RHEL 7:Satellite Server (RHSA-2018:0336)
high Nessus 插件 ID 107053
语言:
简介
远程 Red Hat 主机缺少一个或多个安全更新。描述
更新现在可用于 Red Hat Satellite。Red Hat 产品安全团队将此更新评级为具有重要安全影响。可从“参考”部分中的 CVE 链接获取通用漏洞评分系统 (CVSS) 基本分数,其针对每个漏洞给出了详细的严重性等级。Red Hat Satellite 是基于 Linux 基础架构的系统管理工具。它允许通过单一集中化工具配置、远程管理和监控多项 Linux 部署。此次更新为 Red Hat Enterprise Linux 7 Satellite 服务器提供 Satellite 6.3 程序包。有关 Satellite 6.3 提供的新功能的完整列表,请参阅“参考”部分中链接的版本说明。查看 Satellite 6 安装指南,获取详细的 Satellite 6.3 新环境安装指导,或者查看 Satellite 6 升级和更新指南,获取详细的 Satellite 6 旧版本升级指导。建议所有需要 Satellite 版本 6.3 的用户安装这些新的程序包。安全修复:* V8:整数溢出导致 Zone::New 缓冲区溢出 (CVE-2016-1669) * rubygem-will_paginate: XSS 漏洞 (CVE-2013-6459) * foreman:通过 ‘belongs_to’ 关联至 Organization 的模块不会验证关联是否属于该 Organization (CVE-2014-8183) * foreman:预制模板检查暴露敏感控制器信息 (CVE-2016-3693) * pulp:对 NSS DB 密码和种子不安全使用 bash $RANDOM (CVE-2016-3704) * foreman:通过 Organization 和 Locations API 提升特权 API (CVE-2016-4451) * foreman:在 discovery-debug 内,以明文显示根密码 (CVE-2016-4996) * foreman:Foreman 中的持久型 XSS 远程执行插件 (CVE-2016-6319) * foreman:通过名称中含 HTML 的 organization/location 储存 XSS (CVE-2016-8639) * katello-debug:由于使用可预测的文件名而可能遭受软链接攻击 (CVE-2016-9595) * rubygem-hammer_cl:没有验证 API 服务器的 SSL 证书 (CVE-2017-2667) * foreman:图像密码泄露 (CVE-2017-2672) * pulp:Pulp-qpid-ssl-cfg 中的 CA 密钥泄露 (CVE-2016-3696) * foreman:预制模板预览中存在信息泄露 (CVE-2016-4995) * foreman-debug:缺少敏感信息混淆 (CVE-2016-9593) 有关此安全问题的详细信息,包括其影响、CVSS 分数和其他相关信息,请参阅列于“参考”部分的 CVE 页面。Red Hat 在此感谢 Randy Barlow (RedHat) 报告 CVE-2016-3704,感谢 Sander Bos 报告 CVE-2016-3696。CVE-2014-8183 问题由 Eric Helms (Red Hat) 发现;CVE-2016-3693 和 CVE-2016-4995 问题由 Dominic Cleal (Red Hat) 发现;CVE-2016-4451 和 CVE-2016-6319 问题由 Marek Hulan (Red Hat) 发现;CVE-2016-4996 问题由 Thom Carlin (Red Hat) 发现;CVE-2016-8639 问题由 Sanket Jagtap (Red Hat) 发现;CVE-2016-9595 问题由 Evgeni Golov (Red Hat) 发现;CVE-2017-2667 问题由 Tomas Strachota (Red Hat)发现;CVE-2016-9593 问题由 Pavel Moravec (Red Hat) 发现。解决方案
更新受影响的程序包。另见
http://www.nessus.org/u?809d0a34
http://www.nessus.org/u?a2d46e23
https://access.redhat.com/errata/RHSA-2018:0336
https://access.redhat.com/security/updates/classification/#important
https://bugzilla.redhat.com/show_bug.cgi?id=1480348
https://bugzilla.redhat.com/show_bug.cgi?id=1480886
https://bugzilla.redhat.com/show_bug.cgi?id=1493001
https://bugzilla.redhat.com/show_bug.cgi?id=1493494
https://bugzilla.redhat.com/show_bug.cgi?id=1517827
https://bugzilla.redhat.com/show_bug.cgi?id=1529099
https://bugzilla.redhat.com/show_bug.cgi?id=1019214
https://bugzilla.redhat.com/show_bug.cgi?id=1046642
https://bugzilla.redhat.com/show_bug.cgi?id=1132402
https://bugzilla.redhat.com/show_bug.cgi?id=1133515
https://bugzilla.redhat.com/show_bug.cgi?id=1140671
https://bugzilla.redhat.com/show_bug.cgi?id=1144042
https://bugzilla.redhat.com/show_bug.cgi?id=1145653
https://bugzilla.redhat.com/show_bug.cgi?id=1154382
https://bugzilla.redhat.com/show_bug.cgi?id=1177766
https://bugzilla.redhat.com/show_bug.cgi?id=1187338
https://bugzilla.redhat.com/show_bug.cgi?id=1190002
https://bugzilla.redhat.com/show_bug.cgi?id=1199204
https://bugzilla.redhat.com/show_bug.cgi?id=1210878
