RHEL 6 : Satellite Server (RHSA-2015:1592)
medium Nessus Plugin ID 85716
語系:
概要
遠端 Red Hat 主機缺少一個或多個安全性更新。說明
現已提供適用於 Red Hat Enterprise Linux 6 的 Red Hat Satellite 6.1。Red Hat 產品安全性團隊已將此更新評等為具有重要安全性影響。可針對每個弱點從〈參照〉一節的 CVE 連結中取得常見弱點評分系統 (CVSS) 的基本分數,其中包含有關嚴重性評等的詳細資訊。
Red Hat Satellite 是一套系統管理解決方案,讓組織無須為其伺服器或其他用戶端系統提供公共網際網路存取,就可以設定和維護系統。可執行預先定義標準作業環境的佈建和組態管理。
此更新提供適用於 Red Hat Enterprise Linux 6 的 Satellite 6.1 套件。如需瞭解 Satellite 6.1 提供的新功能完整清單,請參閱〈參照〉一節連結的版本資訊。(BZ#1201357)
據發現,在 Foreman 中,edit_users 權限 (例如授予管理員角色的權限) 允許使用者編輯系統管理員使用者密碼。具有 edit_users 權限的攻擊者可利用此瑕疵存取系統管理員使用者帳戶,進而導致權限提升。(CVE-2015-3235)
據發現,Foreman 並未對工作階段 cookie 設定 HttpOnly 旗標。這可能允許惡意指令碼存取工作階段 cookie。(CVE-2015-3155)
據發現,在 Foreman 中建立 LDAP 驗證來源的 SSL 連線時,系統沒有針對已知憑證授權單位執行任何驗證,即接受了遠端伺服器憑證,這可能導致 TLS 連線容易受到攔截式攻擊影響。(CVE-2015-1816)
當組織未明確設定時,在 Foreman 透過 API 授權使用者對資源採取動作的方式中發現一個瑕疵。遠端攻擊者可利用此瑕疵,取得其未獲授權存取的資源之其他相關資訊。(CVE-2015-1844)
在 Foreman 的範本預覽畫面中發現一個跨網站指令碼 (XSS) 瑕疵。遠端攻擊者可利用此瑕疵,誘騙使用者檢視惡意的範本,藉此發動跨網站指令碼攻擊。請注意,範本常在使用者間共用。(CVE-2014-3653)
據發現,python-oauth2 並未正確驗證已簽署 URL 的 nonce。攻擊者若能擷取使用 OAuth2 驗證的網站之網路流量,就可利用此瑕疵對該網站發動重播攻擊。(CVE-2013-4346)
據發現,python-oauth2 並未正確產生用於 nonce 中的隨機值。攻擊者若能擷取使用 OAuth2 驗證的網站之網路流量,就可利用此瑕疵對該網站發動重播攻擊。(CVE-2013-4347)
Red Hat 要感謝 Coresec 的 Rufus Järnefelt 報告 Foreman HttpOnly 問題。
建議所有需要 Satellite 6.1 的使用者安裝這些新套件。
解決方案
更新受影響的套件。另請參閱
https://access.redhat.com/errata/RHSA-2015:1592
https://access.redhat.com/security/cve/cve-2013-4346
https://access.redhat.com/security/cve/cve-2013-4347
https://access.redhat.com/security/cve/cve-2014-3653
https://access.redhat.com/security/cve/cve-2015-1816
https://access.redhat.com/security/cve/cve-2015-1844
Plugin 詳細資訊
嚴重性: Medium
ID: 85716
檔案名稱: redhat-RHSA-2015-1592.nasl
版本: 2.10
類型: local
代理程式: unix
已發布: 2015/9/1
已更新: 2019/10/24
支援的感應器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
風險資訊
VPR
風險因素: Medium
分數: 5.5
CVSS v2
風險因素: Medium
基本分數: 6
時間分數: 4.4
媒介: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P
弱點資訊
CPE: p-cpe:/a:redhat:enterprise_linux:aopalliance, p-cpe:/a:redhat:enterprise_linux:apache-commons-codec-eap6, p-cpe:/a:redhat:enterprise_linux:apache-mime4j, p-cpe:/a:redhat:enterprise_linux:atinject, p-cpe:/a:redhat:enterprise_linux:istack-commons, p-cpe:/a:redhat:enterprise_linux:bcmail, p-cpe:/a:redhat:enterprise_linux:bcpg, p-cpe:/a:redhat:enterprise_linux:bcprov, p-cpe:/a:redhat:enterprise_linux:bctsp, p-cpe:/a:redhat:enterprise_linux:bouncycastle, p-cpe:/a:redhat:enterprise_linux:c3p0, p-cpe:/a:redhat:enterprise_linux:candlepin, p-cpe:/a:redhat:enterprise_linux:candlepin-common, p-cpe:/a:redhat:enterprise_linux:candlepin-scl, p-cpe:/a:redhat:enterprise_linux:candlepin-scl-quartz, p-cpe:/a:redhat:enterprise_linux:candlepin-scl-rhino, p-cpe:/a:redhat:enterprise_linux:candlepin-scl-runtime, p-cpe:/a:redhat:enterprise_linux:candlepin-selinux, p-cpe:/a:redhat:enterprise_linux:candlepin-tomcat6, p-cpe:/a:redhat:enterprise_linux:createrepo_c, p-cpe:/a:redhat:enterprise_linux:createrepo_c-debuginfo, p-cpe:/a:redhat:enterprise_linux:createrepo_c-libs, p-cpe:/a:redhat:enterprise_linux:dom4j, p-cpe:/a:redhat:enterprise_linux:elasticsearch, p-cpe:/a:redhat:enterprise_linux:facter, p-cpe:/a:redhat:enterprise_linux:facter-debuginfo, p-cpe:/a:redhat:enterprise_linux:fasterxml-oss-parent, p-cpe:/a:redhat:enterprise_linux:foreman, p-cpe:/a:redhat:enterprise_linux:foreman-compute, p-cpe:/a:redhat:enterprise_linux:foreman-debug, p-cpe:/a:redhat:enterprise_linux:foreman-discovery-image, p-cpe:/a:redhat:enterprise_linux:foreman-gce, p-cpe:/a:redhat:enterprise_linux:foreman-libvirt, p-cpe:/a:redhat:enterprise_linux:foreman-ovirt, p-cpe:/a:redhat:enterprise_linux:foreman-postgresql, p-cpe:/a:redhat:enterprise_linux:foreman-proxy, p-cpe:/a:redhat:enterprise_linux:foreman-selinux, p-cpe:/a:redhat:enterprise_linux:foreman-vmware, p-cpe:/a:redhat:enterprise_linux:gettext-commons, p-cpe:/a:redhat:enterprise_linux:glassfish-jaf, p-cpe:/a:redhat:enterprise_linux:glassfish-javamail, p-cpe:/a:redhat:enterprise_linux:gofer, p-cpe:/a:redhat:enterprise_linux:google-collections, p-cpe:/a:redhat:enterprise_linux:google-guice