Red Hat Security Advisory: Satellite 6.4 security, bug fix, and enhancement update
🔗 CVE IDs covered (28)
📋 Description
CVE-2015-3208 — hornetq: XXE/SSRF in XPath selector CVE-2015-6644 — bouncycastle: Information disclosure in GCMBlockCipher CVE-2016-1000338 — bouncycastle: DSA does not fully validate ASN.1 encoding during signature verification allowing for injection of unsigned data CVE-2016-1000339 — bouncycastle: Information leak in AESFastEngine class CVE-2016-1000340 — bouncycastle: Carry propagation bug in math.raw.Nat??? class CVE-2016-1000341 — bouncycastle: Information exposure in DSA signature generation via timing attack CVE-2016-1000342 — bouncycastle: ECDSA improper validation of ASN.1 encoding of signature CVE-2016-1000343 — bouncycastle: DSA key pair generator generates a weak private key by default CVE-2016-1000344 — bouncycastle: DHIES implementation allowed the use of ECB mode CVE-2016-1000345 — bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle attack CVE-2016-1000346 — bouncycastle: Other party DH public keys are not fully validated CVE-2016-1000352 — bouncycastle: ECIES implementation allowed the use of ECB mode CVE-2017-5929 — logback: Serialization vulnerability in SocketServer and ServerSocketReceiver CVE-2017-7233 — python-django: Open redirect and possible XSS attack via user-supplied numeric redirect URLs CVE-2017-7536 — hibernate-validator: Privilege escalation when running under the security manager CVE-2017-10689 — puppet: Unpacking of tarballs in tar/mini.rb can create files with insecure permissions CVE-2017-10690 — puppet: Environment leakage in puppet-agent CVE-2017-12175 — 6: XSS in discovery rule filter autocomplete functionality CVE-2017-15095 — jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) CVE-2017-15100 — foreman: Stored XSS in fact name or value CVE-2018-1090 — pulp: sensitive credentials revealed through the API CVE-2018-1096 — foreman: SQL injection due to improper handling of the widget id parameter CVE-2018-1097 — foreman: Ovirt admin password exposed by foreman API CVE-2018-5382 — bouncycastle: BKS-V1 keystore files vulnerable to trivial hash collisions CVE-2018-6188 — django: Information leakage in AuthenticationForm CVE-2018-7536 — django: Catastrophic backtracking in regular expressions via 'urlize' and 'urlizetrunc' CVE-2018-7537 — django: Catastrophic backtracking in regular expressions via 'truncatechars_html' and 'truncatewords_html' CVE-2018-10237 — guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service
🔗 References (117)
- selfhttps://access.redhat.com/errata/RHSA-2018:2927
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.4/html/release_notes/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1052713
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1060745
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1155817
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1177766
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1197650
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1225252
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1260733
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1265533
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1291730
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1295741
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1312098
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1328707
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1349150
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1356517
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1357256
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1372468
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1372731
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1379291
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1382069
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1386283
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1386908
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1389820
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1400058
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1409485
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1410264
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1410746
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1412596
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1416106
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1417015
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1417130
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1419060
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1425609
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1426739
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1428541
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1430022
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1430742
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1432858
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1435973
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1437234
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1439353
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1443505
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1443804
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1444015
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1449011
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1452772
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1455006
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1455132
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1458383
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1458573
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1458754
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1464219
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1464512
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1465573
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1468354
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1468359
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1470014
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1470761
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1474348
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1475121
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1478849
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1482540
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1483033
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1485805
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1486297
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1486782
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1487710
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1488291
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1489377
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1498588
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1498976
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1500593
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1506612
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1508551
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1515888
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1516623
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1527896
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1536487
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1538448
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1538479
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1539076
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1542850
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1545314
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1549777
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1549779
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1552632
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1553869
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1553994
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1555310
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1557067
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1560035
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1561061
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1561723
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1563749
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1564577
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1566764
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1570808
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1572290
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1572297
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1572305
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1573391
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1579384
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1588313
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1588314
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1588323
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1588327
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1588330
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1588688
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1588695
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1588708
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1588715
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1588721
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1595777
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1608447
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2927.json