ELSA-2022-10024

Опубликовано: 05 дек. 2022

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2022-10024: spacewalk-backend spacewalk-java security update (IMPORTANT)

spacewalk-backend [2.10.28-1.0.13]

Fix HTTP 500 and ORA-01830 on client scap report [Orabug: 34823889]

[2.10.28-1.0.12]

Handle remote commands that return no output. [Orabug: 32530545]

[2.10.28-1.0.11]

Make spacewalk-debug copy symlink target instead of the symlink itself. [Orabug: 32514543]

[2.10.28-1.0.9]

spacewalk-repo-sync set /modules owner to tomcat [Orabug: 32537482]
Make spacewalk-repo-sync sync modules.yaml file for ULN [Orabug: 32542907]

[2.10.28-1.0.8]

Disable mirror lists for ULN repos. [Orabug: 32165904]

[2.10.28-1.0.7]

Remove default RHN config referencing satellite.rhn.redhat.com [Orabug: 32121947]

[2.10.28-1.0.6]

Rebrand Spacewalk to Oracle Linux Manager [LINUX-9551] [LINUX-9552]

[2.10.28-1.0.5]

Fix spacewalk-repo-sync resetting /var/satellite/rhn/modules permissions to 750 [Orabug: 31973025]

[2.10.28-1.0.4]

Make reposync set rhn/modules group writable [LINUX-7708]
Make modules metadata folder group-writable on spacewalk-backend upgrade [LINUX-7708]

[2.10.28-1.0.3]

Fix erroneous failure status for successful remote command execution [Orabug: 31589572]

[2.10.28-1.0.1]

Remove upstream reference [OraBug 22475639]
Fix text references to satellite server [OraBug 20596345]

[2.10.28-1]

added treeinfo file to download list

[2.10.27-1] spacewalk-java [2.10.19-1.0.15]

Fix CVE-2022-43753 [Orabug: 34814068]

[2.10.19-1.0.14]

Add module:stream manipulation remote commands. [OLDIS-6915]

[2.10.19-1.0.13]

Fix errata scheduled job link ID number formatting. [Orabug: 32581542]

[2.10.19-1.0.12]

Fix custom errata adding unassociated packages [Orabug: 32613033]

[2.10.19-1.0.11]

Remove default RHN config referencing satellite.rhn.redhat.com [Orabug: 32121947]

[2.10.19-1.0.10]

Handle modules.yaml file in spacewalk-manage-channel-lifecycle [LINUX-9346]
Rebrand Spacewalk to Oracle Linux Manager [LINUX-9551] [LINUX-9552]

[2.10.19-1.0.9]

Update modules.yaml when adding modular packages to channel [LINUX-8154] [Orabug: 31960970]

[2.10.19-1.0.8]

Copy modules.yaml metadata file when cloning channels. [LINUX-7708]

[2.10.19-1.0.7]

Fix Internal Server Error when scheduling package snapshot rollback [Orabug: 31658857]

[2.10.19-1.0.6]

Remove upstream warning message on package upgrade page [LINUX-7465] [LINUX-7593] [Orabug: 31639744]

[2.10.19-1.0.5]

Allow spacecmd and XMLRPC API to apply modular errata [Orabug: 31665403] [Jira: LINUX-7026]

[2.10.19-1.0.4]

Fix wrong kickstart generated for the OL8 [Orabug: 31564892]

[2.10.19-1.0.3]

Update footer Copyright and links to Oracle's. [Orabug: 31444703]
Replace bugfix bug22652131.patch with oracle-footer.jsp.patch.

[2.10.19-1.0.2]

Update taskomatic to use instant client to 18.5 [Orabug: 31413086]

[2.10.19-1.0.1]

fix login UI footer string [orabug 22652131]
fix max length of channel label [bug 22509037]
remove packages that rely on geronimo-specs-poms and jakarta-commons-beanutils (livy.ge@orale.com)
remove sw2.6 jpp packages during upgrade [bug 27792543]

[2.10.19-1]

1791111 - improved performance of cleanup-data-bunch

[2.10.18-1]

fixed checkstyle header

[2.10.17-1]

updated API version for the new release

[2.10.16-1]

Обновленные пакеты

Oracle Linux 7

Oracle Linux x86_64

spacewalk-backend

2.10.28-1.0.13.el7

spacewalk-backend-app

2.10.28-1.0.13.el7

spacewalk-backend-applet

2.10.28-1.0.13.el7

spacewalk-backend-cdn

2.10.28-1.0.13.el7

spacewalk-backend-config-files

2.10.28-1.0.13.el7

spacewalk-backend-config-files-common

2.10.28-1.0.13.el7

spacewalk-backend-config-files-tool

2.10.28-1.0.13.el7

spacewalk-backend-iss

2.10.28-1.0.13.el7

spacewalk-backend-iss-export

2.10.28-1.0.13.el7

spacewalk-backend-libs

2.10.28-1.0.13.el7

spacewalk-backend-package-push-server

2.10.28-1.0.13.el7

spacewalk-backend-server

2.10.28-1.0.13.el7

spacewalk-backend-sql

2.10.28-1.0.13.el7

spacewalk-backend-sql-oracle

2.10.28-1.0.13.el7

spacewalk-backend-sql-postgresql

2.10.28-1.0.13.el7

spacewalk-backend-tools

2.10.28-1.0.13.el7

spacewalk-backend-xml-export-libs

2.10.28-1.0.13.el7

spacewalk-backend-xmlrpc

2.10.28-1.0.13.el7

spacewalk-java

2.10.19-1.0.15.el7

spacewalk-java-config

2.10.19-1.0.15.el7

spacewalk-java-lib

2.10.19-1.0.15.el7

spacewalk-java-oracle

2.10.19-1.0.15.el7

spacewalk-java-postgresql

2.10.19-1.0.15.el7

spacewalk-java-tests

2.10.19-1.0.15.el7

spacewalk-taskomatic

2.10.19-1.0.15.el7

Связанные CVE

CVE-2022-43753

Ссылки на источники

Связанные уязвимости

CVE-2022-43753

CVSS3: 4.3

nvd

около 3 лет назад

A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files available to the user running the process, typically tomcat. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-1503

GHSA-c2p9-h64p-qvv4

CVSS3: 4.3

github

около 3 лет назад