https://bugzilla.redhat.com/show_bug.cgi?id=1215825
https://bugzilla.redhat.com/show_bug.cgi?id=1217523
https://bugzilla.redhat.com/show_bug.cgi?id=1245642
https://bugzilla.redhat.com/show_bug.cgi?id=1255484
https://bugzilla.redhat.com/show_bug.cgi?id=1257588
https://bugzilla.redhat.com/show_bug.cgi?id=1260697
https://bugzilla.redhat.com/show_bug.cgi?id=1263748
https://bugzilla.redhat.com/show_bug.cgi?id=1264043
https://bugzilla.redhat.com/show_bug.cgi?id=1264732
https://bugzilla.redhat.com/show_bug.cgi?id=1265125
https://bugzilla.redhat.com/show_bug.cgi?id=1270771
https://bugzilla.redhat.com/show_bug.cgi?id=1274159
https://bugzilla.redhat.com/show_bug.cgi?id=1278642
https://bugzilla.redhat.com/show_bug.cgi?id=1278644
https://bugzilla.redhat.com/show_bug.cgi?id=1284686
https://bugzilla.redhat.com/show_bug.cgi?id=1291935
https://bugzilla.redhat.com/show_bug.cgi?id=1292510
https://bugzilla.redhat.com/show_bug.cgi?id=1293538
https://bugzilla.redhat.com/show_bug.cgi?id=1303103
https://bugzilla.redhat.com/show_bug.cgi?id=1304608
https://bugzilla.redhat.com/show_bug.cgi?id=1305059
https://bugzilla.redhat.com/show_bug.cgi?id=1306723
https://bugzilla.redhat.com/show_bug.cgi?id=1309569
https://bugzilla.redhat.com/show_bug.cgi?id=1309944
https://bugzilla.redhat.com/show_bug.cgi?id=1313634
https://bugzilla.redhat.com/show_bug.cgi?id=1317614
https://bugzilla.redhat.com/show_bug.cgi?id=1318534
https://bugzilla.redhat.com/show_bug.cgi?id=1323436
https://bugzilla.redhat.com/show_bug.cgi?id=1324508
https://bugzilla.redhat.com/show_bug.cgi?id=1327030
https://bugzilla.redhat.com/show_bug.cgi?id=1327471
https://bugzilla.redhat.com/show_bug.cgi?id=1328238
https://bugzilla.redhat.com/show_bug.cgi?id=1328930
https://bugzilla.redhat.com/show_bug.cgi?id=1330264
https://bugzilla.redhat.com/show_bug.cgi?id=1335449
https://bugzilla.redhat.com/show_bug.cgi?id=1336924
https://bugzilla.redhat.com/show_bug.cgi?id=1339715
https://bugzilla.redhat.com/show_bug.cgi?id=1339889
https://bugzilla.redhat.com/show_bug.cgi?id=1340559
https://bugzilla.redhat.com/show_bug.cgi?id=1342623
https://bugzilla.redhat.com/show_bug.cgi?id=1344049
https://bugzilla.redhat.com/show_bug.cgi?id=1348939
https://bugzilla.redhat.com/show_bug.cgi?id=1349136
https://bugzilla.redhat.com/show_bug.cgi?id=1361473
https://bugzilla.redhat.com/show_bug.cgi?id=1365815
https://bugzilla.redhat.com/show_bug.cgi?id=1366029
https://bugzilla.redhat.com/show_bug.cgi?id=1370168
https://bugzilla.redhat.com/show_bug.cgi?id=1376134
https://bugzilla.redhat.com/show_bug.cgi?id=1376191
https://bugzilla.redhat.com/show_bug.cgi?id=1382356
https://bugzilla.redhat.com/show_bug.cgi?id=1382735
https://bugzilla.redhat.com/show_bug.cgi?id=1384146
https://bugzilla.redhat.com/show_bug.cgi?id=1384548
https://bugzilla.redhat.com/show_bug.cgi?id=1386266
https://bugzilla.redhat.com/show_bug.cgi?id=1386278
https://bugzilla.redhat.com/show_bug.cgi?id=1390545
https://bugzilla.redhat.com/show_bug.cgi?id=1391831
https://bugzilla.redhat.com/show_bug.cgi?id=1393291
