RHSA-2018:2927: Important: Satellite 6.4 security, bug fix, and enhancement update

Red Hat Satellite is a systems management tool for Linux-based infrastructure.<br>It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool.<br>Security Fix(es):<br><li> jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) (CVE-2017-15095)</li> <li> hornetq: XXE/SSRF in XPath selector (CVE-2015-3208)</li> <li> bouncycastle: Information disclosure in GCMBlockCipher (CVE-2015-6644)</li> <li> bouncycastle: DSA does not fully validate ASN.1 encoding during signature verification allowing for injection of unsigned data (CVE-2016-1000338)</li> <li> bouncycastle: Information leak in AESFastEngine class (CVE-2016-1000339)</li> <li> bouncycastle: Information exposure in DSA signature generation via timing attack (CVE-2016-1000341)</li> <li> bouncycastle: ECDSA improper validation of ASN.1 encoding of signature (CVE-2016-1000342)</li> <li> bouncycastle: DHIES implementation allowed the use of ECB mode (CVE-2016-1000344)</li> <li> bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle attack (CVE-2016-1000345)</li> <li> bouncycastle: Other party DH public keys are not fully validated (CVE-2016-1000346)</li> <li> bouncycastle: ECIES implementation allowed the use of ECB mode (CVE-2016-1000352)</li> <li> logback: Serialization vulnerability in SocketServer and ServerSocketReceiver (CVE-2017-5929)</li> <li> python-django: Open redirect and possible XSS attack via user-supplied numeric redirect URLs (CVE-2017-7233)</li> <li> hibernate-validator: Privilege escalation when running under the security manager (CVE-2017-7536)</li> <li> puppet: Environment leakage in puppet-agent (CVE-2017-10690)</li> <li> Satellite 6: XSS in discovery rule filter autocomplete functionality (CVE-2017-12175)</li> <li> foreman: Stored XSS in fact name or value (CVE-2017-15100)</li> <li> pulp: sensitive credentials revealed through the API (CVE-2018-1090)</li> <li> foreman: SQL injection due to improper handling of the widget id parameter (CVE-2018-1096)</li> <li> foreman: Ovirt admin password exposed by foreman API (CVE-2018-1097)</li> <li> django: Catastrophic backtracking in regular expressions via 'urlize' and 'urlizetrunc' (CVE-2018-7536)</li> <li> django: Catastrophic backtracking in regular expressions via 'truncatecharshtml' and 'truncatewordshtml' (CVE-2018-7537)</li> <li> guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service (CVE-2018-10237)</li> <li> bouncycastle: Carry propagation bug in math.raw.Nat??? class (CVE-2016-1000340)</li> <li> bouncycastle: DSA key pair generator generates a weak private key by default (CVE-2016-1000343)</li> <li> puppet: Unpacking of tarballs in tar/mini.rb can create files with insecure permissions (CVE-2017-10689)</li> <li> bouncycastle: BKS-V1 keystore files vulnerable to trivial hash collisions (CVE-2018-5382)</li> For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.<br>Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-15095; and the Django project for reporting CVE-2017-7233, CVE-2018-7536, and CVE-2018-7537. The CVE-2017-7536 issue was discovered by Gunnar Morling (Red Hat); and the CVE-2018-1096 issue was discovered by Martin Povolny (Red Hat). Red Hat would also like to thank David Jorm (IIX Product Security) for reporting CVE-2015-3208.<br>Additional Changes:<br>This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.