, p-cpe:/a:redhat:enterprise_linux:gperftools-debuginfo, p-cpe:/a:redhat:enterprise_linux:gperftools-libs, p-cpe:/a:redhat:enterprise_linux:gutterball, p-cpe:/a:redhat:enterprise_linux:hibernate-beanvalidation-api, p-cpe:/a:redhat:enterprise_linux:hibernate-jpa-2.0-api, p-cpe:/a:redhat:enterprise_linux:hibernate3-commons-annotations, p-cpe:/a:redhat:enterprise_linux:hibernate4-c3p0, p-cpe:/a:redhat:enterprise_linux:hibernate4-core, p-cpe:/a:redhat:enterprise_linux:hibernate4-entitymanager, p-cpe:/a:redhat:enterprise_linux:hibernate4-validator, p-cpe:/a:redhat:enterprise_linux:hiera, p-cpe:/a:redhat:enterprise_linux:hornetq, p-cpe:/a:redhat:enterprise_linux:httpclient, p-cpe:/a:redhat:enterprise_linux:httpcomponents-client, p-cpe:/a:redhat:enterprise_linux:httpcomponents-core, p-cpe:/a:redhat:enterprise_linux:istack-commons-runtime, p-cpe:/a:redhat:enterprise_linux:jackson-annotations, p-cpe:/a:redhat:enterprise_linux:jackson-core, p-cpe:/a:redhat:enterprise_linux:jackson-databind, p-cpe:/a:redhat:enterprise_linux:jackson-datatype-hibernate-parent, p-cpe:/a:redhat:enterprise_linux:jackson-datatype-hibernate4, p-cpe:/a:redhat:enterprise_linux:jackson-jaxrs-base, p-cpe:/a:redhat:enterprise_linux:jackson-jaxrs-json-provider, p-cpe:/a:redhat:enterprise_linux:httpcomponents-project, p-cpe:/a:redhat:enterprise_linux:httpcore, p-cpe:/a:redhat:enterprise_linux:ipxe-bootimgs, p-cpe:/a:redhat:enterprise_linux:jackson-jaxrs-providers, p-cpe:/a:redhat:enterprise_linux:jackson-module-jaxb-annotations, p-cpe:/a:redhat:enterprise_linux:javassist, p-cpe:/a:redhat:enterprise_linux:jaxb-impl, p-cpe:/a:redhat:enterprise_linux:jaxb-project, p-cpe:/a:redhat:enterprise_linux:jboss-common-core, p-cpe:/a:redhat:enterprise_linux:jboss-jaxb-api_2.2_spec, p-cpe:/a:redhat:enterprise_linux:jboss-logging, p-cpe:/a:redhat:enterprise_linux:jboss-specs-parent, p-cpe:/a:redhat:enterprise_linux:jboss-transaction-api_1.1_spec, p-cpe:/a:redhat:enterprise_linux:jbossts, p-cpe:/a:redhat:enterprise_linux:jcl-over-slf4j, p-cpe:/a:redhat:enterprise_linux:jsr311-api, p-cpe:/a:redhat:enterprise_linux:katello, p-cpe:/a:redhat:enterprise_linux:katello-agent, p-cpe:/a:redhat:enterprise_linux:katello-certs-tools, p-cpe:/a:redhat:enterprise_linux:katello-common, p-cpe:/a:redhat:enterprise_linux:katello-debug, p-cpe:/a:redhat:enterprise_linux:katello-installer, p-cpe:/a:redhat:enterprise_linux:katello-installer-base, p-cpe:/a:redhat:enterprise_linux:katello-service, p-cpe:/a:redhat:enterprise_linux:katello-utils, p-cpe:/a:redhat:enterprise_linux:libmongodb, p-cpe:/a:redhat:enterprise_linux:libqpid-dispatch, p-cpe:/a:redhat:enterprise_linux:liquibase, p-cpe:/a:redhat:enterprise_linux:livecd-tools, p-cpe:/a:redhat:enterprise_linux:logback-classic, p-cpe:/a:redhat:enterprise_linux:logback-core, p-cpe:/a:redhat:enterprise_linux:logback-parent, p-cpe:/a:redhat:enterprise_linux:lucene4, p-cpe:/a:redhat:enterprise_linux:lucene4-contrib, p-cpe:/a:redhat:enterprise_linux:mod_passenger, p-cpe:/a:redhat:enterprise_linux:mod_wsgi, p-cpe:/a:redhat:enterprise_linux:mod_wsgi-debuginfo, p-cpe:/a:redhat:enterprise_linux:mongodb, p-cpe:/a:redhat:enterprise_linux:mongodb-debuginfo, p-cpe:/a:redhat:enterprise_linux:mongodb-server, p-cpe:/a:redhat:enterprise_linux:netty, p-cpe:/a:redhat:enterprise_linux:oauth, p-cpe:/a:redhat:enterprise_linux:objectweb-asm, p-cpe:/a:redhat:enterprise_linux:openscap, p-cpe:/a:redhat:enterprise_linux:openscap-debuginfo, p-cpe:/a:redhat:enterprise_linux:openscap-python, p-cpe:/a:redhat:enterprise_linux:openscap-scanner, p-cpe:/a:redhat:enterprise_linux:openscap-utils, p-cpe:/a:redhat:enterprise_linux:pulp-admin-client, p-cpe:/a:redhat:enterprise_linux:pulp-docker-plugins, p-cpe:/a:redhat:enterprise_linux:pulp-katello, p-cpe:/a:redhat:enterprise_linux:pulp-nodes-child, p-cpe:/a:redhat:enterprise_linux:pulp-nodes-common, p-cpe:/a:redhat:enterprise_linux:pulp-nodes-parent, p-cpe:/a:redhat:enterprise_linux:pulp-puppet-admin-extensions, p-cpe:/a:redhat:enterprise_linux:pulp-puppet-plugins, p-cpe:/a:redhat:enterprise_linux:pulp-puppet-tools, p-cpe:/a