RHEL 7:Satellite 6.4 (RHSA-2018:2927)

critical Nessus Plugin ID 118185

概要

遠端 Red Hat 主機缺少一個或多個安全性更新。

說明

遠端 Redhat Enterprise Linux 7 主機已安裝受到多個弱點影響的套件,如 RHSA-2018:2927 公告中所提及。

Red Hat Satellite 是一種適用於 Linux 型基礎結構的系統管理工具。
只要使用一個集中式工具,就可以佈建、遠端管理和監控多個 Linux 部署。

安全性修正:

* jackson-databind:因為不完整的封鎖清單導致不安全的還原序列化 (CVE-2017-7525 的修正不完整) (CVE-2017-15095)

* hornetq:XPath 選取器中的 XXE/SSRF (CVE-2015-3208)

* bouncycastle:GCMBlockCipher 中的資訊洩漏 (CVE-2015-6644)

* bouncycastle:DSA 在簽章驗證期間未完整驗證 ASN.1 編碼,導致插入未簽章的資料 (CVE-2016-1000338)

* bouncycastle:AESFastEngine 類別中的資訊洩漏 (CVE-2016-1000339)

* bouncycastle:透過計時攻擊,DSA 簽章產生中發生資訊洩漏 (CVE-2016-1000341)

* bouncycastle:ECDSA 未正確驗證 ASN.1 簽章的編碼 (CVE-2016-1000342)

* bouncycastle:DHIES 實作允許使用 ECB 模式 (CVE-2016-1000344)

* bouncycastle:DHIES/ECIES CBC 模式易受 padding oracle 攻擊 (CVE-2016-1000345)

* bouncycastle:未完整驗證其他方的 DH 公開金鑰 (CVE-2016-1000346)

* bouncycastle:ECIES 實作允許使用 ECB 模式 (CVE-2016-1000352)

* logback:SocketServer 和 ServerSocketReceiver 中發生序列化弱點 (CVE-2017-5929)

* python-django:透過使用者提供的數值重新導向 URL,造成開放重新導向和可能的 XSS 攻擊 (CVE-2017-7233)

* hibernate-validator:在安全性管理員下執行時發生特權提升 (CVE-2017-7536)

* puppet:puppet-agent 中的環境洩漏 (CVE-2017-10690)

* Satellite 6:探索規則篩選自動完成功能中發生 XSS (CVE-2017-12175)

* foreman:將 XSS 儲存為事實名稱或值 (CVE-2017-15100)

* pulp:透過 API 洩漏的敏感憑證 (CVE-2018-1090)

* foreman:因 widget id 參數不當處理而導致的 SQL 插入攻擊 (CVE-2018-1096)

* foreman:foreman API 洩漏 Ovirt 管理員密碼 (CVE-2018-1097)

* django:透過 'urlize' 和 'urlizetrunc' 造成重大的規則運算式回溯 (CVE-2018-7536)

* django:透過「truncatechars_html」和「truncatewords_html」造成重大的規則運算式回溯 (CVE-2018-7537)

* guava:AtomicDoubleArray 和 CompoundOrdering 類別中無限制的記憶體配置允許遠端攻擊者造成拒絕服務 (CVE-2018-10237)

* bouncycastle:math.raw.Nat? 類別中的進位傳播錯誤 (CVE-2016-1000340)

* bouncycastle:DSA 金鑰組產生器根據預設會產生弱式私密金鑰 (CVE-2016-1000343)

* puppet:解壓縮 tar/mini.rb 中的 tarball 可能會建立具有不安全權限的檔案 (CVE-2017-10689)

* bouncycastle:BKS-V1 keystore 檔案容易發生簡單的雜湊碰撞 (CVE-2018-5382)

如需安全性問題的詳細資料,包括影響、CVSS 分數及其他相關資訊,請參閱〈參照〉一節列出的 CVE 頁面。

Red Hat 感謝 Liao Xinxi (NSFOCUS) 報告 CVE-2017-15095;以及 Django 專案報告 CVE-2017-7233、CVE-2018-7536 和 CVE-2018-7537。CVE-2017-7536 問題由 Gunnar Morling (Red Hat) 所發現,而 CVE-2018-1096 問題由 Martin Povolny (Red Hat) 所發現。Red Hat 也感謝 David Jorm (IIX Product Security) 報告 CVE-2015-3208。

