Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2012.1148 Low: RHN Satellite Server 5 on Red Hat Enterprise Linux 4 - End Of Life 6 December 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: RHN Satellite Server 5 Publisher: Red Hat Operating System: Red Hat Enterprise Linux AS/ES/WS 4 Impact/Access: Reduced Security -- Unknown/Unspecified Resolution: Patch/Upgrade Original Bulletin: https://rhn.redhat.com/errata/RHSA-2012-1546.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: RHN Satellite Server 5 on Red Hat Enterprise Linux 4 - End Of Life Advisory ID: RHSA-2012:1546-01 Product: Red Hat Network Satellite Server Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1546.html Issue date: 2012-12-05 ===================================================================== 1. Summary: This is the End Of Life notification for RHN Satellite Server 5 versions released to run on Red Hat Enterprise Linux 4. 2. Relevant releases/architectures: Red Hat Network Satellite Server 5.0 (RHEL v.4 AS) - noarch Red Hat Network Satellite Server 5.1 (RHEL v.4 AS) - noarch Red Hat Network Satellite Server 5.2 (RHEL v.4 AS) - noarch Red Hat Network Satellite Server 5.3 (RHEL v.4) - noarch 3. Description: On December 1st, 2012, per the life-cycle support policy, the following versions of Satellite and Proxy products, released on Red Hat Enterprise Linux 4, exited Production Phase 2 marking the end of their support by Red Hat. RHN Satellite & RHN Proxy: - 5.0 - 5.1 - 5.2 on Red Hat Enterprise Linux 4 - 5.3 on Red Hat Enterprise Linux 4 Please reference the support policy here: https://access.redhat.com/support/policy/updates/satellite/ Notes: 1) Red Hat will continue to support RHN Satellite and Proxy versions 5.2 and 5.3 running on Red Hat Enterprise Linux 5. 2) All versions of 5.0 and 5.1 are now EOL with this notice. Though we are committed to the December 1st date for beginning the process of decommissioning Satellite and Proxy support listed, we recognize that our customers have woven these products very deeply into their processes and may need some time to upgrade. For upgrade purposes, please note the following dates: * December 1st, 2012 - Satellite and Proxy support for listed versions running on Red Hat Enterprise Linux 4, ceased to be supported. Official support ended. Only Severity 1 issues and upgrade assistance will be addressed. Satellite and Proxy will continue to operate, but all customers are encouraged to upgrade in a timely manner. * March 1st, 2013 - Satellite and Proxy versions listed - active status will be terminated. The Satellite and Proxy versions listed will enter an inactive state. This includes no longer generating nor providing Satellite Certificates to customers requesting them for these EOL product versions. The overview for the Satellite Upgrade process starting point is outlined here: https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Network_Satellite/5.5/html-single/Installation_Guide/index.html#chap-Installation_Guide-Upgrades For detailed instructions on upgrading Red Hat Network Satellite, please refer to the /etc/sysconfig/rhn/satellite-upgrade/README file. This can be found within the rhn-upgrade package. Before proceeding, it is important to read the complete details, contained within the most current rhn-upgrade package README file. As with all Satellite upgrades, please ensure that known good backups are available, especially of the database. How to proceed: * All affected Satellite and Proxy users must plan to upgrade to a newer version prior to March 1st, 2013. * If you have a Technical Account Manager, contact that person immediately to discuss upgrade plans. * Otherwise, contact support for assistance: https://www.redhat.com/support/ * Alternatively, Red Hat Consulting can be engaged to assist with a smooth migration: http://www.redhat.com/consulting/ More information on Red Hat Consulting for Satellite can be found here: http://www.redhat.com/f/pdf/consulting/RHNSatelliteImplementation-Brochure.pdf It is critical to ensure you have a plan to upgrade Satellite and Proxy listed versions, prior to March 1st, 2013. Listed versions of Satellite and Proxy for this notice are: - 5.0 - 5.1 - 5.2 on Red Hat Enterprise Linux 4 - 5.3 on Red Hat Enterprise Linux 4 4. Solution: This erratum contains rhns-certs-tools packages for RHN Satellite 5.0, 5.1, and 5.2, and a spacewalk-certs-tools package for RHN Satellite 5.3 with updated version numbers to ensure the distribution of this notice; however, no changes have been made to the packages. 5. Bugs fixed (http://bugzilla.redhat.com/): 882920 - Red Hat Network Satellite on RHEL 4 EOL 6. Package List: Red Hat Network Satellite Server 5.0 (RHEL v.4 AS): Source: rhns-certs-tools-5.0.1-3.el4_8.src.rpm noarch: rhns-certs-tools-5.0.1-3.el4_8.noarch.rpm Red Hat Network Satellite Server 5.1 (RHEL v.4 AS): Source: rhns-certs-tools-5.1.1-3.el4.src.rpm noarch: rhns-certs-tools-5.1.1-3.el4.noarch.rpm Red Hat Network Satellite Server 5.2 (RHEL v.4 AS): Source: rhns-certs-tools-5.2.0-5.el4.src.rpm noarch: rhns-certs-tools-5.2.0-5.el4.noarch.rpm Red Hat Network Satellite Server 5.3 (RHEL v.4): Source: ftp://updates.redhat.com/enterprise/4AS/en/RHNSAT/SRPMS/spacewalk-certs-tools-0.5.5-7.el4sat.src.rpm noarch: spacewalk-certs-tools-0.5.5-7.el4sat.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Network_Satellite/5.5/html-single/Installation_Guide/index.html#chap-Installation_Guide-Upgrades http://www.redhat.com/f/pdf/consulting/RHNSatelliteImplementation-Brochure.pdf 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQv4jeXlSAg2UNWIIRAt6rAJ9WH1Rjq34B4lMw6SnPZkcJjRs3ggCfYFX6 gP9Uo3WWTXnfQ37U8j9tF7c= =sAyE - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUL/i/+4yVqjM2NGpAQLpTw/7BNHflJZVqliZX4U+0oBxSH/pBU2sHfyk BOTrbcTX18FwcbBHCiaDMJDTbPW/RMjKFcB0ttT4QBa35QOlhts9ld/wLAxzkWKS gmwYWxHTpXdoGRiR9U8Q4Z/oUg9f1cWC3PAmh9upr5GAc3CsK8nhngEcTv8u/Py6 dacQXhQ6uc9dHlwPvHc2S3M4xb0toGjV37ewIMxslo22GLYp/gyfLapC92gQTJI2 tN78xxBft7wWfdtFiGXDKxsXcqFGQRMXlff/xQ4sOcqRgb4EbxtXp37zZmY6ASbh Lefw6nHHiIUN2Q7jDtpozVM+zjQMP7UNfYJA2b2kGTeStGR38/+jD8uQtL9Dii1D OjzyOaxSQJehvjjkBD6Jfm3bjXCRhRxsHzYI0NnJ2a4pHGGSjZCL9COgMgRmXlQ/ 0B+OBzUIINVMTZKuwiMB+Zuom5LTFM6Zp1KyocE7ET1Dk8xbGQBGRIpikQVvaX+N gzOJYHj9Dz6SGm9Wg5NiFyH5+9CP+GRA2LXHhJqUwfQQIEBA2WApEraBLhjrLwEL FbzXMvWmWgdlEMJ3SpO0YJx6BXAl1nz0rQLdXKotBE1O+0SMldOXseEmZ3jECB5G 1Vro0qHZNO4pX4taX9cpPPE0ROwxWaqHUhPKItSXyjBHXDtuShF3fnfdIgyWuaK8 UHHyuo/2FyQ= =N77s -----END PGP SIGNATURE-----