https://bugzilla.redhat.com/show_bug.cgi?id=1393409
https://bugzilla.redhat.com/show_bug.cgi?id=1394056
https://bugzilla.redhat.com/show_bug.cgi?id=1402922
https://bugzilla.redhat.com/show_bug.cgi?id=1406384
https://bugzilla.redhat.com/show_bug.cgi?id=1406729
https://bugzilla.redhat.com/show_bug.cgi?id=1410872
https://bugzilla.redhat.com/show_bug.cgi?id=1412186
https://bugzilla.redhat.com/show_bug.cgi?id=1413851
https://bugzilla.redhat.com/show_bug.cgi?id=1416119
https://bugzilla.redhat.com/show_bug.cgi?id=1417073
https://bugzilla.redhat.com/show_bug.cgi?id=1420711
https://bugzilla.redhat.com/show_bug.cgi?id=1422458
https://bugzilla.redhat.com/show_bug.cgi?id=1425121
https://bugzilla.redhat.com/show_bug.cgi?id=1425523
https://bugzilla.redhat.com/show_bug.cgi?id=1426404
https://bugzilla.redhat.com/show_bug.cgi?id=1426411
https://bugzilla.redhat.com/show_bug.cgi?id=1426448
https://bugzilla.redhat.com/show_bug.cgi?id=1428761
https://bugzilla.redhat.com/show_bug.cgi?id=1429426
https://bugzilla.redhat.com/show_bug.cgi?id=1434069
https://bugzilla.redhat.com/show_bug.cgi?id=1435972
https://bugzilla.redhat.com/show_bug.cgi?id=1436262
https://bugzilla.redhat.com/show_bug.cgi?id=1438376
https://bugzilla.redhat.com/show_bug.cgi?id=1439537
https://bugzilla.redhat.com/show_bug.cgi?id=1439850
https://bugzilla.redhat.com/show_bug.cgi?id=1445807
https://bugzilla.redhat.com/show_bug.cgi?id=1446707
https://bugzilla.redhat.com/show_bug.cgi?id=1446719
https://bugzilla.redhat.com/show_bug.cgi?id=1452124
https://bugzilla.redhat.com/show_bug.cgi?id=1455057
https://bugzilla.redhat.com/show_bug.cgi?id=1455455
https://bugzilla.redhat.com/show_bug.cgi?id=1458817
https://bugzilla.redhat.com/show_bug.cgi?id=1464224
插件详情
严重性: High
ID: 107053
文件名: redhat-RHSA-2018-0336.nasl
版本: 3.10
类型: local
代理: unix
发布时间: 2018/2/28
最近更新时间: 2025/3/21
支持的传感器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
风险信息
VPR
风险因素: Medium
分数: 6.7
Vendor
Vendor Severity: Important
CVSS v2
风险因素: High
基本分数: 9.3
时间分数: 7.3
矢量: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS 分数来源: CVE-2016-1669
CVSS v3
风险因素: High
基本分数: 8.8
时间分数: 7.9
矢量: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
时间矢量: CVSS:3.0/E:P/RL:O/RC:C
CVSS 分数来源: CVE-2017-2672
漏洞信息
CPE: p-cpe:/a:redhat:enterprise_linux:rubygem-foreman_scap_client, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_remote_execution_core, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-katello, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman-tasks-core, p-cpe:/a:redhat:enterprise_linux:hiera, p-cpe:/a:redhat:enterprise_linux:satellite-capsule, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-bastion, p-cpe:/a:redhat:enterprise_linux:foreman-installer-katello, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_discovery_image, p-cpe:/a:redhat:enterprise_linux:python-pulp-streamer, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_bootdisk, p-cpe:/a:redhat:enterprise_linux:foreman-postgresql, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_theme_satellite, p-cpe:/a:redhat