其他變更:

此更新亦可修正數個錯誤,並新增數個增強功能。這些變更的相關文件可從〈參照〉一節中的「版本資訊」文件連結中取得。

Tenable 已直接從 Red Hat Enterprise Linux 安全公告擷取前置描述區塊。

請注意,Nessus 並未測試這些問題,而是僅依據應用程式自我報告的版本號碼作出判斷。

解決方案

更新受影響的套件。

另請參閱

https://bugzilla.redhat.com/show_bug.cgi?id=1060745

https://bugzilla.redhat.com/show_bug.cgi?id=1155817

https://bugzilla.redhat.com/show_bug.cgi?id=1177766

https://bugzilla.redhat.com/show_bug.cgi?id=1197650

https://bugzilla.redhat.com/show_bug.cgi?id=1225252

https://bugzilla.redhat.com/show_bug.cgi?id=1260733

https://bugzilla.redhat.com/show_bug.cgi?id=1265533

https://bugzilla.redhat.com/show_bug.cgi?id=1291730

https://bugzilla.redhat.com/show_bug.cgi?id=1295741

https://bugzilla.redhat.com/show_bug.cgi?id=1312098

https://bugzilla.redhat.com/show_bug.cgi?id=1328707

https://bugzilla.redhat.com/show_bug.cgi?id=1349150

https://bugzilla.redhat.com/show_bug.cgi?id=1356517

https://bugzilla.redhat.com/show_bug.cgi?id=1357256

https://bugzilla.redhat.com/show_bug.cgi?id=1372468

https://bugzilla.redhat.com/show_bug.cgi?id=1372731

https://bugzilla.redhat.com/show_bug.cgi?id=1379291

https://bugzilla.redhat.com/show_bug.cgi?id=1382069

https://bugzilla.redhat.com/show_bug.cgi?id=1386283

https://bugzilla.redhat.com/show_bug.cgi?id=1386908

https://bugzilla.redhat.com/show_bug.cgi?id=1389820

https://bugzilla.redhat.com/show_bug.cgi?id=1400058

https://bugzilla.redhat.com/show_bug.cgi?id=1409485

https://bugzilla.redhat.com/show_bug.cgi?id=1410264

https://bugzilla.redhat.com/show_bug.cgi?id=1410746

https://bugzilla.redhat.com/show_bug.cgi?id=1412596

https://bugzilla.redhat.com/show_bug.cgi?id=1416106

https://bugzilla.redhat.com/show_bug.cgi?id=1417015

https://bugzilla.redhat.com/show_bug.cgi?id=1417130

https://bugzilla.redhat.com/show_bug.cgi?id=1419060

https://bugzilla.redhat.com/show_bug.cgi?id=1425609

https://bugzilla.redhat.com/show_bug.cgi?id=1426739

https://bugzilla.redhat.com/show_bug.cgi?id=1428541

https://bugzilla.redhat.com/show_bug.cgi?id=1430022

https://bugzilla.redhat.com/show_bug.cgi?id=1430742

https://bugzilla.redhat.com/show_bug.cgi?id=1432858

https://bugzilla.redhat.com/show_bug.cgi?id=1435973

https://bugzilla.redhat.com/show_bug.cgi?id=1437234

https://bugzilla.redhat.com/show_bug.cgi?id=1439353

https://bugzilla.redhat.com/show_bug.cgi?id=1443505

https://bugzilla.redhat.com/show_bug.cgi?id=1443804

https://bugzilla.redhat.com/show_bug.cgi?id=1444015

https://bugzilla.redhat.com/show_bug.cgi?id=1449011

https://bugzilla.redhat.com/show_bug.cgi?id=1452772

https://bugzilla.redhat.com/show_bug.cgi?id=1455006

https://bugzilla.redhat.com/show_bug.cgi?id=1455132

https://bugzilla.redhat.com/show_bug.cgi?id=1458383

https://bugzilla.redhat.com/show_bug.cgi?id=1458573

https://bugzilla.redhat.com/show_bug.cgi?id=1458754

https://bugzilla.redhat.com/show_bug.cgi?id=1464219

https://bugzilla.redhat.com/show_bug.cgi?id=1464512

https://bugzilla.redhat.com/show_bug.cgi?id=1465573

https://bugzilla.redhat.com/show_bug.cgi?id=1468354

https://bugzilla.redhat.com/show_bug.cgi?id=1468359

https://bugzilla.redhat.com/show_bug.cgi?id=1470014

https://bugzilla.redhat.com/show_bug.cgi?id=1470761

https://bugzilla.redhat.com/show_bug.cgi?id=1474348

https://bugzilla.redhat.com/show_bug.cgi?id=1475121

https://bugzilla.redhat.com/show_bug.cgi?id=1478849

https://bugzilla.redhat.com/show_bug.cgi?id=1482540

https://bugzilla.redhat.com/show_bug.cgi?id=1483033

https://bugzilla.redhat.com/show_bug.cgi?id=1485805

https://bugzilla.redhat.com/show_bug.cgi?id=1486297

https://bugzilla.redhat.com/show_bug.cgi?id=1486782

https://bugzilla.redhat.com/show_bug.cgi?id=1487710

https://bugzilla.redhat.com/show_bug.cgi?id=1488291

https://bugzilla.redhat.com/show_bug.cgi?id=1489377

https://bugzilla.redhat.com/show_bug.cgi?id=1498588

https://bugzilla.redhat.com/show_bug.cgi?id=1498976

https://bugzilla.redhat.com/show_bug.cgi?id=1500593

https://bugzilla.redhat.com/show_bug.cgi?id=1506612

https://bugzilla.redhat.com/show_bug.cgi?id=1508551

https://bugzilla.redhat.com/show_bug.cgi?id=1515888

https://bugzilla.redhat.com/show_bug.cgi?id=1516623

https://bugzilla.redhat.com/show_bug.cgi?id=1527896

https://bugzilla.redhat.com/show_bug.cgi?id=1536487

https://bugzilla.redhat.com/show_bug.cgi?id=1538448

https://bugzilla.redhat.com/show_bug.cgi?id=1538479

https://bugzilla.redhat.com/show_bug.cgi?id=1539076

https://bugzilla.redhat.com/show_bug.cgi?id=1542850

