- Issued:
- 2017-04-11
- Updated:
- 2017-04-11
RHBA-2017:0897 - Red Hat Satellite Proxy server spacewalk-backend bug fix update
Synopsis
Red Hat Satellite Proxy server spacewalk-backend bug fix update
Type/Severity
Bug Fix Advisory None
Topic
Updated spacewalk-backend package that delivers a configuration setting to relax whitespace enforcement in the HTTPD running on the Proxy server.
Description
Red Hat Satellite Proxy is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. The spacewalk-backend packages contain the code for the python code that manages the server side of the client-to-satellite-server communication paths.
This update fixes the following issue:
- When the fix for https://bugzilla.redhat.com/show_bug.cgi?id=1412974, CVE-2016-8743, is released and applied, httpd will strictly enforce whitespace constraints on incoming HTTP requests. A previous release of the yum-rhn-plugin for Satellite clients contains a bug that results in that new httpd service rejecting requests coming from such clients. In order to avoid breaking yum-communication between a Proxy instance and its clients, this update puts in place a configuration option that is recognized only by the newer versions of httpd, which relaxes the whitespace-processing to its existing state.
The erratum releases the spacewalk-backend with the configuration change for the following Proxy versions:
- 5.7 (BZ#1430870)
- 5.6 (BZ#1430875)
- 5.5 (BZ#1430877)
- 5.4 (BZ#1430878)
All users of Red Hat Satellite Proxy are advised to upgrade to this updated package, which addresses this issue.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Satellite Proxy | 5.7 | x86_64 |
| Red Hat Satellite Proxy | 5.7 | s390x |
| Red Hat Satellite Proxy | 5.6 | x86_64 |
| Red Hat Satellite Proxy | 5.6 | x86_64 |
| Red Hat Satellite Proxy | 5.6 | s390x |
| Red Hat Satellite Proxy | 5.6 | s390x |
| Red Hat Satellite Proxy | 5.5 | x86_64 |
| Red Hat Satellite Proxy | 5.5 | x86_64 |
| Red Hat Satellite Proxy | 5.5 | s390x |
| Red Hat Satellite Proxy | 5.5 | s390x |
| Red Hat Satellite Proxy | 5.4 | x86_64 |
| Red Hat Satellite Proxy | 5.4 | x86_64 |
| Red Hat Satellite Proxy | 5.4 | s390x |
| Red Hat Satellite Proxy | 5.4 | s390x |
| Red Hat Satellite Proxy | 5.4 | i386 |
Updated Packages
- pyliblzma-0.5.3-14.el6sat.s390x.rpm
- spacewalk-backend-2.0.3-44.el5sat.src.rpm
- pyliblzma-0.5.3-14.el6sat.x86_64.rpm
- spacewalk-backend-libs-1.7.38-56.el5sat.noarch.rpm
- spacewalk-backend-libs-1.7.38-56.el6sat.noarch.rpm
- spacewalk-backend-2.0.3-44.el6sat.noarch.rpm
- spacewalk-backend-1.7.38-56.el6sat.noarch.rpm
- spacewalk-backend-libs-2.0.3-44.el5sat.noarch.rpm
- spacewalk-backend-1.7.38-56.el6sat.src.rpm
- spacewalk-backend-libs-2.3.3-48.el6sat.noarch.rpm
- spacewalk-backend-2.0.3-44.el5sat.noarch.rpm
- pyliblzma-0.5.3-14.el6sat.src.rpm
- spacewalk-backend-1.2.13-84.el5sat.src.rpm
- spacewalk-backend-1.7.38-56.el5sat.src.rpm
- spacewalk-backend-2.3.3-48.el6sat.src.rpm
- spacewalk-backend-1.2.13-84.el6sat.src.rpm
- spacewalk-backend-libs-1.2.13-84.el6sat.noarch.rpm
- spacewalk-backend-1.7.38-56.el5sat.noarch.rpm
- spacewalk-backend-libs-1.2.13-84.el5sat.noarch.rpm
- spacewalk-backend-1.2.13-84.el6sat.noarch.rpm
- spacewalk-backend-2.3.3-48.el6sat.noarch.rpm
- spacewalk-backend-2.0.3-44.el6sat.src.rpm
- spacewalk-backend-libs-2.0.3-44.el6sat.noarch.rpm
- spacewalk-backend-1.2.13-84.el5sat.noarch.rpm
Fixes
(none)
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.