:enterprise_linux:satellite-debug-tools, p-cpe:/a:redhat:enterprise_linux:python-pulp-client-lib, p-cpe:/a:redhat:enterprise_linux:foreman-cli, p-cpe:/a:redhat:enterprise_linux:pulp-admin-client, p-cpe:/a:redhat:enterprise_linux:foreman-proxy-content, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman-redhat_access, p-cpe:/a:redhat:enterprise_linux:foreman-installer, p-cpe:/a:redhat:enterprise_linux:pulp-puppet-tools, p-cpe:/a:redhat:enterprise_linux:python-pulp-rpm-common, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_openscap, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_bootdisk, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:python-pulp-ostree-common, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ovirt_provision_plugin, p-cpe:/a:redhat:enterprise_linux:candlepin, p-cpe:/a:redhat:enterprise_linux:rubygem-kafo, p-cpe:/a:redhat:enterprise_linux:satellite-cli, p-cpe:/a:redhat:enterprise_linux:foreman-vmware, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_tasks, p-cpe:/a:redhat:enterprise_linux:foreman-rackspace, p-cpe:/a:redhat:enterprise_linux:pulp-server, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_docker, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_templates, p-cpe:/a:redhat:enterprise_linux:redhat-access-insights-puppet, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman-tasks, p-cpe:/a:redhat:enterprise_linux:katello-installer-base, p-cpe:/a:redhat:enterprise_linux:pulp, p-cpe:/a:redhat:enterprise_linux:pulp-rpm-plugins, p-cpe:/a:redhat:enterprise_linux:pulp-ostree-plugins, p-cpe:/a:redhat:enterprise_linux:pulp-docker, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_remote_execution, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_discovery, p-cpe:/a:redhat:enterprise_linux:python-pulp-puppet-common, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_virt_who_configure, p-cpe:/a:redhat:enterprise_linux:python-zope-interface, p-cpe:/a:redhat:enterprise_linux:katello-selinux, p-cpe:/a:redhat:enterprise_linux:pulp-nodes-child, p-cpe:/a:redhat:enterprise_linux:rubygem-kafo_wizards, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_dynflow, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-katello_ostree, p-cpe:/a:redhat:enterprise_linux:foreman-libvirt, p-cpe:/a:redhat:enterprise_linux:python-pulp-oid_validation, p-cpe:/a:redhat:enterprise_linux:puppet-foreman_scap_client, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_openscap, p-cpe:/a:redhat:enterprise_linux:pulp-docker-plugins, p-cpe:/a:redhat:enterprise_linux:foreman, p-cpe:/a:redhat:enterprise_linux:katello-common, p-cpe:/a:redhat:enterprise_linux:pulp-nodes-parent, p-cpe:/a:redhat:enterprise_linux:pulp-nodes-common, p-cpe:/a:redhat:enterprise_linux:pulp-katello, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_remote_execution_ssh, p-cpe:/a:redhat:enterprise_linux:pulp-ostree, p-cpe:/a:redhat:enterprise_linux:foreman-proxy, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_docker, p-cpe:/a:redhat:enterprise_linux:pulp-rpm-admin-extensions