Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2012.1149 Low: RHN Proxy Server 5 on Red Hat Enterprise Linux 4 - End Of Life 6 December 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: RHN Proxy Server 5 Publisher: Red Hat Operating System: Red Hat Enterprise Linux AS/ES/WS 4 Impact/Access: Reduced Security -- Unknown/Unspecified Resolution: Patch/Upgrade Original Bulletin: https://rhn.redhat.com/errata/RHSA-2012-1547.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: RHN Proxy Server 5 on Red Hat Enterprise Linux 4 - End Of Life Advisory ID: RHSA-2012:1547-01 Product: Red Hat Network Proxy Server Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1547.html Issue date: 2012-12-05 ===================================================================== 1. Summary: This is the End Of Life notification for RHN Proxy Server 5 versions released to run on Red Hat Enterprise Linux 4. 2. Relevant releases/architectures: Red Hat Network Proxy v 5.0 (RHEL v.4 AS) - noarch Red Hat Network Proxy v 5.1 (RHEL v.4 AS) - noarch Red Hat Network Proxy v 5.2 (RHEL v.4 AS) - noarch Red Hat Network Proxy v 5.3 (RHEL v.4 AS) - noarch 3. Description: On December 1st, 2012, per the life-cycle support policy, the following versions of Satellite and Proxy products, released on Red Hat Enterprise Linux 4, exited Production Phase 2 marking the end of their support by Red Hat. RHN Satellite & RHN Proxy: - 5.0 - 5.1 - 5.2 on Red Hat Enterprise Linux 4 - 5.3 on Red Hat Enterprise Linux 4 Please reference the support policy here: https://access.redhat.com/support/policy/updates/satellite/ Notes: 1) Red Hat will continue to support RHN Satellite and Proxy versions 5.2 and 5.3 running on Red Hat Enterprise Linux 5. 2) All versions of 5.0 and 5.1 are now EOL with this notice. Though we are committed to the December 1st date for beginning the process of decommissioning Satellite and Proxy support listed, we recognize that our customers have woven these products very deeply into their processes and may need some time to upgrade. For upgrade purposes, please note the following dates: * December 1st, 2012 - Satellite and Proxy support for listed versions running on Red Hat Enterprise Linux 4, ceased to be supported. Official support ended. Only Severity 1 issues and upgrade assistance will be addressed. Satellite and Proxy will continue to operate, but all customers are encouraged to upgrade in a timely manner. * March 1st, 2013 - Satellite and Proxy versions listed - active status will be terminated. The Satellite and Proxy versions listed will enter an inactive state. This includes no longer generating nor providing Satellite Certificates to customers requesting them for these EOL product versions. The overview for the Satellite Upgrade process starting point is outlined here: https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Network_Satellite/5.5/html-single/Installation_Guide/index.html#chap-Installation_Guide-Upgrades For detailed instructions on upgrading Red Hat Network Satellite, please refer to the /etc/sysconfig/rhn/satellite-upgrade/README file. This can be found within the rhn-upgrade package. Before proceeding, it is important to read the complete details, contained within the most current rhn-upgrade package README file. As