https://bugzilla.redhat.com/show_bug.cgi?id=1545314

https://bugzilla.redhat.com/show_bug.cgi?id=1549777

https://bugzilla.redhat.com/show_bug.cgi?id=1549779

https://bugzilla.redhat.com/show_bug.cgi?id=1552632

https://bugzilla.redhat.com/show_bug.cgi?id=1553869

https://bugzilla.redhat.com/show_bug.cgi?id=1553994

https://bugzilla.redhat.com/show_bug.cgi?id=1555310

https://bugzilla.redhat.com/show_bug.cgi?id=1557067

https://bugzilla.redhat.com/show_bug.cgi?id=1560035

https://bugzilla.redhat.com/show_bug.cgi?id=1561061

https://bugzilla.redhat.com/show_bug.cgi?id=1561723

https://bugzilla.redhat.com/show_bug.cgi?id=1563749

https://bugzilla.redhat.com/show_bug.cgi?id=1564577

https://bugzilla.redhat.com/show_bug.cgi?id=1566764

http://www.nessus.org/u?8b02c33f

http://www.nessus.org/u?bb4d3bf5

https://access.redhat.com/errata/RHSA-2018:2927

https://access.redhat.com/security/updates/classification/#important

https://bugzilla.redhat.com/show_bug.cgi?id=1052713

https://bugzilla.redhat.com/show_bug.cgi?id=1570808

https://bugzilla.redhat.com/show_bug.cgi?id=1572290

https://bugzilla.redhat.com/show_bug.cgi?id=1572297

https://bugzilla.redhat.com/show_bug.cgi?id=1572305

https://bugzilla.redhat.com/show_bug.cgi?id=1573391

https://bugzilla.redhat.com/show_bug.cgi?id=1579384

https://bugzilla.redhat.com/show_bug.cgi?id=1588313

https://bugzilla.redhat.com/show_bug.cgi?id=1588314

https://bugzilla.redhat.com/show_bug.cgi?id=1588323

https://bugzilla.redhat.com/show_bug.cgi?id=1588327

https://bugzilla.redhat.com/show_bug.cgi?id=1588330

https://bugzilla.redhat.com/show_bug.cgi?id=1588688

https://bugzilla.redhat.com/show_bug.cgi?id=1588695

https://bugzilla.redhat.com/show_bug.cgi?id=1588708

https://bugzilla.redhat.com/show_bug.cgi?id=1588715

https://bugzilla.redhat.com/show_bug.cgi?id=1588721

https://bugzilla.redhat.com/show_bug.cgi?id=1595777

https://bugzilla.redhat.com/show_bug.cgi?id=1608447

Plugin 詳細資訊

嚴重性: Critical

ID: 118185

檔案名稱: redhat-RHSA-2018-2927.nasl

版本: 1.11

類型: local

代理程式: unix

已發布: 2018/10/18

已更新: 2025/3/16

支援的感應器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

風險資訊

VPR

風險因素: Medium

分數: 6.7

Vendor

Vendor Severity: Important

CVSS v2

風險因素: High

基本分數: 7.5

時間性分數: 5.9

媒介: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS 評分資料來源: CVE-2017-5929

CVSS v3

風險因素: Critical

基本分數: 9.8

時間性分數: 8.8

媒介: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

時間媒介: CVSS:3.0/E:P/RL:O/RC:C

弱點資訊

CPE: p-cpe:/a:redhat:enterprise_linux:rubygem-highline, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-domain_name, p-cpe:/a:redhat:enterprise_linux:foreman-journald, p-cpe:/a:redhat:enterprise_linux:python-twisted-core, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fast_gettext, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_hooks, p-cpe:/a:redhat:enterprise_linux:qpid-tools, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-ssh-krb, p-cpe:/a:redhat:enterprise_linux:foreman-gce, p-cpe:/a:redhat:enterprise_linux:python-pymongo-gridfs, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-google, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sexp_processor, p-cpe:/a:redhat:enterprise_linux:rubygem-rack, p-cpe:/a:redhat:enterprise_linux:satellite, p-cpe:/a:redhat:enterprise_linux:rubygem-passenger-native, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-coffee-rails, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-dynflow, p-cpe:/a:redhat:enterprise_linux:foreman-ec2, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-websocket-driver, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_katello, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-concurrent-ruby, p-cpe:/a:redhat:enterprise_linux:katello-service, p-cpe:/a:redhat:enterprise_linux:python-crane, p-cpe:/a:redhat:enterprise_linux:python-qpid-qmf, p-cpe:/a:redhat:enterprise_linux:qpid-dispatch-tools, p-cpe:/a:redhat:enterprise_linux:foreman-ovirt, p-cpe:/a:redhat:enterprise_linux:python2-vine, p-cpe:/a:redhat:enterprise_linux:rubygem-passenger-native-libs, p-cpe:/a:redhat:enterprise_linux:livecd-tools, p-cpe:/a:redhat:enterprise_linux:mongodb-server, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-journald-native, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ruby_parser, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-qpid_messaging, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog, p-cpe:/a:redhat:enterprise_linux:katello, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-roadie-rails, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rack-jsonp, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_dynflow_core, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-katello, p-cpe:/a:redhat:enterprise_linux:rubygem-gssapi, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_ansible_core, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-bastion, p-cpe:/a:redhat:enterprise_linux:gofer, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-bundler_ext, p-cpe:/a:redhat:enterprise_linux:foreman-telemetry, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_discovery_image, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-loofah, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ovirt-engine-sdk, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-locale, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-sprockets, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-safemode, p-cpe:/a:redhat:enterprise_linux:v8, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-rack-test, p-cpe:/a:redhat:enterprise_linux:foreman-postgresql, p-cpe:/a:redhat:enterprise_linux:rubygem-multi_json, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-sprockets-rails, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rails-i18n, p-cpe:/a:redhat:enterprise_linux:satellite-debug-tools, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-runcible, p-cpe:/a:redhat:enterprise_linux:python-jinja2, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-mustermann, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-redhat_access_lib, p-cpe:/a:redhat:enterprise_linux:libwebsockets, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unf, p-cpe:/a:redhat:enterprise_linux:rubygem-rack-protection, p-cpe:/a:redhat:enterprise_linux:foreman-installer, p-cpe:/a:redhat:enterprise_linux:puppetserver, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-audited, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rbvmomi, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-diffy, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-actionpack, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-statsd-instrument, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-client, p-cpe:/a:redhat:enterprise_linux:repoview, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_tasks, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-core, p-cpe:/a:redhat:enterprise_linux:pulp-server, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-ovirt, p-cpe:/a:redhat:enterprise_linux:katello-installer-base, p-cpe:/a:redhat:enterprise_linux:soappy, p-cpe:/a:redhat:enterprise_linux:mod_xsendfile, p-cpe:/a:redhat:enterprise_linux:tfm-ror51, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-rails-html-sanitizer, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-secure_headers, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-sinatra, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-tilt, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-record_tag_helper, p-cpe:/a:redhat:enterprise_linux:python-simplejson, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-xml, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_virt_who_configure, p-cpe:/a:redhat:enterprise_linux:katello-selinux, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-netrc, p-cpe:/a:redhat:enterprise_linux:rubygem-kafo_wizards, p-cpe:/a:redhat:enterprise_linux:rubygem-rake, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-websocket-extensions, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-client-devel, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-retriable, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-polyglot, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-concurrent-ruby-edge, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-multipart-post, p-cpe:/a:redhat:enterprise_linux:python-fpconst, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-git, p-cpe:/a:redhat:enterprise_linux:pulp-nodes-common, p-cpe:/a:redhat:enterprise_linux:pulp-ostree, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-thor, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ipaddress, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman, p-cpe:/a:redhat:enterprise_linux:puppetlabs-stdlib, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