Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 907631 - Invalid XML if an errata spans more than 1 collection [satellite-6]
Summary: Invalid XML if an errata spans more than 1 collection [satellite-6]
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Errata Management
Version: 6.0.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: Unspecified
Assignee: Katello Bug Bin
QA Contact: Katello QA List
URL:
Whiteboard:
Depends On: 887407
Blocks: 869077 1130651
TreeView+ depends on / blocked
 
Reported: 2013-02-04 21:35 UTC by Aaron Weitekamp
Modified: 2016-02-15 20:27 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of: 887407
Environment:
Last Closed: 2016-02-15 20:27:44 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Comment 1 Aaron Weitekamp 2013-02-04 21:41:29 UTC 
I'm seeing this in SystemEngine 1.1.2 puddle 2013-01-31.1

Example URL: http://qeblade40.rhq.lab.eng.bos.redhat.com/pulp/ks/redhat/Dev/content/dist/rhel/server/6/6Server/x86_64/os/updateinfo.xml

IRC snippet:
<jmatthews> aweiteka, the updateinfo.xml file is likely to be corrupted for clients who look at it
<jmatthews> it could break some yum plugins looking at security updates, bugfixes, etc


Might this be why Available Errata never displays?

Fixed upstream: http://yum.baseurl.org/gitweb?p=yum.git;a=commit;h=6e56ea6a6236dde080d60f091a7854d204825bd4
Comment 3 Aaron Weitekamp 2013-02-04 22:12:50 UTC 
Confirmed CDN repo[1] is valid XML. The issue appears to be introduced in katello.

<jmatthews> aweiteka, I think the issue comes down to does systemEngine determine errata by looking at updateinfo.xml or by querying Pulp through API

The other impact would be to yum plugins such as yum-plugin-security

[1] http://download.lab.bos.redhat.com/devel/jgregusk/share/d267c7a02d6beac9559ee2d17570371346f9c2c4acae57ab4438f4bddd60cfcc-updateinfo.xml
Comment 4 Aaron Weitekamp 2013-02-05 20:41:53 UTC 
Katello gets errata updates from a pulp api query. I used pulp-admin to confirm pulp is returning errata.

Reducing severity to medium. If admins use yum plugins to query katello updates would not be returned properly.
Comment 5 Kurt Seifried 2013-02-06 07:07:11 UTC 
SRT is classifying this as security hardening and not a security flaw since there is no explicit way for an attacker to trigger this.
Comment 8 Michael Hrivnak 2016-02-15 20:20:49 UTC 
Pulp hasn't used yum to parse or render errata in a long time, so this was likely fixed long ago.
Comment 9 Bryan Kearney 2016-02-15 20:27:44 UTC 
This should no longer be an issue, closing it as UPSTREAM. If you are still seeing this issue, please feel free to re-open.
Note You need to log in before you can comment on or make changes to this bug.