Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 907631

Summary: Invalid XML if an errata spans more than 1 collection [satellite-6]
Product: Red Hat Satellite Reporter: Aaron Weitekamp <aweiteka>
Component: Errata ManagementAssignee: Katello Bug Bin <katello-bugs>
Status: CLOSED UPSTREAM QA Contact: Katello QA List <katello-qa-list>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.0.0CC: bkearney, james.antill, jmatthew, kseifried, mhrivnak, mmccune, strobert, tcallawa
Target Milestone: UnspecifiedKeywords: Security, Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 887407 Environment:
Last Closed: 2016-02-15 20:27:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 887407    
Bug Blocks: 869077, 1130651    

Comment 1 Aaron Weitekamp 2013-02-04 21:41:29 UTC 
I'm seeing this in SystemEngine 1.1.2 puddle 2013-01-31.1

Example URL: http://qeblade40.rhq.lab.eng.bos.redhat.com/pulp/ks/redhat/Dev/content/dist/rhel/server/6/6Server/x86_64/os/updateinfo.xml

IRC snippet:
<jmatthews> aweiteka, the updateinfo.xml file is likely to be corrupted for clients who look at it
<jmatthews> it could break some yum plugins looking at security updates, bugfixes, etc


Might this be why Available Errata never displays?

Fixed upstream: http://yum.baseurl.org/gitweb?p=yum.git;a=commit;h=6e56ea6a6236dde080d60f091a7854d204825bd4
Comment 3 Aaron Weitekamp 2013-02-04 22:12:50 UTC 
Confirmed CDN repo[1] is valid XML. The issue appears to be introduced in katello.

<jmatthews> aweiteka, I think the issue comes down to does systemEngine determine errata by looking at updateinfo.xml or by querying Pulp through API

The other impact would be to yum plugins such as yum-plugin-security

[1] http://download.lab.bos.redhat.com/devel/jgregusk/share/d267c7a02d6beac9559ee2d17570371346f9c2c4acae57ab4438f4bddd60cfcc-updateinfo.xml
Comment 4 Aaron Weitekamp 2013-02-05 20:41:53 UTC 
Katello gets errata updates from a pulp api query. I used pulp-admin to confirm pulp is returning errata.

Reducing severity to medium. If admins use yum plugins to query katello updates would not be returned properly.
Comment 5 Kurt Seifried 2013-02-06 07:07:11 UTC 
SRT is classifying this as security hardening and not a security flaw since there is no explicit way for an attacker to trigger this.
Comment 8 Michael Hrivnak 2016-02-15 20:20:49 UTC 
Pulp hasn't used yum to parse or render errata in a long time, so this was likely fixed long ago.
Comment 9 Bryan Kearney 2016-02-15 20:27:44 UTC 
This should no longer be an issue, closing it as UPSTREAM. If you are still seeing this issue, please feel free to re-open.