-scoped_search, p-cpe:/a:redhat:enterprise_linux:pulp-docker-admin-extensions, p-cpe:/a:redhat:enterprise_linux:pulp-admin-client, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-digitalocean, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-builder, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-mime-types, p-cpe:/a:redhat:enterprise_linux:pulp-puppet-tools, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-deacon, p-cpe:/a:redhat:enterprise_linux:qpid-cpp, p-cpe:/a:redhat:enterprise_linux:python-pulp-ostree-common, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-formatador, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ovirt_provision_plugin, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-launchy, p-cpe:/a:redhat:enterprise_linux:rubygem-kafo, p-cpe:/a:redhat:enterprise_linux:qpid-qmf, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unicode, p-cpe:/a:redhat:enterprise_linux:satellite-cli, p-cpe:/a:redhat:enterprise_linux:rubygem-rb-inotify, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-deface, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-clamp, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pg, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-will_paginate, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-turbolinks, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-x-editable-rails, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_docker, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unf_ext, p-cpe:/a:redhat:enterprise_linux:redhat-access-insights-puppet, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-trollop, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ancestry, p-cpe:/a:redhat:enterprise_linux:pulp, p-cpe:/a:redhat:enterprise_linux:rubygem-ffi, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-signet, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-google-api-client, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_discovery, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-get_process_mem, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-oauth, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-mime-types-data, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-apipie-params, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-rails-dom-testing, p-cpe:/a:redhat:enterprise_linux:foreman-libvirt, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-scp, p-cpe:/a:redhat:enterprise_linux:rubygem-oauth, p-cpe:/a:redhat:enterprise_linux:puppet-foreman_scap_client, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-activemodel, p-cpe:/a:redhat:enterprise_linux:foreman, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-excon, p-cpe:/a:redhat:enterprise_linux:katello-common, p-cpe:/a:redhat:enterprise_linux:liquibase, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-server, p-cpe:/a:redhat:enterprise_linux:pulp-nodes-parent, p-cpe:/a:redhat:enterprise_linux:python-kombu, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-actionview, p-cpe:/a:redhat:enterprise_linux:qpid-dispatch, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sshkey, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-deep_cloneable, p-cpe:/a:redhat:enterprise_linux:rubygem-little-plugger, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-xenserver, p-cpe:/a:redhat:enterprise_linux:rubygem-ansi, p-cpe:/a:redhat:enterprise_linux:qpid-proton, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rest-client, p-cpe:/a:redhat:enterprise_linux:python-nectar, p-cpe:/a:redhat:enterprise_linux:foreman-selinux, p-cpe:/a:redhat:enterprise_linux:python-saslwrapper, p-cpe:/a:redhat:enterprise_linux:mod_passenger, p-cpe:/a:redhat:enterprise_linux:puppet-agent-oauth, p-cpe:/a:redhat:enterprise_linux:rubygem-mime-types, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ldap_fluff, p-cpe:/a:redhat:enterprise_linux:createrepo_c, p-cpe:/a:redhat:enterprise_linux:foreman-compute, p-cpe:/a:redhat:enterprise_linux:rubygem-sinatra, p-cpe:/a:redhat:enterprise_linux:satellite-installer, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_discovery, p-cpe:/a:redhat:enterprise_linux:python-isodate, p-cpe:/a:redhat:enterprise_linux:katello-debug, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_dhcp_remote_isc, p-cpe:/a:redhat:enterprise_linux:pulp-puppet-admin-extensions, p-cpe:/a:redhat:enterprise_linux:python-kid, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-http-cookie, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-passenger-native-libs, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rbovirt, p-cpe:/a:redhat:enterprise_linux:python-oauth2, p-cpe:/a:redhat:enterprise_linux:puppet-agent, p-cpe:/a:redhat:enterprise_linux:katello-client-bootstrap, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_pulp, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_virt_who_configure, p-cpe:/a:redhat:enterprise_linux:python-pulp-common, p-cpe:/a:redhat:enterprise_linux:python2-django, p-cpe:/a:redhat:enterprise_linux:python2-billiard, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-redhat_access, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-execjs, p-cpe:/a:redhat:enterprise_linux:yaml-cpp, p-cpe:/a:redhat:enterprise_linux:python2-amqp, p-cpe:/a:redhat:enterprise_linux:rubygem-kafo_parsers, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-passenger-native, p-cpe:/a:redhat:enterprise_linux:saslwrapper, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman-tasks-core, p-cpe:/a:redhat:enterprise_linux:ostree, p-cpe:/a:redhat:enterprise_linux:python-pulp-streamer, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-facter, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-coffee-script, p-cpe:/a:redhat:enterprise_linux:python-twisted-web, p-cpe:/a:redhat:enterprise_linux:python-pulp-client-lib, p-cpe:/a:redhat:enterprise_linux:python-pulp-integrity, p-cpe:/a:redhat:enterprise_linux:foreman-proxy-content, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-apipie-rails, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-mini_mime, p-cpe:/a:redhat:enterprise_linux:python-amqp, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-daemons, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-jwt, p-cpe:/a:redhat:enterprise_linux:python-pulp-rpm-common, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_templates, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_openscap, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_bootdisk, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-validates_lengths_from_database, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activerecord-session_store, p-cpe:/a:redhat:enterprise_linux:rubygem-netrc, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hashie, p-cpe:/a:redhat:enterprise_linux:candlepin, p-cpe:/a:redhat:enterprise_linux:python-imgcreate, p-cpe:/a:redhat:enterprise_linux:rubygem-hashie, p-cpe:/a:redhat:enterprise_linux:foreman-rackspace, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-i18n, p-cpe:/a:redhat:enterprise_linux:pcp-mmvstatsd, p-cpe:/a:redhat:enterprise_linux:rubygem-openscap, p-cpe:/a:redhat:enterprise_linux:pulp-maintenance, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-nokogiri, p-cpe:/a:redhat:enterprise_linux:rubygem-powerbar, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman-tasks, p-cpe:/a:redhat:enterprise_linux:pulp-rpm-plugins, p-cpe:/a:redhat:enterprise_linux:python-gofer-qpid, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-robotex, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_remote_execution, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-powerbar, p-cpe:/a:redhat:enterprise_linux:python-mongoengine, p-cpe:/a:redhat:enterprise_linux:rubygem-rkerberos, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-libvirt, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-useragent, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-globalid, p-cpe:/a:redhat:enterprise_linux:python-zope-interface, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-angular-rails-templates, p-cpe:/a:redhat:enterprise_linux:rubygem-rubyipmi, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_dynflow, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_openscap, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-docker-api, p-cpe:/a:redhat:enterprise_linux:ansiblerole-insights-client, p-cpe:/a:redhat:enterprise_linux:pulp-katello, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-tzinfo, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-erubi, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_docker, p-cpe:/a:redhat:enterprise_linux:pulp-rpm-admin-extensions, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-rails, p-cpe:/a:redhat:enterprise_linux:rubygem-facter, p-cpe:/a:redhat:enterprise_linux:foreman-bootloaders-