-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2016.1815
           Moderate: spacewalk-java security and bug fix update
                               27 July 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          spacewalk-java
Publisher:        Red Hat
Operating System: Red Hat Enterprise Linux Server 6
                  Red Hat Enterprise Linux WS/Desktop 6
                  Linux variants
Impact/Access:    Cross-site Scripting -- Remote with User Interaction
Resolution:       Patch/Upgrade
CVE Names:        CVE-2016-3097 CVE-2016-3080 

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Red Hat. It is recommended that administrators
         running spacewalk-java check for an updated version of the software
         for their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: spacewalk-java security and bug fix update
Advisory ID:       RHSA-2016:1484-01
Product:           Red Hat Satellite
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2016-1484.html
Issue date:        2016-07-26
CVE Names:         CVE-2016-3080 CVE-2016-3097 
=====================================================================

1. Summary:

An update for spacewalk-java is now available for Red Hat Satellite 5.7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Satellite 5.7 (RHEL v.6) - noarch

3. Description:

Red Hat Satellite is a system management tool for Linux-based
infrastructures. It allows for provisioning, monitoring, and the remote
management of multiple Linux deployments with a single, centralized tool.

Security Fix(es):

* A stored cross-site scripting (XSS) flaw was found in the way
spacewalk-java displayed monitoring probes. An attacker can embed HTML and
Javascript in the values for RHNMD User or Filesystem parameters in
Satellite, allowing them to inject malicious content into the web page that
is then displayed with that probe data. (CVE-2016-3080)

* A stored cross-site scripting (XSS) flaw was found in the way
spacewalk-java displayed group names. An attacker can embed HTML and
Javascript in the values for group names in Satellite, allowing them to
inject malicious content into the web page that is then displayed when
viewing the snapshot data. (CVE-2016-3097)

These issues were discovered by Jan HutaÃ…\x{153} (Red Hat).

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

For this update to take effect, Red Hat Satellite must be restarted
("/usr/sbin/rhn-satellite restart").

5. Bugs fixed (https://bugzilla.redhat.com/):

1320942 - CVE-2016-3080 spacewalk-monitoring: XSS issue in monitoring probe
1322710 - XSS when you create group with HTML via SSM or API and checks snapshot with this group join/leave
1322747 - CVE-2016-3097 spacewalk-java: Multiple XSS flaws

6. Package List:

Red Hat Satellite 5.7 (RHEL v.6):

Source:
spacewalk-java-2.3.8-147.el6sat.src.rpm

noarch:
spacewalk-java-2.3.8-147.el6sat.noarch.rpm
spacewalk-java-config-2.3.8-147.el6sat.noarch.rpm
spacewalk-java-lib-2.3.8-147.el6sat.noarch.rpm
spacewalk-java-oracle-2.3.8-147.el6sat.noarch.rpm
spacewalk-java-postgresql-2.3.8-147.el6sat.noarch.rpm
spacewalk-taskomatic-2.3.8-147.el6sat.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2016-3080
https://access.redhat.com/security/cve/CVE-2016-3097
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFXlyjlXlSAg2UNWIIRApqsAKCW78XzQ565Q9/lSnGM/5ouXWKpMACeKQMI
G0EVlAKbBgmdI0x4boIBCZ8=
=lC7I
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBV5f+j4x+lLeg9Ub1AQjYsg//S80tjUHWOhHapKK4Vu7GhJRT7nIVf3zu
yIx+Dr03Uxp8ThzOY5kV9EqyowpMP2V/cK1FD/Nd/Y3OB1euIdnoMSOzbE+YdsVy
3vXydHrXGA+lGaEtgKAG39T15qFp24BqbyOn1QOOfXpIA5jEP8jtQeZpQU2cJPjf
b0vYGAqR7dkfZeTNjEHCNLJZC6SLo/bUxJOOt/EVHV14ZAOjPBmnJ3HXL61aYo4c
3V0BE+0ULnTr/Uuh1NvvCCUnvIYAbaJV0QbtamF5bCKI7RJLy/GnV1Cq6A6NHaBg
4g3c3fu415iIgNS0AzTxODRZhqu28uBhkqn/P6r9gjMVxX9VR4vIsvJitaNVxFZ3
TkqXdjjGT395Hmm2vvp6EwwK10bp4dNVvHK8IUzjSexrdhUq/NkcinTB7vYWsoyR
ph3bVMqVTpoEtStxgge5qGu67rDW2VuZSOWlEaKUWPCEQA/EXwL9ZlNUsBU+Nquh
j379fVeWOEUG1ooE7qDxxb7/CV/C1jWmyw34QSSdxDUbBGOkg1EZWretfw2sZT8q
bMwf0ZJp+JJwuX0qhe6odX1PwFQ//gBz6FfiLtLQJbBrAV9jq7Vs5BId9Vu+KkWK
bkagsAMmN+FvU110T1afeaGzuSFV/ep0hUgcIfkYhPk1S9EEEUqfvHwoqEw2G+MU
H1wBQi3ykHw=
=QmHv
-----END PGP SIGNATURE-----