Re: [Spacewalk-list] Spacewalk Possible Remote Code Exploit Heads Up

Wed, 08 Mar 2017 13:15:24 -0800 

    
I certainly hope you are right.  Though I believe the version you listed is the 
RedHat package, not the one in the jpackage repo that the install documents 
indicate.  That is struts-1.3.8-2.jpp5.noarch.  That version already pops in 3 
different scanner products for other vulnerabilities.


Happy Connecting. Sent from my Sprint Samsung Galaxy S® 5 Sport

-------- Original message --------
From: Avi Miller <[email protected]> 
Date: 3/8/17  12:35 PM  (GMT-07:00) 
To: [email protected] 
Subject: Re: [Spacewalk-list] Spacewalk Possible Remote Code Exploit Heads Up 

Hi,

The CVE is applicable to struts2, while the version from JPackage is 
struts-1.3.10-12.el7.noarch. I’m assuming (hoping) that it’s actually too old 
to be vulnerable.

Cheers,
Avi

> On 9 Mar 2017, at 5:49 am, Eric <[email protected]> wrote:
> 
> CVE-2017-5638
> 
> Struts.  Our struts package is from the Generic Jpackage repository.  The 
> struts rpm there has not been maintained for years.  The current build 
> directions point at that repository, so I believe that makes ALL current 
> versions of Spacewalk, including 2.6, vulnerable.
> 
> Thoughts?  I believe it's applicable, but I may be mistaken, please correct 
> me 
> if I'm wrong!!!
> 
> If it is vulnerable, is there an alternative package that is known to work 
> with Spacewalk?  I am facing the very real possibility of being required to 
> take my Spacewalk server offline today, a huge impact to my environment.
> 
> Thanks!
> 
> _______________________________________________
> Spacewalk-list mailing list
> [email protected]
> https://www.redhat.com/mailman/listinfo/spacewalk-list

--
Oracle <http://www.oracle.com>
Avi Miller | Product Management Director | +61 (3) 8616 3496
Oracle Linux and Virtualization
417 St Kilda Road, Melbourne, Victoria 3004 Australia


_______________________________________________
Spacewalk-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/spacewalk-list
_______________________________________________
Spacewalk-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/spacewalk-list

Reply via email to