. An
authenticated user could use this flaw to gain access to
arbitrary files accessible to the RHN Satellite server process,
and prevent clients from performing certain yum operations.
This issue affects all Satellite 5.x releases (5.0, 5.1, 5.2, and 5.3).
The preliminary embargo date for this issue has been set up to
Monday, 9-th of May, 2011.
(In reply to comment #37)
The preliminary embargo date for this issue has been moved to
earlier date, Monday, 11-th of April, 2011.
This issue has been addressed in following products:
Red Hat Network Satellite Server v 5.3
Red Hat Network Satellite Server v 5.4
Via RHSA-2011:0434 https://rhn.redhat.com/errata/RHSA-2011-0434.html
Created spacewalk-backend tracking bugs for this issue
Affects: fedora-all [bug 695494]