Bugzilla – Bug 912886
VUL-0: CVE-2014-7812: spacewalk-java: XSS in system-group
Last modified: 2018-10-19 18:32:12 UTC
CVE-2014-7812 Several stored XSS vulnerabilities in various fields in Satellite server, they can be exploited by using the REST API to send XML data containing malformed data. One of these is in the system-group handling. Please see CVE-014-7811 for the other vulnerabilities. References: https://bugzilla.redhat.com/show_bug.cgi?id=1172934 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7812 https://rhn.redhat.com/errata/RHSA-2015-0033.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7812
Re-assigning to galaxy-bugs@suse.de since this is the default assignee for all SUSE Manager bugs. Please do not assign bugs directly to specific developers, thank you!
Is this the same as bsc#902915 ? The attached patches there also fixes something in systemgroups. Also the RedHat bug do not contain a patch. So is this really a different issue or the same one. They have different CVE numbers.
bugbot adjusting priority
they are probably related, but note that they even got a different CVE. bnc#902915 has the CVE-2014-7811
The problem is, that we do not have a patch for this. So: is there a patch we need to apply or not? Even in the RedHat bugs there is no patch listed. So we cannot fix this. Can you find out if there is a patch, of if the patch we applied for the other bug contains the fix for this. Thanks.
I mailed Kurt Seyfried of Redhat for more info.
It looks like the fix is included in the patch for CVE-2014-7811/bug 902915. https://bugzilla.redhat.com/attachment.cgi?id=951111&action=diff ... (-)a/java/code/webapp/WEB-INF/pages/groups/detail.jsp (-2 / +2 lines) Lines 87-97 <table class="table"> <tr> <th><bean:message key="systemgroup.details.name"/></th> - <td>${name}</td> + <td><c:out value="${name}" /></td> </tr> <tr> <th valign="top"><bean:message key="systemgroup.details.description"/></th> - <td>${description}</td> + <td><c:out value="${description}" /></td> </tr> </table>
I added this bug and CVE to the changelog of spacewalk-java. The other bug and CVE will come later when we tag and submit the package. We will start the release in about two weeks.
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-02-11. https://swamp.suse.de/webswamp/wf/60431
SUSE-RU-2015:0393-1: An update that solves two vulnerabilities and has 30 fixes is now available. Category: recommended (moderate) Bug References: 841731,858971,880022,883487,884350,886421,893608,896029,897723,902915,903064,904703,906851,908317,909724,910243,910482,910494,911166,911180,911272,911808,912035,912057,912886,913215,913221,913939,914260,914437,914900,915140 CVE References: CVE-2014-7811,CVE-2014-7812 Sources used: SUSE Manager Server (src): cobbler-2.2.2-0.54.2, osad-5.11.33.7-0.7.3, perl-NOCpulse-Object-1.26.13.2-0.7.4, perl-Satcon-1.20.2-0.7.1, python-gzipstream-1.10.2.2-0.7.1, rhn-custom-info-5.4.22.6-0.7.4, rhnlib-2.5.69.6-0.7.1, rhnmd-5.3.18.4-0.7.3, rhnpush-5.5.71.7-0.7.5, sm-ncc-sync-data-2.1.9-0.7.1, smdba-1.5.1-0.7.1, spacewalk-admin-2.1.2.4-0.7.1, spacewalk-backend-2.1.55.15-0.7.3, spacewalk-branding-2.1.33.10-0.7.4, spacewalk-certs-tools-2.1.6.5-0.7.2, spacewalk-client-tools-2.1.16.6-0.7.1, spacewalk-config-2.1.5.4-0.7.5, spacewalk-doc-indexes-2.1.2.3-0.7.5, spacewalk-java-2.1.165.14-0.7.4, spacewalk-reports-2.1.14.8-0.7.2, spacewalk-search-2.1.14.6-0.7.4, spacewalk-setup-2.1.14.9-0.7.1, spacewalk-setup-jabberd-2.1.0.2-0.7.1, spacewalk-utils-2.1.27.12-0.7.9, spacewalk-web-2.1.60.12-0.7.3, spacewalksd-5.0.14.6-0.7.3, supportutils-plugin-susemanager-1.0.3-0.5.1, supportutils-plugin-susemanager-client-1.0.4-0.5.1, susemanager-2.1.17-0.7.1, susemanager-jsp_en-2.1-0.15.5, susemanager-manuals_en-2.1-0.15.6, susemanager-schema-2.1.50.11-0.7.1, susemanager-sync-data-2.1.5-0.7.1, tanukiwrapper-3.2.3-0.10.3
