RHEL 6：Satellite Server (RHSA-2015:0033)

low Nessus 插件 ID 80505

语言：

简介

远程 Red Hat 主机缺少一个或多个安全更新。

描述

Red Hat Satellite 5.7.0 现在可用。更新后的程序包修复了两个安全问题、多个缺陷，并添加了各种增强，现在可用于 Red Hat Satellite 5。

Red Hat 产品安全团队将此更新评级为具有中等安全影响。可从“参考”部分中的 CVE 链接获取针对每个漏洞的通用漏洞评分系统 (CVSS) 基本分数，其给出了详细的严重性等级。

Red Hat Satellite 向需要对其服务器的维护和程序包部署实施绝对控制和隐私保护的组织提供了一款解决方案。它允许组织利用 Red Hat Network (RHN) 的优势，而不用向其服务器或其他客户端系统提供公共 Internet 访问权限。

此更新引入 Red Hat Satellite 5.7.0。有关此版本中包含的新功能的完整列表，请参阅“发行说明”文档，网址是：

https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/5.7/

注意：Red Hat Satellite 5.7 和 Red Hat Satellite Proxy 5.7 可用于 Red Hat Enterprise Linux Server 6 上的安装。有关完整详细信息，包括受支持的架构组合，请参阅 Red Hat Satellite 5.7 安装指南。

此更新修复了以下安全问题：

在对通过 REST API 传递到 Satellite 的 XML 数据的处理中发现多种存储的跨站脚本 (XSS) 缺陷。通过向 Satellite 发送特别构建的请求，经认证的远程攻击者可将 HTML 内容嵌入存储的数据，并可将恶意内容注入用于查看该数据的网页中。(CVE-2014-7811)

在 System Groups 字段中发现一个存储的跨站脚本 (XSS) 缺陷。通过向 Satellite 发送特别构建的请求，经认证的远程攻击者可将 HTML 内容嵌入存储的数据，并可将恶意内容注入用于查看该数据的网页中。(CVE-2014-7812)

