Bugzilla – Bug 922525
VUL-0: CVE-2014-8162: spacewalk: Satellite5: RPC API XML External Entities file disclosure
Last modified: 2017-01-10 17:25:23 UTC
bugbot adjusting priority
Marcus, does the bug report contain any more details? This description is a bit too generic to be actionable at least from my point of view.
It currently does not contain more information. I will keep you updated once that changes.
CRD: 2015-05-11 16:00 UTC
still no patch in redhat bug at this time
Created attachment 633245 [details] CVE-2014-8162 patches
needinfo provided.
We will provide this fix for Manager-2.1 via a package only patch to get it faster out than with the regular next update. For 1.7 we will put it into the next regular update which we want to start soon.
Packages (spacewalk-java and spacewalk-setup) submitted to SUSE:SLE-11-SP3:Update:Test for SUSE Manager 2.1 Update for SUSE Manager 1.7 we want to do a full update. Security Team and Maintenance Team: Who will provide swamp IDs for what?
> Security Team and Maintenance Team: Who will provide swamp IDs for what? As we're fixing only a security vulnerability (at least for 2.1), security-team@suse.de should handle it. For 1.7, could you open a tracker bug and list there the other packages that are going to be submitted? Maintenance could take care of the update for 1.7 then.
is public now.
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2015-05-19. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/61694
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-05-26. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/61696
SUSE-SU-2015:0928-1: An update that solves three vulnerabilities and has 14 fixes is now available. Category: security (important) Bug References: 799068,809927,814954,864246,870159,879904,881111,896238,896244,898426,900956,901108,902915,903723,906850,912886,922525 CVE References: CVE-2014-7811,CVE-2014-7812,CVE-2014-8162 Sources used: SUSE Manager 1.7 for SLE 11 SP2 (src): sm-ncc-sync-data-1.7.21-0.5.1, smdba-1.5-0.6.2.1, spacecmd-1.7.7.12-0.5.1, spacewalk-backend-1.7.38.34-0.5.1, spacewalk-branding-1.7.1.13-0.5.1, spacewalk-java-1.7.54.34-0.5.1, spacewalk-setup-1.7.9.12-0.5.1, susemanager-1.7.30-0.5.2, susemanager-schema-1.7.56.24-0.7.1
all submitted
SUSE-SU-2015:0945-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 922525 CVE References: CVE-2014-8162 Sources used: SUSE Manager Server (src): spacewalk-java-2.1.165.16.1-0.8.1, spacewalk-setup-2.1.14.11-0.9.1
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-06-30. https://swamp.suse.de/webswamp/wf/62011
SUSE-RU-2015:1310-1: An update that has 30 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 859645,869888,873203,895071,895869,914606,915122,918082,919722,922525,922923,926146,926234,926318,927940,929058,930686,931503,931685,932052,932652,932845,933275,933587,933675,933942,934124,934417,934957,935433 CVE References: Sources used: SUSE Manager Server (src): osad-5.11.33.9-0.7.4, python-pyliblzma-0.5.3-0.7.2, rhnpush-5.5.71.8-0.7.5, spacecmd-2.1.25.9-0.7.2, spacewalk-2.1.0.5-0.7.1, spacewalk-backend-2.1.55.18-0.7.4, spacewalk-branding-2.1.33.12-0.7.5, spacewalk-certs-tools-2.1.6.6-0.7.4, spacewalk-client-tools-2.1.16.8-0.7.2, spacewalk-config-2.1.5.6-0.7.5, spacewalk-java-2.1.165.18-0.7.7, spacewalk-reports-2.1.14.9-0.7.4, spacewalk-search-2.1.14.7-0.7.4, spacewalk-setup-2.1.14.12-0.7.1, spacewalksd-5.0.14.8-0.7.4, supportutils-plugin-susemanager-1.0.4-0.5.1, susemanager-2.1.19-0.7.6, susemanager-schema-2.1.50.13-0.7.2, zypp-plugin-spacewalk-0.9.9-0.7.4