Open redirect vulnerability in Red Hat Network Satellite and Spacewalk software content management services allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url_bounce parameter. Acknowledgements: Red Hat would like to thank Thomas Biege of the SuSE Security Team for reporting this issue.
The CVE identifier of CVE-2011-1594 has been assigned to this issue.
This is already public via SUSE advisory: http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00007.html http://support.novell.com/security/cve/CVE-2011-1594.html
This issue has been addressed in following products: Red Hat Network Satellite Server v 5.4 Via RHSA-2011:1299 https://rhn.redhat.com/errata/RHSA-2011-1299.html
The issue has been addressed in Spacewalk master by commit e23b716fe82672c143177275799985ce56dc468d CVE-2011-1594, 672167 - only local redirects are allowed Fixed package: spacewalk-java-1.6.46-1