Описание
ELSA-2023-12331: spacewalk-admin security update (IMPORTANT)
[2.10.1-1.0.1]
- Fix for CVE-2021-40348 [Orabug: 33531467]
[2.10.1-1]
- copy cert file instead of linking
[2.8.4-1]
- remove install/clean section initial cleanup
- removed Group from specfile
- removed BuildRoot from specfiles
[2.8.3-1]
- 1524221 - ship systemd target on RHEL 7 too
[2.8.2-1]
- don't use systemctl pager for output as we have '| less'
[2.8.1-1]
- purged changelog entries for Spacewalk 2.0 and older
- Bumping package versions for 2.8.
- Mon Jul 17 2017 Jan Dobes 2.7.1-1
- Updated links to github in spec files
- Migrating Fedorahosted to GitHub
- Bumping package versions for 2.7.
- Wed Oct 12 2016 Grant Gainey 2.6.1-1
- Update specfile to be consistent about referring to both SW and Satellite
- Bumping package versions for 2.6.
- Fri May 20 2016 Grant Gainey 2.5.3-1
- remove monitoring from SUSE spacewalk target
- Tue May 10 2016 Grant Gainey 2.5.2-1
- spacewalk-admin: build on openSUSE
- Tue Nov 24 2015 Jan Dobes 2.5.1-1
- spacewalk-admin.spec: incorrect cd removed
- spacewalk-admin: drop validate-sat-cert.pl
- Bumping package versions for 2.5.
- Thu Sep 24 2015 Jan Dobes 2.4.2-1
- Bumping copyright year.
- Wed Aug 05 2015 Jan Dobes 2.4.1-1
- trust spacewalk CA certificate
- Bumping package versions for 2.4.
- Thu Mar 19 2015 Grant Gainey 2.3.4-1
- drop requires for perl-URI - seems to be unused
- Updating copyright info for 2015
[2.3.3-1]
- remove Monitoring and MonitoringScout from spacewalk.target and spacewalk- service
[2.3.2-1]
- Getting rid of trailing spaces in Perl
- Getting rid of Tabs and trailing spaces in LICENSE, COPYING, and README files
- Wed Jan 07 2015 Jan Dobes 2.3.1-1
- 1179374 - do not crash if rhn.conf does not exist
- Bumping package versions for 2.3.
[2.2.7-1]
- we need to call restorecon with full path
[2.2.6-1]
- fix copyright years
[2.2.5-1]
- restorecon may have different path
[2.2.4-1]
- Set correct SELinux context on the target file
[2.2.3-1]
- Do not look at processes in containers.
[2.2.2-1]
- 1064287 - Use systemctl to get the pid since /var/run/tomcat.pid is empty.
[2.2.1-1]
- Add support to ConfigureSatelliteCommand to remove keys
[2.1.2-1]
- cleaning up old svn Ids
- Thu Aug 08 2013 Jan Dobes 2.1.1-1
- fixing decrementation
- 972626 - general waiting function
- Bumping package versions for 2.1.
Обновленные пакеты
Oracle Linux 7
Oracle Linux x86_64
spacewalk-admin
2.10.1-1.0.1.el7
Связанные CVE
Связанные уязвимости
Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, according to the installation setup. This can lead to the ability of an attacker to use --option to append arbitrary code to a root-owned file that eventually will be executed by the system. This is fixed in Uyuni spacewalk-admin 4.3.2-1.
Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, according to the installation setup. This can lead to the ability of an attacker to use --option to append arbitrary code to a root-owned file that eventually will be executed by the system. This is fixed in Uyuni spacewalk-admin 4.3.2-1.