, p-cpe:/a:redhat:enterprise_linux:foreman-discovery-image, p-cpe:/a:redhat:enterprise_linux:pulp-docker-admin-extensions, p-cpe:/a:redhat:enterprise_linux:python-pulp-agent-lib, p-cpe:/a:redhat:enterprise_linux:foreman-bootloaders-redhat-tftpboot, p-cpe:/a:redhat:enterprise_linux:rubygem-tilt, p-cpe:/a:redhat:enterprise_linux:python-pulp-repoauth, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_hooks, p-cpe:/a:redhat:enterprise_linux:foreman-gce, p-cpe:/a:redhat:enterprise_linux:foreman-selinux, p-cpe:/a:redhat:enterprise_linux:pulp-rpm, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_remote_execution, p-cpe:/a:redhat:enterprise_linux:satellite-common, p-cpe:/a:redhat:enterprise_linux:pulp-selinux, p-cpe:/a:redhat:enterprise_linux:satellite, p-cpe:/a:redhat:enterprise_linux:foreman-compute, p-cpe:/a:redhat:enterprise_linux:satellite-installer, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_discovery, p-cpe:/a:redhat:enterprise_linux:python-pulp-bindings, p-cpe:/a:redhat:enterprise_linux:foreman-debug, p-cpe:/a:redhat:enterprise_linux:katello-debug, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_dhcp_remote_isc, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_csv, p-cpe:/a:redhat:enterprise_linux:kobo, p-cpe:/a:redhat:enterprise_linux:pulp-puppet-admin-extensions, p-cpe:/a:redhat:enterprise_linux:foreman-ec2, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_admin, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_katello, p-cpe:/a:redhat:enterprise_linux:katello-service, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_discovery, p-cpe:/a:redhat:enterprise_linux:foreman-openstack, p-cpe:/a:redhat:enterprise_linux:foreman-bootloaders-redhat, p-cpe:/a:redhat:enterprise_linux:python-pulp-docker-common, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_openscap, p-cpe:/a:redhat:enterprise_linux:foreman-ovirt, p-cpe:/a:redhat:enterprise_linux:katello-client-bootstrap, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_pulp, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_virt_who_configure, p-cpe:/a:redhat:enterprise_linux:python-pulp-common, p-cpe:/a:redhat:enterprise_linux:candlepin-selinux, p-cpe:/a:redhat:enterprise_linux:katello, p-cpe:/a:redhat:enterprise_linux:pulp-ostree-admin-extensions, p-cpe:/a:redhat:enterprise_linux:pulp-puppet-plugins, p-cpe:/a:redhat:enterprise_linux:pulp-puppet, p-cpe:/a:redhat:enterprise_linux:katello-certs-tools, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_dynflow_core, p-cpe:/a:redhat:enterprise_linux:rubygem-kafo_parsers
必需的 KB 项: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
可利用: true
易利用性: Exploits are available
补丁发布日期: 2018/2/21
漏洞发布日期: 2013/12/31
参考资料信息
CVE: CVE-2013-6459, CVE-2014-8183, CVE-2016-1669, CVE-2016-3693, CVE-2016-3696, CVE-2016-3704, CVE-2016-4451, CVE-2016-4995, CVE-2016-4996, CVE-2016-6319, CVE-2016-7077, CVE-2016-7078, CVE-2016-8613, CVE-2016-8634, CVE-2016-8639, CVE-2016-9593, CVE-2016-9595, CVE-2017-15699, CVE-2017-2295, CVE-2017-2667, CVE-2017-2672, CVE-2018-14623