RHEL 6 / 7 / 8：Red Hat Satellite Tools (RHSA-2019:1223)

high Nessus Plugin ID 125053

語系：

概要

遠端 Red Hat 主機缺少一個或多個安全性更新。

說明

現已提供適用於 Satellite Tools 6.5 的更新。Red Hat 產品安全性團隊已將此更新評等為具有重要安全性影響。可從〈參照〉一節的 CVE 連結中取得每個弱點之常見弱點評分系統 (CVSS) 的基本分數，其中包含有關嚴重性評等的詳細資訊。Red Hat Satellite 是一種適用於 Linux 型基礎結構的系統管理工具。只要使用一個集中式工具，就可以佈建、遠端管理和監控多個 Linux 部署。此更新提供 Satellite 6.5 Tools 存放庫。如需瞭解 Satellite 6.5 提供的新功能完整清單，請參閱〈參照〉一節連結的版本資訊。請參閱《Satellite 6 安裝指南》瞭解如何安裝新 Satellite 6.5 環境的詳細指示，或參閱《Satellite 6 升級和更新指南》瞭解如何升級舊版 Satellite 6 的詳細指示。建議所有需使用 Satellite 6.5 版的使用者安裝這些新套件。安全性修正：* qpid-dispatch-router：QMF 方法存在 goferd 透過 qdrouterd 連線的漏洞 (CVE-2019-3845) 如需安全性問題的詳細資料，包括影響、CVSS 分數、致謝及其他相關資訊，請參閱〈參照〉一節列出的 CVE 頁面。