redhat-tftpboot, p-cpe:/a:redhat:enterprise_linux:rubygem-tilt, p-cpe:/a:redhat:enterprise_linux:python2-celery, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-runtime, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-responders, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-method_source, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sequel, p-cpe:/a:redhat:enterprise_linux:python-celery, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ffi, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-addressable, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-faraday, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-actioncable, p-cpe:/a:redhat:enterprise_linux:pulp-rpm, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_remote_execution, p-cpe:/a:redhat:enterprise_linux:satellite-common, p-cpe:/a:redhat:enterprise_linux:pulp-selinux, p-cpe:/a:redhat:enterprise_linux:python-vine, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ruby2ruby, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-friendly_id, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-vsphere, p-cpe:/a:redhat:enterprise_linux:rubygem-passenger, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-journald-logger, p-cpe:/a:redhat:enterprise_linux:python-pymongo, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_csv, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-openstack, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-rackspace, p-cpe:/a:redhat:enterprise_linux:hfsplus-tools, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-jgrep, p-cpe:/a:redhat:enterprise_linux:rubygem-rest-client, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_bootdisk, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-actionmailer, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-activejob, p-cpe:/a:redhat:enterprise_linux:python-blinker, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-rack, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman-redhat_access, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_ansible, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-sqlite3, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-ping, p-cpe:/a:redhat:enterprise_linux:rubygem-concurrent-ruby, p-cpe:/a:redhat:enterprise_linux:rubygem-fast_gettext, p-cpe:/a:redhat:enterprise_linux:rubygem-logging, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-wicked, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-webpack-rails, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-rack-protection, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-nio4r, p-cpe:/a:redhat:enterprise_linux:foreman-bootloaders-redhat, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-highline, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unicode-display_width, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-anemone, p-cpe:/a:redhat:enterprise_linux:candlepin-selinux, p-cpe:/a:redhat:enterprise_linux:rubygem-rsec, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-extlib, p-cpe:/a:redhat:enterprise_linux:python-django, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-activesupport, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-css_parser, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-autoparse, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-activerecord, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-json, p-cpe:/a:redhat:enterprise_linux:python-bson, p-cpe:/a:redhat:enterprise_linux:python-gnupg, p-cpe:/a:redhat:enterprise_linux:libstemmer, p-cpe:/a:redhat:enterprise_linux:foreman-vmware, p-cpe:/a:redhat:enterprise_linux:rubygem-newt, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-gettext_i18n_rails, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-gssapi, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-roadie, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rabl, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_templates, p-cpe:/a:redhat:enterprise_linux:python2-kombu, p-cpe:/a:redhat:enterprise_linux:pulp-ostree-plugins, p-cpe:/a:redhat:enterprise_linux:pulp-docker, p-cpe:/a:redhat:enterprise_linux:createrepo_c-libs, p-cpe:/a:redhat:enterprise_linux:python-okaara, p-cpe:/a:redhat:enterprise_linux:python-pulp-puppet-common, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-apipie-bindings, p-cpe:/a:redhat:enterprise_linux:pulp-nodes-child, p-cpe:/a:redhat:enterprise