with all Satellite upgrades, please ensure that known good backups are available, especially of the database. How to proceed: * All affected Satellite and Proxy users must plan to upgrade to a newer version prior to March 1st, 2013. * If you have a Technical Account Manager, contact that person immediately to discuss upgrade plans. * Otherwise, contact support for assistance: https://www.redhat.com/support/ * Alternatively, Red Hat Consulting can be engaged to assist with a smooth migration: http://www.redhat.com/consulting/ More information on Red Hat Consulting for Satellite can be found here: http://www.redhat.com/f/pdf/consulting/RHNSatelliteImplementation-Brochure.pdf It is critical to ensure you have a plan to upgrade Satellite and Proxy listed versions, prior to March 1st, 2013. Listed versions of Satellite and Proxy for this notice are: - 5.0 - 5.1 - 5.2 on Red Hat Enterprise Linux 4 - 5.3 on Red Hat Enterprise Linux 4 4. Solution: This erratum contains rhns-certs-tools packages for RHN Proxy 5.0, 5.1, and 5.2, and a spacewalk-certs-tools package for RHN Proxy 5.3 with updated version numbers to ensure the distribution of this notice; however, no changes have been made to the packages. 5. Bugs fixed (http://bugzilla.redhat.com/): 882921 - Red Hat Network Proxy on RHEL 4 EOL 6. Package List: Red Hat Network Proxy v 5.0 (RHEL v.4 AS): Source: ftp://updates.redhat.com/enterprise/4AS/en/RHNPROXY/SRPMS/rhns-certs-tools-5.0.1-3.el4_8.src.rpm noarch: rhns-certs-tools-5.0.1-3.el4_8.noarch.rpm Red Hat Network Proxy v 5.1 (RHEL v.4 AS): Source: ftp://updates.redhat.com/enterprise/4AS/en/RHNPROXY/SRPMS/rhns-certs-tools-5.1.1-3.el4.src.rpm noarch: rhns-certs-tools-5.1.1-3.el4.noarch.rpm Red Hat Network Proxy v 5.2 (RHEL v.4 AS): Source: ftp://updates.redhat.com/enterprise/4AS/en/RHNPROXY/SRPMS/rhns-certs-tools-5.2.0-5.el4.src.rpm noarch: rhns-certs-tools-5.2.0-5.el4.noarch.rpm Red Hat Network Proxy v 5.3 (RHEL v.4 AS): Source: ftp://updates.redhat.com/enterprise/4AS/en/RHNPROXY/SRPMS/spacewalk-certs-tools-0.5.5-7.el4sat.src.rpm noarch: spacewalk-certs-tools-0.5.5-7.el4sat.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Network_Satellite/5.5/html-single/Installation_Guide/index.html#chap-Installation_Guide-Upgrades http://www.redhat.com/f/pdf/consulting/RHNSatelliteImplementation-Brochure.pdf 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQv4k7XlSAg2UNWIIRAodcAJ4iJJRa9o3z3QwT6nYqdPPULCW3HwCgtb/b zIFKM9KLM4QXOICWLEHJ7Mg= =Sft7 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUL/jDu4yVqjM2NGpAQJBQQ/9H046KonZodntRdzLpueNKw+bGZSTkmWU HDhCVdsgSTA/4jmpXcy57h03h0jF7wSvN+DKDAc0iQ1NExKWyf/lSyrghGOuGGN/ VY48qSa8ORM40JGnKY9HFv1j+dL44J8M0kGjjg8HBtv1/zBCRIjCWVDVaLWW01bV GML5EXJf6uz0T72E8T+nRlikga1jNeLAKab3zKO0WsAO+7RD+jhzpwB6RaBVWwMC I/xRxVAlxDaFLPS1VPmcVbnYKYqXfnpqZWgp2iCiBQ8dDvbh4SxcZbI6rtCw4CQw j5T1hyiS3I87/O/PZ6OlFH6+SGQxj+LI3wVMRgbktfgmKcF8DoUHa/zEycRpsyiB FHDlO9GKRqjaMk95vRqC8f6CgQCuBCm9x3dpAREfRFHtzxDkESKTp5byybfshbXZ sfNWMwlOucvfHpgcNV0mOKmKNGGgMBv38J9Zr6eq/GYVjCbCZgunTBAco6sVrmfl wKLORI5LWEASyiU5PKh3PuARJRiN8YXNWyu89i+h4h2xlGZBAoXd8PUnUnxfJc9F o2v1vl5TPvVKhPSOP+O72MxrM5MnEA8t1cGQ+x/qoZYti3JQHJNYWfOwJ44UmwHJ Xp6xBsFYNjh7yMz2vAQJca/EHpp7O35+P8pZ22NV8J5BM+Gg3+ptP/BG9HehVrxD yswaHxdGGo4= =Ro11 -----END PGP SIGNATURE-----