902915 – (CVE-2014-7811) VUL-0: spacewalk-java: CVE-2014-7811: more XSS bugs

Bug 902915 (CVE-2014-7811) - VUL-0: spacewalk-java: CVE-2014-7811: more XSS bugs

Summary: VUL-0: spacewalk-java: CVE-2014-7811: more XSS bugs

Status:	RESOLVED FIXED

Alias:	CVE-2014-7811

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P2 - High Severity: Normal
Target Milestone:	---
Deadline:	2015-05-19
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://bugzilla.redhat.com/show_bug....
Whiteboard:	maint:released:sle11-sp3:60647 maint:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2014-10-28 16:02 UTC by Thomas Biege
Modified:	2016-04-18 17:23 UTC (History)
CC List:	7 users (show)

See Also:
Found By:	Third Party Developer/Partner
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
xss.patch (10.11 KB, patch) 2014-10-28 16:02 UTC, Thomas Biege	Details \| Diff
xss56.patch (9.89 KB, patch) 2014-10-30 09:05 UTC, Thomas Biege	Details \| Diff
Patch for SUSE Manager 2.1 (spacewalk-java package) (10.98 KB, patch) 2015-01-13 09:26 UTC, Silvio Moioli	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 7 Thomas Biege 2015-01-12 16:51:34 UTC

RH made it public now.

Comment 8 Marcus Meissner 2015-01-12 16:54:32 UTC

Mickaël Gallier reports:

There are several stored XSS vulnerabilities in various fields in Satellite 
server, they can be exploited by using the REST API to send XML data 
containing malformed data.

Comment 9 Silvio Moioli 2015-01-13 09:26:42 UTC

Created attachment 619386 [details]
Patch for SUSE Manager 2.1 (spacewalk-java package)

I applied the Spacewalk patch to SUSE Manager and it does not result in any conflict.

Differences between that patch and the Satellite 5.6 one are either cosmetical (whitespace, code that was moved in a different position) or irrelevant to our code base (Perl file), so I think we should be OK with the Spacewalk patch.

Code looks safe, I don't think we will introduce any regression; our automated test suite did not report anything suspicious either. Patch was also cherry-picked to the Manager branch.

Is there anything else to do from our part?

Thanks

Comment 10 Michael Calmer 2015-01-13 09:40:14 UTC

I just talked to Marcus and he agreed that we include this in the next regular maintenance update.

So no urgent update needed.

I think we will start the next regular update in 2 or 3 weeks.

Comment 11 Silvio Moioli 2015-01-13 10:43:16 UTC

Also fixed in 1.7 as per commit 4485519.

Comment 12 Silvio Moioli 2015-01-14 17:03:43 UTC

Thomas, should I close this bug?

Thanks

Comment 13 Thomas Biege 2015-01-15 08:40:44 UTC

When you  are done just re-assign the bug to security-team@suse.de and they will take care of the release.

Comment 14 Silvio Moioli 2015-01-15 08:45:05 UTC

Re-assigning to security team.

Comment 15 Swamp Workflow Management 2015-01-28 14:28:50 UTC

An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2015-02-11.
https://swamp.suse.de/webswamp/wf/60431

Comment 17 Swamp Workflow Management 2015-02-27 18:08:46 UTC

SUSE-RU-2015:0393-1: An update that solves two vulnerabilities and has 30 fixes is now available.

Category: recommended (moderate)
Bug References: 841731,858971,880022,883487,884350,886421,893608,896029,897723,902915,903064,904703,906851,908317,909724,910243,910482,910494,911166,911180,911272,911808,912035,912057,912886,913215,913221,913939,914260,914437,914900,915140
CVE References: CVE-2014-7811,CVE-2014-7812
Sources used:
SUSE Manager Server (src):    cobbler-2.2.2-0.54.2, osad-5.11.33.7-0.7.3, perl-NOCpulse-Object-1.26.13.2-0.7.4, perl-Satcon-1.20.2-0.7.1, python-gzipstream-1.10.2.2-0.7.1, rhn-custom-info-5.4.22.6-0.7.4, rhnlib-2.5.69.6-0.7.1, rhnmd-5.3.18.4-0.7.3, rhnpush-5.5.71.7-0.7.5, sm-ncc-sync-data-2.1.9-0.7.1, smdba-1.5.1-0.7.1, spacewalk-admin-2.1.2.4-0.7.1, spacewalk-backend-2.1.55.15-0.7.3, spacewalk-branding-2.1.33.10-0.7.4, spacewalk-certs-tools-2.1.6.5-0.7.2, spacewalk-client-tools-2.1.16.6-0.7.1, spacewalk-config-2.1.5.4-0.7.5, spacewalk-doc-indexes-2.1.2.3-0.7.5, spacewalk-java-2.1.165.14-0.7.4, spacewalk-reports-2.1.14.8-0.7.2, spacewalk-search-2.1.14.6-0.7.4, spacewalk-setup-2.1.14.9-0.7.1, spacewalk-setup-jabberd-2.1.0.2-0.7.1, spacewalk-utils-2.1.27.12-0.7.9, spacewalk-web-2.1.60.12-0.7.3, spacewalksd-5.0.14.6-0.7.3, supportutils-plugin-susemanager-1.0.3-0.5.1, supportutils-plugin-susemanager-client-1.0.4-0.5.1, susemanager-2.1.17-0.7.1, susemanager-jsp_en-2.1-0.15.5, susemanager-manuals_en-2.1-0.15.6, susemanager-schema-2.1.50.11-0.7.1, susemanager-sync-data-2.1.5-0.7.1, tanukiwrapper-3.2.3-0.10.3

Comment 18 Marcus Meissner 2015-03-02 12:49:19 UTC

released

Comment 20 Swamp Workflow Management 2015-03-26 19:20:12 UTC

SUSE-RU-2015:0611-1: An update that solves 8 vulnerabilities and has 123 fixes is now available.