解決方案

更新受影響的套件。

另請參閱

http://www.nessus.org/u?636ca610

https://access.redhat.com/errata/RHSA-2019:1223

https://access.redhat.com/security/cve/cve-2019-3845

Plugin 詳細資訊

嚴重性: High

ID: 125053

檔案名稱: redhat-RHSA-2019-1223.nasl

版本: 1.6

類型: local

代理程式: unix

系列: Red Hat Local Security Checks

已發布: 2019/5/14

已更新: 2022/2/1

支援的感應器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

風險資訊

VPR

風險因素: Medium

分數: 5.9

CVSS v2

風險因素: Medium

基本分數: 5.2

時間分數: 3.8

媒介: CVSS2#AV:A/AC:L/Au:S/C:P/I:P/A:P

CVSS 評分資料來源: CVE-2019-3845

CVSS v3

風險因素: High

基本分數: 8

時間分數: 7

媒介: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

時間媒介: CVSS:3.0/E:U/RL:O/RC:C

弱點資訊

CPE: p-cpe:/a:redhat:enterprise_linux:foreman-cli, p-cpe:/a:redhat:enterprise_linux:gofer, p-cpe:/a:redhat:enterprise_linux:katello-agent, p-cpe:/a:redhat:enterprise_linux:katello-host-tools, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-awesome_print, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-clamp, p-cpe:/a:redhat:enterprise_linux:katello-host-tools-fact-plugin, p-cpe:/a:redhat:enterprise_linux:katello-host-tools-tracer, p-cpe:/a:redhat:enterprise_linux:openscap, p-cpe:/a:redhat:enterprise_linux:openscap-debuginfo, p-cpe:/a:redhat:enterprise_linux:openscap-scanner, p-cpe:/a:redhat:enterprise_linux:pulp-puppet-tools, p-cpe:/a:redhat:enterprise_linux:pulp-rpm-handlers, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-domain_name, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fast_gettext, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_csv, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_admin, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_ansible, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_bootdisk, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_discovery, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_docker, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_openscap, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_remote_execution, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_tasks, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_templates, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_virt_who_configure, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_katello, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hashie, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-highline, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-http-cookie, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-little-plugger, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-locale, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-logging, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-netrc, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-oauth, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-powerbar, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rest-client, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unf, p-cpe:/a:redhat:enterprise_linux:puppet-agent, p-cpe:/a:redhat:enterprise_linux:python-argcomplete, p-cpe:/a:redhat:enterprise_linux:python-gofer, p-cpe:/a:redhat:enterprise_linux:python-gofer-proton, p-cpe:/a:redhat:enterprise_linux:python-hashlib, p-cpe:/a:redhat:enterprise_linux:python-hashlib-debuginfo, p-cpe:/a:redhat:enterprise_linux:python-isodate, p-cpe:/a:redhat:enterprise_linux:python-psutil, p-cpe:/a:redhat:enterprise_linux:python-psutil-debuginfo, p-cpe:/a:redhat:enterprise_linux:python-psutil-debugsource, p-cpe:/a:redhat:enterprise_linux:python-pulp-agent-lib, p-cpe:/a:redhat:enterprise_linux:python-pulp-common, p-cpe:/a:redhat:enterprise_linux:python-pulp-manifest, p-cpe:/a:redhat:enterprise_linux:python-pulp-puppet-common, p-cpe:/a:redhat:enterprise_linux:python-pulp-rpm-common, p-cpe:/a:redhat:enterprise_linux:python-qpid-proton, p-cpe:/a:redhat:enterprise_linux:python-uuid, p-cpe:/a:redhat:enterprise_linux:python2-beautifulsoup4, p-cpe:/a:redhat:enterprise_linux:python2-future, p-cpe:/a:redhat:enterprise_linux:python2-tracer, p-cpe:/a:redhat:enterprise_linux:python3-beautifulsoup4, p-cpe:/a:redhat:enterprise_linux:python3-future, p-cpe:/a:redhat:enterprise_linux:python3-gofer, p-cpe:/a:redhat:enterprise_linux:python3-gofer-proton, p-cpe:/a:redhat:enterprise_linux:python3-psutil, p-cpe:/a:redhat:enterprise_linux:python3-psutil-debuginfo, p-cpe:/a:redhat:enterprise_linux:python3-qpid-proton, p-cpe:/a:redhat:enterprise_linux:python3-qpid-proton-debuginfo, p-cpe:/a:redhat:enterprise_linux:python3-tracer, p-cpe:/a:redhat:enterprise_linux:qpid-proton-c, p-cpe:/a:redhat:enterprise_linux:qpid-proton-c-debuginfo, p-cpe:/a:redhat:enterprise_linux:qpid-proton-cpp-debuginfo, p-cpe:/a:redhat:enterprise_linux:qpid-proton-debuginfo, p-cpe:/a:redhat:enterprise_linux:qpid-proton-debugsource, p-cpe:/a:redhat:enterprise_linux:rubygem-foreman_scap_client, p-cpe:/a:redhat:enterprise_linux:rubygem-json, p-cpe:/a:redhat:enterprise_linux:rubygem-json-debuginfo, p-cpe:/a:redhat:enterprise_linux:rubygems, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-mime-types, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-mime-types-data, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-multi_json, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-runtime, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-apipie-bindings, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unf_ext-debuginfo, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unicode, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unicode-debuginfo, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unicode-display_width, p-cpe:/a:redhat:enterprise_linux:tfm-runtime, p-cpe:/a:redhat:enterprise_linux:tracer-common, cpe:/o:redhat:enterprise_linux:5, cpe:/o:redhat:enterprise_linux:5.9, cpe:/o:redhat:enterprise_linux:6, cpe:/o:redhat:enterprise_linux:6.4, cpe:/o:redhat:enterprise_linux:6.5, cpe:/o:redhat:enterprise_linux:6.6, cpe:/o:redhat:enterprise_linux:7, cpe:/o:redhat:enterprise_linux:7.2, cpe:/o:redhat:enterprise_linux:7.3, cpe:/o:redhat:enterprise_linux:7.4, cpe:/o:redhat:enterprise_linux:7.5, cpe:/o:redhat:enterprise_linux:7.6, cpe:/o:redhat:enterprise_linux:8, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unf_ext

必要的 KB 項目: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

可輕鬆利用: No known exploits are available

修補程式發佈日期: 2019/5/14

弱點發布日期: 2019/4/11

參考資訊

CVE: CVE-2019-3845

RHSA: 2019:1223