released
SUSE-RU-2015:0611-1: An update that solves 8 vulnerabilities and has 123 fixes is now available. Category: recommended (important) Bug References: 653265,767279,808947,841731,855389,858971,860299,862408,867836,870159,872029,872298,872351,875231,875452,878550,878553,879904,879992,879998,880001,880022,880026,880027,880081,880087,880327,880388,880936,881111,881225,881522,881711,882468,883009,883057,883379,883487,884051,884081,884350,884366,885889,886391,886421,887538,887879,889363,889605,889721,889739,889905,892707,892711,893608,895001,895961,896029,896109,896238,896244,896254,896844,897723,898242,898426,898428,899266,900956,901058,901108,901193,901675,901776,901927,901928,901958,902182,902373,902494,902503,902915,903064,903720,903723,903880,903961,904690,904699,904703,904732,904841,904959,905072,905263,905530,906850,906851,906887,907086,907106,907337,907527,907586,907643,907645,907646,907677,907809,908317,908320,908849,909724,910243,910482,910494,911166,911180,911272,911808,912035,912057,912886,913215,913221,913939,914260,914437,914900,915140,919448 CVE References: CVE-2014-0114,CVE-2014-0240,CVE-2014-0242,CVE-2014-3654,CVE-2014-7811,CVE-2014-7812,CVE-2014-8583,CVE-2014-9130 Sources used: SUSE Manager Server (src): apache2-mod_wsgi-3.3-5.7.17, auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58, cobbler-2.2.2-0.54.9, google-gson-2.2.4-0.7.52, libyaml-0.1.3-0.10.16.11, oracle-config-1.1-0.10.10.16, osad-5.11.33.7-0.7.16, perl-Class-Singleton-1.4-4.13.38, perl-NOCpulse-Object-1.26.13.2-0.7.13, perl-Satcon-1.20.2-0.7.6, postgresql91-9.1.15-0.3.1, pxe-default-image-0.1-0.20.56, python-enum34-1.0-0.7.33, python-gzipstream-1.10.2.2-0.7.6, rhn-custom-info-5.4.22.6-0.7.13, rhnlib-2.5.69.6-0.7.6, rhnmd-5.3.18.4-0.7.15, rhnpush-5.5.71.7-0.7.16, sm-ncc-sync-data-2.1.9-0.7.6, smdba-1.5.1-0.7.6, spacecmd-2.1.25.7-0.7.9, spacewalk-admin-2.1.2.4-0.7.6, spacewalk-backend-2.1.55.15-0.7.11, spacewalk-branding-2.1.33.10-0.7.16, spacewalk-certs-tools-2.1.6.5-0.7.10, spacewalk-client-tools-2.1.16.6-0.7.9, spacewalk-config-2.1.5.4-0.7.15, spacewalk-doc-indexes-2.1.2.3-0.7.26, spacewalk-java-2.1.165.14-0.7.16, spacewalk-reports-2.1.14.8-0.7.10, spacewalk-search-2.1.14.6-0.7.18, spacewalk-setup-2.1.14.9-0.7.6, spacewalk-setup-jabberd-2.1.0.2-0.7.6, spacewalk-utils-2.1.27.12-0.7.25, spacewalk-web-2.1.60.12-0.7.7, spacewalksd-5.0.14.6-0.7.15, struts-1.2.9-162.33.22, supportutils-plugin-susemanager-1.0.3-0.5.5, supportutils-plugin-susemanager-client-1.0.4-0.5.5, suseRegisterInfo-2.1.9-0.7.29, susemanager-2.1.17-0.7.11, susemanager-jsp_en-2.1-0.15.23, susemanager-manuals_en-2.1-0.15.24, susemanager-schema-2.1.50.11-0.7.8, susemanager-sync-data-2.1.5-0.7.6, tanukiwrapper-3.2.3-0.10.12, yum-3.2.29-0.19.30, zypp-plugin-spacewalk-0.9.8-0.15.51
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2015-05-19. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/61695
SUSE-SU-2015:0928-1: An update that solves three vulnerabilities and has 14 fixes is now available. Category: security (important) Bug References: 799068,809927,814954,864246,870159,879904,881111,896238,896244,898426,900956,901108,902915,903723,906850,912886,922525 CVE References: CVE-2014-7811,CVE-2014-7812,CVE-2014-8162 Sources used: SUSE Manager 1.7 for SLE 11 SP2 (src): sm-ncc-sync-data-1.7.21-0.5.1, smdba-1.5-0.6.2.1, spacecmd-1.7.7.12-0.5.1, spacewalk-backend-1.7.38.34-0.5.1, spacewalk-branding-1.7.1.13-0.5.1, spacewalk-java-1.7.54.34-0.5.1, spacewalk-setup-1.7.9.12-0.5.1, susemanager-1.7.30-0.5.2, susemanager-schema-1.7.56.24-0.7.1