_linux:python-werkzeug, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-thread_safe, p-cpe:/a:redhat:enterprise_linux:python-pulp-oid_validation, p-cpe:/a:redhat:enterprise_linux:rubygem-bundler_ext, p-cpe:/a:redhat:enterprise_linux:pulp-docker-plugins, p-cpe:/a:redhat:enterprise_linux:tfm-runtime, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-little-plugger, p-cpe:/a:redhat:enterprise_linux:python-gofer, p-cpe:/a:redhat:enterprise_linux:python-anyjson, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_remote_execution_ssh, p-cpe:/a:redhat:enterprise_linux:python-billiard, p-cpe:/a:redhat:enterprise_linux:foreman-proxy, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-logging, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-passenger, p-cpe:/a:redhat:enterprise_linux:python-semantic_version, p-cpe:/a:redhat:enterprise_linux:python-pulp-agent-lib, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rainbow, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-quantile, p-cpe:/a:redhat:enterprise_linux:python-pulp-repoauth, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-railties, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_ansible, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-parse-cron, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_ansible, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-awesome_print, p-cpe:/a:redhat:enterprise_linux:python-pulp-bindings, p-cpe:/a:redhat:enterprise_linux:mongodb, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-coffee-script-source, p-cpe:/a:redhat:enterprise_linux:kobo, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_admin, p-cpe:/a:redhat:enterprise_linux:qpid-proton-c, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_discovery, p-cpe:/a:redhat:enterprise_linux:foreman-openstack, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-arel, p-cpe:/a:redhat:enterprise_linux:python-qpid-proton, p-cpe:/a:redhat:enterprise_linux:python-pulp-docker-common, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_openscap, p-cpe:/a:redhat:enterprise_linux:tfm, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-server-linearstore, p-cpe:/a:redhat:enterprise_linux:qpid-dispatch-router, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-aws, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-algebrick, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-crass, p-cpe:/a:redhat:enterprise_linux:pulp-ostree-admin-extensions, p-cpe:/a:redhat:enterprise_linux:pulp-puppet-plugins, p-cpe:/a:redhat:enterprise_linux:python-flask, p-cpe:/a:redhat:enterprise_linux:python-itsdangerous, p-cpe:/a:redhat:enterprise_linux:pulp-puppet, p-cpe:/a:redhat:enterprise_linux:python-qpid, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-mail, p-cpe:/a:redhat:enterprise_linux:katello-certs-tools, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-multi_json, p-cpe:/a:redhat:enterprise_linux:foreman-debug, p-cpe:/a:redhat:enterprise_linux:rubygem-foreman_scap_client, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_remote_execution_core, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-ssh, p-cpe:/a:redhat:enterprise_linux:satellite-capsule, p-cpe:/a:redhat:enterprise_linux:foreman-installer-katello, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-logging-journald, p-cpe:/a:redhat:enterprise_linux:rubygem-clamp, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ruby-libvirt, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_theme_satellite, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-ldap, p-cpe:/a:redhat:enterprise_linux:foreman-cli, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-prometheus-client

必要的 KB 項目: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

可被惡意程式利用: true

可輕鬆利用: Exploits are available

修補程式發佈日期: 2018/10/16

弱點發布日期: 2016/1/6

參考資訊

CVE: CVE-2015-3208, CVE-2015-6644, CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340, CVE-2016-1000341, CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344, CVE-2016-1000345, CVE-2016-1000346, CVE-2016-1000352, CVE-2017-10689, CVE-2017-10690, CVE-2017-12175, CVE-2017-15095, CVE-2017-15100, CVE-2017-5929, CVE-2017-7233, CVE-2017-7536, CVE-2018-10237, CVE-2018-1090, CVE-2018-1096, CVE-2018-1097, CVE-2018-5382, CVE-2018-6188, CVE-2018-7536, CVE-2018-7537

CWE: 119, 184, 200, 203, 209, 284, 295, 325, 327, 338, 385, 400, 502, 611, 682, 79, 89

RHSA: 2018:2927