:redhat:enterprise_linux:pulp-rpm-admin-extensions, p-cpe:/a:redhat:enterprise_linux:pulp-rpm-handlers, p-cpe:/a:redhat:enterprise_linux:pulp-rpm-plugins, p-cpe:/a:redhat:enterprise_linux:pulp-selinux, p-cpe:/a:redhat:enterprise_linux:pulp-server, p-cpe:/a:redhat:enterprise_linux:puppet, p-cpe:/a:redhat:enterprise_linux:puppet-foreman_scap_client, p-cpe:/a:redhat:enterprise_linux:puppet-server, p-cpe:/a:redhat:enterprise_linux:puppetlabs-stdlib, p-cpe:/a:redhat:enterprise_linux:pyliblzma, p-cpe:/a:redhat:enterprise_linux:pyliblzma-debuginfo, p-cpe:/a:redhat:enterprise_linux:pyparsing, p-cpe:/a:redhat:enterprise_linux:python-beautifulsoup, p-cpe:/a:redhat:enterprise_linux:python-amqp, p-cpe:/a:redhat:enterprise_linux:python-billiard, p-cpe:/a:redhat:enterprise_linux:python-billiard-debuginfo, p-cpe:/a:redhat:enterprise_linux:python-blinker, p-cpe:/a:redhat:enterprise_linux:python-bson, p-cpe:/a:redhat:enterprise_linux:python-celery, p-cpe:/a:redhat:enterprise_linux:python-cherrypy, p-cpe:/a:redhat:enterprise_linux:python-crane, p-cpe:/a:redhat:enterprise_linux:python-flask, p-cpe:/a:redhat:enterprise_linux:python-gofer, p-cpe:/a:redhat:enterprise_linux:python-gofer-proton, p-cpe:/a:redhat:enterprise_linux:python-gofer-qpid, p-cpe:/a:redhat:enterprise_linux:python-httplib2, p-cpe:/a:redhat:enterprise_linux:python-imgcreate, p-cpe:/a:redhat:enterprise_linux:python-importlib, p-cpe:/a:redhat:enterprise_linux:python-isodate, p-cpe:/a:redhat:enterprise_linux:python-itsdangerous, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-foreman-tasks, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-foreman_abrt, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-foreman_bootdisk, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-foreman_discovery, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-foreman_docker, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-foreman_gutterball, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-foreman_hooks, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-foreman_openscap, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-formatador, p-cpe:/a:redhat:enterprise_linux:python-jinja2-26, p-cpe:/a:redhat:enterprise_linux:python-kombu, p-cpe:/a:redhat:enterprise_linux:python-mongoengine, p-cpe:/a:redhat:enterprise_linux:python-nectar, p-cpe:/a:redhat:enterprise_linux:python-oauth2, p-cpe:/a:redhat:enterprise_linux:python-okaara, p-cpe:/a:redhat:enterprise_linux:python-pulp-agent-lib, p-cpe:/a:redhat:enterprise_linux:python-pulp-bindings, p-cpe:/a:redhat:enterprise_linux:python-pulp-client-lib, p-cpe:/a:redhat:enterprise_linux:python-pulp-common, p-cpe:/a:redhat:enterprise_linux:python-pulp-docker-common, p-cpe:/a:redhat:enterprise_linux:python-pulp-puppet-common, p-cpe:/a:redhat:enterprise_linux:python-pulp-rpm-common, p-cpe:/a:redhat:enterprise_linux:python-pymongo, p-cpe:/a:redhat:enterprise_linux:python-pymongo-debuginfo, p-cpe:/a:redhat:enterprise_linux:python-pymongo-gridfs, p-cpe:/a:redhat:enterprise_linux:python-qpid, p-cpe:/a:redhat:enterprise_linux:python-qpid-proton, p-cpe:/a:redhat:enterprise_linux:python-qpid-qmf, p-cpe:/a:redhat:enterprise_linux:python-requests, p-cpe:/a:redhat:enterprise_linux:python-saslwrapper, p-cpe:/a:redhat:enterprise_linux:python-semantic-version, p-cpe:/a:redhat:enterprise_linux:python-webpy, p-cpe:/a:redhat:enterprise_linux:python-werkzeug, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-client, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-client-devel, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-debuginfo, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-server, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-server-devel, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-server-linearstore, p-cpe:/a:redhat:enterprise_linux:qpid-dispatch-debuginfo, p-cpe:/a:redhat:enterprise_linux:qpid-dispatch-router, p-cpe:/a:redhat:enterprise_linux:qpid-dispatch-tools, p-cpe:/a:redhat:enterprise_linux:qpid-java-client, p-cpe:/a:redhat:enterprise_linux:qpid-java-common, p-cpe:/a:redhat:enterprise_linux