Category: recommended (important)
Bug References: 653265,767279,808947,841731,855389,858971,860299,862408,867836,870159,872029,872298,872351,875231,875452,878550,878553,879904,879992,879998,880001,880022,880026,880027,880081,880087,880327,880388,880936,881111,881225,881522,881711,882468,883009,883057,883379,883487,884051,884081,884350,884366,885889,886391,886421,887538,887879,889363,889605,889721,889739,889905,892707,892711,893608,895001,895961,896029,896109,896238,896244,896254,896844,897723,898242,898426,898428,899266,900956,901058,901108,901193,901675,901776,901927,901928,901958,902182,902373,902494,902503,902915,903064,903720,903723,903880,903961,904690,904699,904703,904732,904841,904959,905072,905263,905530,906850,906851,906887,907086,907106,907337,907527,907586,907643,907645,907646,907677,907809,908317,908320,908849,909724,910243,910482,910494,911166,911180,911272,911808,912035,912057,912886,913215,913221,913939,914260,914437,914900,915140,919448
CVE References: CVE-2014-0114,CVE-2014-0240,CVE-2014-0242,CVE-2014-3654,CVE-2014-7811,CVE-2014-7812,CVE-2014-8583,CVE-2014-9130
Sources used:
SUSE Manager Server (src):    apache2-mod_wsgi-3.3-5.7.17, auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58, cobbler-2.2.2-0.54.9, google-gson-2.2.4-0.7.52, libyaml-0.1.3-0.10.16.11, oracle-config-1.1-0.10.10.16, osad-5.11.33.7-0.7.16, perl-Class-Singleton-1.4-4.13.38, perl-NOCpulse-Object-1.26.13.2-0.7.13, perl-Satcon-1.20.2-0.7.6, postgresql91-9.1.15-0.3.1, pxe-default-image-0.1-0.20.56, python-enum34-1.0-0.7.33, python-gzipstream-1.10.2.2-0.7.6, rhn-custom-info-5.4.22.6-0.7.13, rhnlib-2.5.69.6-0.7.6, rhnmd-5.3.18.4-0.7.15, rhnpush-5.5.71.7-0.7.16, sm-ncc-sync-data-2.1.9-0.7.6, smdba-1.5.1-0.7.6, spacecmd-2.1.25.7-0.7.9, spacewalk-admin-2.1.2.4-0.7.6, spacewalk-backend-2.1.55.15-0.7.11, spacewalk-branding-2.1.33.10-0.7.16, spacewalk-certs-tools-2.1.6.5-0.7.10, spacewalk-client-tools-2.1.16.6-0.7.9, spacewalk-config-2.1.5.4-0.7.15, spacewalk-doc-indexes-2.1.2.3-0.7.26, spacewalk-java-2.1.165.14-0.7.16, spacewalk-reports-2.1.14.8-0.7.10, spacewalk-search-2.1.14.6-0.7.18, spacewalk-setup-2.1.14.9-0.7.6, spacewalk-setup-jabberd-2.1.0.2-0.7.6, spacewalk-utils-2.1.27.12-0.7.25, spacewalk-web-2.1.60.12-0.7.7, spacewalksd-5.0.14.6-0.7.15, struts-1.2.9-162.33.22, supportutils-plugin-susemanager-1.0.3-0.5.5, supportutils-plugin-susemanager-client-1.0.4-0.5.5, suseRegisterInfo-2.1.9-0.7.29, susemanager-2.1.17-0.7.11, susemanager-jsp_en-2.1-0.15.23, susemanager-manuals_en-2.1-0.15.24, susemanager-schema-2.1.50.11-0.7.8, susemanager-sync-data-2.1.5-0.7.6, tanukiwrapper-3.2.3-0.10.12, yum-3.2.29-0.19.30, zypp-plugin-spacewalk-0.9.8-0.15.51

Comment 21 Swamp Workflow Management 2015-05-12 15:15:53 UTC

An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2015-05-19.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/61695

Comment 23 Swamp Workflow Management 2015-05-21 22:07:58 UTC

SUSE-SU-2015:0928-1: An update that solves three vulnerabilities and has 14 fixes is now available.

Category: security (important)
Bug References: 799068,809927,814954,864246,870159,879904,881111,896238,896244,898426,900956,901108,902915,903723,906850,912886,922525
CVE References: CVE-2014-7811,CVE-2014-7812,CVE-2014-8162
Sources used:
SUSE Manager 1.7 for SLE 11 SP2 (src):    sm-ncc-sync-data-1.7.21-0.5.1, smdba-1.5-0.6.2.1, spacecmd-1.7.7.12-0.5.1, spacewalk-backend-1.7.38.34-0.5.1, spacewalk-branding-1.7.1.13-0.5.1, spacewalk-java-1.7.54.34-0.5.1, spacewalk-setup-1.7.9.12-0.5.1, susemanager-1.7.30-0.5.2, susemanager-schema-1.7.56.24-0.7.1