Red Hat 在此感谢 Mickaël Gallier 报告这些问题。

建议所有 Red Hat Satellite 用户安装此新发布的版本。

解决方案

更新受影响的数据包。

另见

https://access.redhat.com/errata/RHSA-2015:0033

https://access.redhat.com/security/cve/cve-2014-7811

https://access.redhat.com/security/cve/cve-2014-7812

插件详情

严重性: Low

ID: 80505

文件名: redhat-RHSA-2015-0033.nasl

版本: 1.13

类型: local

代理: unix

系列: Red Hat Local Security Checks

发布时间: 2015/1/14

最近更新时间: 2021/2/5

支持的传感器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

风险信息

VPR

风险因素: Low

分数: 3.0

CVSS v2

风险因素: Low

基本分数: 3.5

时间分数: 3

矢量: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

漏洞信息

CPE: p-cpe:/a:redhat:enterprise_linux:jakarta-commons-validator, p-cpe:/a:redhat:enterprise_linux:jakarta-oro, p-cpe:/a:redhat:enterprise_linux:jakarta-taglibs-standard, p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm, p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel, p-cpe:/a:redhat:enterprise_linux:javassist, p-cpe:/a:redhat:enterprise_linux:jboss-javaee-poms, p-cpe:/a:redhat:enterprise_linux:jboss-transaction-1.0.1-api, p-cpe:/a:redhat:enterprise_linux:jcommon, p-cpe:/a:redhat:enterprise_linux:jdom, p-cpe:/a:redhat:enterprise_linux:jfreechart, p-cpe:/a:redhat:enterprise_linux:jpam, p-cpe:/a:redhat:enterprise_linux:jquery-timepicker, p-cpe:/a:redhat:enterprise_linux:messagequeue, p-cpe:/a:redhat:enterprise_linux:nocpulseplugins, p-cpe:/a:redhat:enterprise_linux:nocpulseplugins-oracle, p-cpe:/a:redhat:enterprise_linux:npalert, p-cpe:/a:redhat:enterprise_linux:progagogo, p-cpe:/a:redhat:enterprise_linux:pyyaml, p-cpe:/a:redhat:enterprise_linux:snmpalerts, p-cpe:/a:redhat:enterprise_linux:satconfig-bootstrap, p-cpe:/a:redhat:enterprise_linux:satconfig-bootstrap-server, p-cpe:/a:redhat:enterprise_linux:satconfig-cluster, p-cpe:/a:redhat:enterprise_linux:satconfig-general, p-cpe:/a:redhat:enterprise_linux:satconfig-generator, p-cpe:/a:redhat:enterprise_linux:satconfig-installer, p-cpe:/a:redhat:enterprise_linux:satconfig-spread, p-cpe:/a:redhat:enterprise_linux:sputlite-client, p-cpe:/a:redhat:enterprise_linux:sputlite-server, p-cpe:/a:redhat:enterprise_linux:ace-editor, p-cpe:/a:redhat:enterprise_linux:antlr, p-cpe:/a:redhat:enterprise_linux:apache-commons-beanutils, p-cpe:/a:redhat:enterprise_linux:apache-commons-cli, p-cpe:/a:redhat:enterprise_linux:bootstrap, p-cpe:/a:redhat:enterprise_linux:bootstrap-datepicker, p-cpe:/a:redhat:enterprise_linux:c3p0, p-cpe:/a:redhat:enterprise_linux:cglib, p-cpe:/a:redhat:enterprise_linux:cobbler, p-cpe:/a:redhat:enterprise_linux:cobbler-loaders, p-cpe:/a:redhat:enterprise_linux:concurrent, p-cpe:/a:redhat:enterprise_linux:cx_oracle, p-cpe:/a:redhat:enterprise_linux:dojo, p-cpe:/a:redhat:enterprise_linux:dom4j, p-cpe:/a:redhat:enterprise_linux:dwr, p-cpe:/a:redhat:enterprise_linux:editarea, p-cpe:/a:redhat:enterprise_linux:jquery-ui, p-cpe:/a:redhat:enterprise_linux:libapreq2, p-cpe:/a:redhat:enterprise_linux:libgsasl, p-cpe:/a:redhat:enterprise_linux:libntlm, p-cpe:/a:redhat:enterprise_linux:libreadline-java, p-cpe:/a:redhat:enterprise_linux:libyaml, p-cpe:/a:redhat:enterprise_linux:momentjs, p-cpe:/a:redhat:enterprise_linux:nocpulse-common, p-cpe:/a:redhat:enterprise_linux:nocpulse-db-perl, p-cpe:/a:redhat:enterprise_linux:nutch, p-cpe:/a:redhat:enterprise_linux:objectweb-asm, p-cpe:/a:redhat:enterprise_linux:oracle-config, p-cpe:/a:redhat:enterprise_linux:oracle-instantclient-basic, p-cpe:/a:redhat:enterprise_linux:oracle-instantclient-selinux, p-cpe:/a:redhat:enterprise_linux:oracle-instantclient-sqlplus, p-cpe:/a:redhat:enterprise_linux:oracle-instantclient-sqlplus-selinux, p-cpe:/a:redhat:enterprise_linux:oracle-nofcontext-selinux, p-cpe:/a:redhat:enterprise_linux:osa-dispatcher, p-cpe:/a:redhat:enterprise_linux:osa-dispatcher-selinux, p-cpe:/a:redhat:enterprise_linux:oscache, p-cpe:/a:redhat:enterprise_linux:patternfly1, p-cpe:/a:redhat:enterprise_linux:perl-apache-dbi, p-cpe:/a:redhat:enterprise_linux:perl-berkeleydb, p-cpe:/a:redhat:enterprise_linux:perl-cache-cache, p-cpe:/a:redhat:enterprise_linux:perl-class-methodmaker, p-cpe:/a:redhat:enterprise_linux:perl-class-singleton, p-cpe:/a:redhat:enterprise_linux:perl-config-inifiles, p-cpe:/a:redhat:enterprise_linux:perl-convert-binhex, p-cpe:/a:redhat:enterprise_linux:perl-crypt-des, p-cpe:/a:redhat:enterprise_linux:perl-crypt-generatepassword, p-cpe:/a:redhat:enterprise_linux:eventreceivers, p-cpe:/a:redhat:enterprise_linux:font-awesome, p-cpe:/a:redhat:enterprise_linux:glassfish-jsf, p-cpe:/a:redhat:enterprise_linux:hibernate3, p-cpe:/a:redhat:enterprise_linux:jabberd, p-cpe:/a:redhat:enterprise_linux:jabberpy, p-cpe:/a:redhat:enterprise_linux:jakarta-commons-chain, p-cpe:/a:redhat:enterprise_linux:jakarta-commons-codec, p-cpe:/a:redhat:enterprise_linux:jakarta-commons-digester, p-cpe:/a:redhat:enterprise_linux:jakarta-commons-el, p-cpe:/a:redhat:enterprise_linux:jakarta-commons-fileupload, p-cpe:/a:redhat:enterprise_linux:jakarta-commons-io, p-cpe:/a:redhat:enterprise_linux:jakarta-commons-lang, p-cpe:/a:redhat:enterprise_linux:jakarta-commons-logging, p-cpe:/a:redhat:enterprise_linux:jakarta-commons-logging-jboss, p-cpe:/a:redhat:enterprise_linux:jakarta-commons-parent, p-cpe:/a:redhat:enterprise_linux:perl-email-date-format, p-cpe:/a:redhat:enterprise_linux:perl-filesys-df, p-cpe:/a:redhat:enterprise_linux:perl-html-tableextract, p-cpe:/a:redhat:enterprise_linux:perl-io-stringy, p-cpe:/a:redhat:enterprise_linux:perl-ipc-sharelite, p-cpe:/a:redhat:enterprise_linux:perl-list-moreutils, p-cpe:/a:redhat:enterprise_linux:perl-mime-lite, p-cpe:/a:redhat:enterprise_linux:perl-mime-types, p-cpe:/a:redhat:enterprise_linux:perl-mime-tools, p-cpe:/a:redhat:enterprise_linux:perl-mail-rfc822-address, p-cpe:/a:redhat:enterprise_linux:perl-nocpulse-clac, p-cpe:/a:redhat:enterprise_linux:perl-nocpulse-debug, p-cpe:/a:redhat:enterprise_linux:perl-nocpulse-gritch, p-cpe:/a:redhat:enterprise_linux:perl-nocpulse-object, p-cpe:/a:redhat:enterprise_linux:perl-nocpulse-oracledb, p-cpe:/a:redhat:enterprise_linux:perl-nocpulse-persistentconnection, p-cpe:/a:redhat:enterprise_linux:perl-nocpulse-probe, p-cpe:/a:redhat:enterprise_linux:perl-nocpulse-probe-oracle, p-cpe:/a:redhat:enterprise_linux:perl-nocpulse-processpool, p-cpe:/a:redhat:enterprise_linux:perl-nocpulse-scheduler, p-cpe:/a:redhat:enterprise_linux:perl-nocpulse-setid, p-cpe:/a:redhat:enterprise_linux:perl-nocpulse-utils, p-cpe:/a:redhat:enterprise_linux:perl-net-inet6glue, p-cpe:/a:redhat:enterprise_linux:perl-net-ipv4addr, p-cpe:/a:redhat:enterprise_linux:perl-net-snmp, p-cpe:/a:redhat:enterprise_linux:perl-params-validate, p-cpe:/a:redhat:enterprise_linux:perl-soap-lite, p-cpe:/a:redhat:enterprise_linux:perl-satcon, p-cpe:/a:redhat:enterprise_linux:perl-termreadkey, p-cpe:/a:redhat:enterprise_linux:perl-xml-generator, p-cpe:/a:redhat:enterprise_linux:perl-libapreq2, p-cpe:/a:redhat:enterprise_linux:postgresql92-postgresql, p-cpe:/a:redhat:enterprise_linux:postgresql92-postgresql-contrib, p-cpe:/a:redhat:enterprise_linux:postgresql92-postgresql-libs, p-cpe:/a:redhat:enterprise_linux:postgresql92-postgresql-pltcl, p-cpe:/a:redhat:enterprise_linux:postgresql92-postgresql-server, p-cpe:/a:redhat:enterprise_linux:postgresql92-postgresql-upgrade, p-cpe:/a:redhat:enterprise_linux:postgresql92-runtime, p-cpe:/a:redhat:enterprise_linux:pwstrength-bootstrap, p-cpe:/a:redhat:enterprise_linux:python-debian, p-cpe:/a:redhat:enterprise_linux:python-gzipstream, p-cpe:/a:redhat:enterprise_linux:python-psycopg2, p-cpe:/a:redhat:enterprise_linux:quartz, p-cpe:/a:redhat:enterprise_linux:quartz-oracle, p-cpe:/a:redhat:enterprise_linux:redstone-xmlrpc, p-cpe:/a:redhat:enterprise_linux:rhn-i18n-guides, p-cpe:/a:redhat:enterprise_linux:rhn-i18n-release-notes, p-cpe:/a:redhat:enterprise_linux:rhn-solaris-bootstrap, p-cpe:/a:redhat:enterprise_linux:rhn_solaris_bootstrap_5_4_1_9, p-cpe:/a:redhat:enterprise_linux:rhnlib, p-cpe:/a:redhat:enterprise_linux:rhnpush, p-cpe:/a:redhat:enterprise_linux:roboto, p-cpe:/a:redhat:enterprise_linux:satellite-branding, p-cpe:/a:redhat:enterprise_linux:satellite-doc-indexes, p-cpe:/a:redhat:enterprise_linux:satellite-repo, p-cpe:/a:redhat:enterprise_linux:satellite-schema, p-cpe:/a:redhat:enterprise_linux:scdb, p-cpe:/a:redhat:enterprise_linux:scl-utils, p-cpe:/a:redhat:enterprise_linux:select2, p-cpe:/a:redhat:enterprise_linux:select2-bootstrap-css, p-cpe:/a:redhat:enterprise_linux:simple-core, p-cpe:/a:redhat:enterprise_linux:sitemesh, p-cpe:/a:redhat:enterprise_linux:spacecmd, p-cpe:/a:redhat:enterprise_linux:spacewalk-admin, p-cpe:/a:redhat:enterprise_linux:spacewalk-backend, p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-app, p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-applet, p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-config-files, p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-config-files-common, p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-config-files-tool, p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-iss, p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-iss-export, p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-libs, p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-package-push-server, p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-server, p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-sql, p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-sql-oracle, p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-sql-postgresql, p-cpe:/a:redhat:enterprise_linux:perl-dbd-oracle, p-cpe:/a:redhat:enterprise_linux:perl-datetime, p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-tools, p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-xml-export-libs, p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-xmlrpc, p-cpe:/a:redhat:enterprise_linux:spacewalk-base, p-cpe:/a:redhat:enterprise_linux:spacewalk-base-minimal, p-cpe:/a:redhat:enterprise_linux:spacewalk-base-minimal-config, p-cpe:/a:redhat:enterprise_linux:spacewalk-certs-tools, p-cpe:/a:redhat:enterprise_linux:spacewalk-common, p-cpe:/a:redhat:enterprise_linux:spacewalk-config, p-cpe:/a:redhat:enterprise_linux:spacewalk-dobby, p-cpe:/a:redhat:enterprise_linux:spacewalk-grail, p-cpe:/a:redhat:enterprise_linux:spacewalk-html, p-cpe:/a:redhat:enterprise_linux:spacewalk-java, p-cpe:/a:redhat:enterprise_linux:spacewalk-java-config, p-cpe:/a:redhat:enterprise_linux:spacewalk-java-lib, p-cpe:/a:redhat:enterprise_linux:spacewalk-java-oracle, p-cpe:/a:redhat:enterprise_linux:spacewalk-java-postgresql, p-cpe:/a:redhat:enterprise_linux:spacewalk-monitoring, p-cpe:/a:redhat:enterprise_linux:spacewalk-monitoring-selinux, p-cpe:/a:redhat:enterprise_linux:spacewalk-oracle, p-cpe:/a:redhat:enterprise_linux:spacewalk-postgresql, p-cpe:/a:redhat:enterprise_linux:spacewalk-pxt, p-cpe:/a:redhat:enterprise_linux:spacewalk-reports, p-cpe:/a:redhat:enterprise_linux:spacewalk-schema, p-cpe:/a:redhat:enterprise_linux:spacewalk-search, p-cpe:/a:redhat:enterprise_linux:spacewalk-selinux, p-cpe:/a:redhat:enterprise_linux:spacewalk-setup, p-cpe:/a:redhat:enterprise_linux:spacewalk-setup-jabberd, p-cpe:/a:redhat:enterprise_linux:spacewalk-setup-postgresql, p-cpe:/a:redhat:enterprise_linux:spacewalk-slf4j, p-cpe:/a:redhat:enterprise_linux:spacewalk-sniglets, p-cpe:/a:redhat:enterprise_linux:spacewalk-ssl-cert-check, p-cpe:/a:redhat:enterprise_linux:spacewalk-taskomatic, p-cpe:/a:redhat:enterprise_linux:spacewalk-utils, p-cpe:/a:redhat:enterprise_linux:ssl_bridge, p-cpe:/a:redhat:enterprise_linux:status_log_acceptor, p-cpe:/a:redhat:enterprise_linux:stringtree-json, p-cpe:/a:redhat:enterprise_linux:struts, p-cpe:/a:redhat:enterprise_linux:struts-core, p-cpe:/a:redhat:enterprise_linux:struts-extras, p-cpe:/a:redhat:enterprise_linux:struts-taglib, p-cpe:/a:redhat:enterprise_linux:tanukiwrapper, p-cpe:/a:redhat:enterprise_linux:tsdb, p-cpe:/a:redhat:enterprise_linux:udns, p-cpe:/a:redhat:enterprise_linux:xalan-j2, cpe:/o:redhat:enterprise_linux:6

必需的 KB 项: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

易利用性: No known exploits are available

补丁发布日期: 2015/1/13

漏洞发布日期: 2015/1/15

参考资料信息

CVE: CVE-2014-7811, CVE-2014-7812

BID: 74825, 74829

RHSA: 2015:0033