:qpid-proton-c, p-cpe:/a:redhat:enterprise_linux:qpid-proton-debuginfo, p-cpe:/a:redhat:enterprise_linux:qpid-qmf, p-cpe:/a:redhat:enterprise_linux:qpid-qmf-debuginfo, p-cpe:/a:redhat:enterprise_linux:qpid-tools, p-cpe:/a:redhat:enterprise_linux:resteasy, p-cpe:/a:redhat:enterprise_linux:ruby-augeas, p-cpe:/a:redhat:enterprise_linux:ruby-augeas-debuginfo, p-cpe:/a:redhat:enterprise_linux:ruby-rgen, p-cpe:/a:redhat:enterprise_linux:ruby-shadow, p-cpe:/a:redhat:enterprise_linux:ruby-shadow-debuginfo, p-cpe:/a:redhat:enterprise_linux:ruby193-facter, p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-wrapper, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-addressable, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-algebrick, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ancestry, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-anemone, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-angular-rails-templates, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ansi, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-apipie-params, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-apipie-rails, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-archive-tar-minitar, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-audited, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-audited-activerecord, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-autoparse, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-bastion, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-bundler_ext, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-commonjs, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-daemons, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-deep_cloneable, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-deface, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-docker-api, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-dynflow, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-excon, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-extlib, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-faraday, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-fast_gettext, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ffi, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ffi-debuginfo, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-fog, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-fog-brightbox, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-fog-core, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-fog-json, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-fog-radosgw, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-fog-sakuracloud, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-fog-softlayer, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-fog-xml, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-foreigner, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-foreman-redhat_access, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-little-plugger, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-logging, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-multi_json, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-multi_json-doc, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-multipart-post, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-net-ldap, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-net-scp, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-net-ssh, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-nokogiri, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-friendly_id, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-gettext_i18n_rails, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-gettext_i18n_rails_js, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-google-api-client, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-haml, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-haml-rails, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-hashr, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-hooks, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-hpricot, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-hpricot-debuginfo, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-i18n_data, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ipaddress, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-jquery-ui-rails, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-justified, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-jwt, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-katello, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-launchy, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ldap_fluff, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-nokogiri-debuginfo, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-oauth, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-openscap, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ovirt_provision_plugin, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-passenger, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-passenger-debuginfo, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-passenger-native, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-passenger-native-libs, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-pg, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-pg-debuginfo, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-po_to_json, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-qpid_messaging, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-qpid_messaging-debuginfo, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-rabl, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-rbovirt, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-rbvmomi, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-redhat_access_lib, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-rest-client, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-robotex, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ruby-libvirt, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ruby-libvirt-debuginfo, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ruby2ruby, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ruby_parser, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-runcible, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-safemode, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-sass, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-sass-doc, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-scaptimony, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-scoped_search, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-secure_headers, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-sequel, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-sexp_processor, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-signet, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-sprockets, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-sprockets-doc, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-sshkey, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-strong_parameters, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-tire, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-trollop, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-unf, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-unf-debuginfo, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-unf_ext, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-unf_ext-debuginfo, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-uuidtools, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-validates_lengths_from_database, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-wicked, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-will_paginate, p-cpe:/a:redhat:enterprise_linux:rubygem-ansi, p-cpe:/a:redhat:enterprise_linux:rubygem-apipie-bindings, p-cpe:/a:redhat:enterprise_linux:rubygem-awesome_print, p-cpe:/a:redhat:enterprise_linux:rubygem-bundler, p-cpe:/a:redhat:enterprise_linux:rubygem-bundler_ext, p-cpe:/a:redhat:enterprise_linux:rubygem-clamp, p-cpe:/a:redhat:enterprise_linux:rubygem-fast_gettext, p-cpe:/a:redhat:enterprise_linux:rubygem-fastercsv, p-cpe:/a:redhat:enterprise_linux:rubygem-ffi, p-cpe:/a:redhat:enterprise_linux:rubygem-ffi-debuginfo, p-cpe:/a:redhat:enterprise_linux:rubygem-foreman_scap_client, p-cpe:/a:redhat:enterprise_linux:rubygem-gssapi, p-cpe:/a:redhat:enterprise_linux:rubygem-hammer_cli, p-cpe:/a:redhat:enterprise_linux:rubygem-hammer_cli_csv, p-cpe:/a:redhat:enterprise_linux:rubygem-hammer_cli_foreman, p-cpe:/a:redhat:enterprise_linux:rubygem-hammer_cli_foreman_bootdisk, p-cpe:/a:redhat:enterprise_linux:rubygem-hammer_cli_foreman_discovery, p-cpe:/a:redhat:enterprise_linux:rubygem-hammer_cli_foreman_docker, p-cpe:/a:redhat:enterprise_linux:rubygem-hammer_cli_foreman_docker-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-hammer_cli_foreman_tasks, p-cpe:/a:redhat:enterprise_linux:rubygem-hammer_cli_gutterball, p-cpe:/a:redhat:enterprise_linux:rubygem-hammer_cli_import, p-cpe:/a:redhat:enterprise_linux:rubygem-hammer_cli_katello, p-cpe:/a:redhat:enterprise_linux:rubygem-hashie, p-cpe:/a:redhat:enterprise_linux:rubygem-highline, p-cpe:/a:redhat:enterprise_linux:rubygem-json, p-cpe:/a:redhat:enterprise_linux:rubygem-json-debuginfo, p-cpe:/a:redhat:enterprise_linux:rubygem-kafo, p-cpe:/a:redhat:enterprise_linux:rubygem-kafo_parsers, p-cpe:/a:redhat:enterprise_linux:rubygem-little-plugger, p-cpe:/a:redhat:enterprise_linux:rubygem-locale, p-cpe:/a:redhat:enterprise_linux:rubygem-logging, p-cpe:/a:redhat:enterprise_linux:rubygem-mime-types, p-cpe:/a:redhat:enterprise_linux:rubygem-multi_json, p-cpe:/a:redhat:enterprise_linux:rubygem-multi_json-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-oauth, p-cpe:/a:redhat:enterprise_linux:rubygem-passenger, p-cpe:/a:redhat:enterprise_linux:rubygem-passenger-debuginfo, p-cpe:/a:redhat:enterprise_linux:rubygem-passenger-native, p-cpe:/a:redhat:enterprise_linux:rubygem-passenger-native-libs, p-cpe:/a:redhat:enterprise_linux:rubygem-powerbar, p-cpe:/a:redhat:enterprise_linux:rubygem-rack, p-cpe:/a:redhat:enterprise_linux:rubygem-rack-protection, p-cpe:/a:redhat:enterprise_linux:rubygem-rake, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-less, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-less-rails, p-cpe:/a:redhat:enterprise_linux:rubygem-rb-readline, p-cpe:/a:redhat:enterprise_linux:rubygem-rdoc, p-cpe:/a:redhat:enterprise_linux:rubygem-rdoc-debuginfo, p-cpe:/a:redhat:enterprise_linux:rubygem-rest-client, p-cpe:/a:redhat:enterprise_linux:rubygem-rkerberos, p-cpe:/a:redhat:enterprise_linux:rubygem-rkerberos-debuginfo, p-cpe:/a:redhat:enterprise_linux:rubygem-rubyipmi, p-cpe:/a:redhat:enterprise_linux:rubygem-satyr, p-cpe:/a:redhat:enterprise_linux:rubygem-sinatra, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_abrt, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_discovery, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_openscap, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_pulp, p-cpe:/a:redhat:enterprise_linux:rubygem-table_print, p-cpe:/a:redhat:enterprise_linux:rubygem-thor, p-cpe:/a:redhat:enterprise_linux:rubygem-tilt, p-cpe:/a:redhat:enterprise_linux:saslwrapper, p-cpe:/a:redhat:enterprise_linux:saslwrapper-debuginfo, p-cpe:/a:redhat:enterprise_linux:scannotation, p-cpe:/a:redhat:enterprise_linux:sigar, p-cpe:/a:redhat:enterprise_linux:sigar-debuginfo, p-cpe:/a:redhat:enterprise_linux:sigar-java, p-cpe:/a:redhat:enterprise_linux:sisu-cglib, p-cpe:/a:redhat:enterprise_linux:slf4j-api, p-cpe:/a:redhat:enterprise_linux:slf4j-parent, p-cpe:/a:redhat:enterprise_linux:snappy-java, p-cpe:/a:redhat:enterprise_linux:snappy-java-debuginfo, p-cpe:/a:redhat:enterprise_linux:sun-txw2, p-cpe:/a:redhat:enterprise_linux:v8, p-cpe:/a:redhat:enterprise_linux:v8-debuginfo, cpe:/o:redhat:enterprise_linux:6
必要的 KB 項目: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
可輕鬆利用: No known exploits are available
修補程式發佈日期: 2015/8/12
弱點發布日期: 2014/5/20
參考資訊
CVE: CVE-2013-4346, CVE-2013-4347, CVE-2014-3653, CVE-2015-1816, CVE-2015-1844, CVE-2015-3155, CVE-2015-3235
RHSA: 2015:1592