Open eclay11 opened 7 years ago
rdrgmnzs
commented
7 years ago 2 things I can think of:
1) following the Usage section in the readme to ensure the correct settings for force_post_sync_action and doing a sync after the import otherwise the packages will not show up in katello/foreman.
2) Would be to specify the repo with --include-repo= flag as discussed in issue #13 which I have not had time to fix as of yet.
eclay11
commented
7 years ago Thanks for the quick response. I did enable the force_post_sync_action option in katello/foreman settings. I then reran the errata_import.pl, I still get the same errors, then attempted to sync the repo. I'm still not seeing any erratas when viewing the Product repos. I've also attempted all of these steps with the --includ-repo= flag with the same results. Not 100% sure what name I should be using since when running errata_import.pl in --debug mode shows names that include Org, view and activation key in there. So for instance I have a repo in the CentOS7 Product called CentOS 7 Updates. I've tried CentOS7, CentOS 7 Updates, 'CentOS 7 Updates' with the same "no packages found" errors. Looking at the debug output I see names like the following.
DEBUG: Getting errata from UK2_Group-CentOS_7-CentOS_7_Updates DEBUG: Getting errata from UK2_Group-cPanel_COS7-1_0-CentOS_7-CentOS_7_Updates
Product Name = CentOS7 Repo Name = CentOS 7 Updates Org Name = UK2_group
cPanel_COS7-1_0 is a content view
eclay11
commented
7 years ago I actually found that I can view the repos via "pulp-admin repo list" I see the following that seem to point to the repo/product I'm trying to import for.
UK2_Group-CentOS_7-CentOS7 UK2_Group-CentOS_7-CentOS_7_Updates UK2_Group-CentOS_7-CentOS_7_Extras UK2_Group-CentOS_7-CentOS_7_CentOSPlus
Using 'errata_import.pl --errata=./errata.latest.xml --includ-repo="any of the above name" ' still returns "No packages found" and no erratas updated in the repos.
eclay11
commented
7 years ago I'm wondering if there is something off with the script and the version of pulp I'm running on my katello server. In the errata_import.pl script I see a line as follows.
pulp-admin $pulp_args rpm repo content rpm --repo-id=$repo --fields=filename | grep Filename: | awk '{print \$2}' `;
pulp-admin |grep rpm doesn't return anything and it seems like the command doesn't work when I attempt to run it manually.
Katello 3.3.2-1 foreman 1.14.3-1 pulp 2.10.3-1 CentOS Linux release 7.3.1611 (Core)
eclay11
commented
7 years ago Looks like I not only needed to install pulp-admin I also needed to install one or all of the following. pulp-rpm-admin-extensions pulp-rpm-consumer-extensions pulp-rpm-handlers pulp-rpm-yumplugins pulp-consumer-client python-pulp-agent-lib
Now things appear to be adding errata details to the specified repo.
pentiumoverdrive
commented
7 years ago Had the same problem after reinstall, thanks. I also had used display name of the repo instead of repo id :P
phatman168
commented
5 years ago using katello 3.8 and having the same problem. Getting the following problems installing packages mentioned above:
Error: katello-agent conflicts with pulp-consumer-client-2.16.4-1.el7.noarch
pulp-admin commands seem to work okay for me however:
pulp-admin repo list +----------------------------------------------------------------------+ Repositories +----------------------------------------------------------------------+
Id: 9d4623f8-9432-4a1e-8193-25b7868f5493 Display Name: Centos 7 - Base - x86_64 Description: None Content Unit Counts: Distribution: 1 Package Category: 11 Package Environment: 10 Package Group: 88 Package Langpacks: 1 Rpm: 9911
anyone getting the same? Thanks
bmx0r
commented
5 years ago Hi I have a similar issue here, as we can see bellow it seems to create the errata, but they do not show up in katello To make it work i only install two of the list of package listed here upper:
Dec 12 13:52:37 Installed: pulp-consumer-client-2.16.4-1.el7.noarch
Dec 12 13:52:37 Installed: pulp-rpm-consumer-extensions-2.16.4-1.el7.noarch
Dec 12 13:52:37 Installed: pulp-rpm-admin-extensions-2.16.4-1.el7.noarchOutput sample
DEBUG: Using description from oval:com.redhat.rhsa:def:20182242
INFO: Creating errata for CESA-2018:2242 (Moderate CentOS java-1.8.0-openjdk Security Update) (25 of 29)
INFO: +----------------------------------------------------------------------+
Unit Upload
+----------------------------------------------------------------------+
Extracting necessary metadata for each request...
... completed
Creating upload requests on the server...
[==================================================] 100%
Initializing upload
... completed
Starting upload of selected units. If this process is stopped through ctrl+c,
the uploads will be paused and may be resumed later using the resume command or
canceled entirely using the cancel command.
Importing into the repository...
This command may be exited via ctrl+c without affecting the request.
[\]
Running...
Task Succeeded
Deleting the upload request...
... completed
DEBUG: Processing CESA-2018:2251
DEBUG: Processing CESA-2018:2251 -- OVAL ID is oval:com.redhat.rhsa:def:20182251
DEBUG: Package: thunderbird-52.9.1-1.el6.centos.i686.rpm not found
DEBUG: Package: thunderbird-52.9.1-1.el6.centos.src.rpm not found
DEBUG: Package: thunderbird-52.9.1-1.el6.centos.x86_64.rpm not found
DEBUG: Using description from oval:com.redhat.rhsa:def:20182251
NOTICE: Skipping errata CESA-2018:2251 (Important CentOS thunderbird Security Update) -- No packages found
DEBUG: Processing CESA-2018:2252
DEBUG: Processing CESA-2018:2252 -- OVAL ID is oval:com.redhat.rhsa:def:20182252
INFO: Errata for CESA-2018:2252 already exists
DEBUG: Processing CESA-2018:2283
DEBUG: Processing CESA-2018:2283 -- OVAL ID is oval:com.redhat.rhsa:def:20182283
DEBUG: Package: java-1.7.0-openjdk-1.7.0.191-2.6.15.4.el6_10.i686.rpm not found
DEBUG: Package: java-1.7.0-openjdk-1.7.0.191-2.6.15.4.el6_10.src.rpm not found
DEBUG: Package: java-1.7.0-openjdk-1.7.0.191-2.6.15.4.el6_10.x86_64.rpm not found
DEBUG: Package: java-1.7.0-openjdk-demo-1.7.0.191-2.6.15.4.el6_10.i686.rpm not found
DEBUG: Package: java-1.7.0-openjdk-demo-1.7.0.191-2.6.15.4.el6_10.x86_64.rpm not found
DEBUG: Package: java-1.7.0-openjdk-devel-1.7.0.191-2.6.15.4.el6_10.i686.rpm not found
DEBUG: Package: java-1.7.0-openjdk-devel-1.7.0.191-2.6.15.4.el6_10.x86_64.rpm not found
DEBUG: Package: java-1.7.0-openjdk-javadoc-1.7.0.191-2.6.15.4.el6_10.noarch.rpm not found
DEBUG: Package: java-1.7.0-openjdk-src-1.7.0.191-2.6.15.4.el6_10.i686.rpm not found
DEBUG: Package: java-1.7.0-openjdk-src-1.7.0.191-2.6.15.4.el6_10.x86_64.rpm not found
DEBUG: Using description from oval:com.redhat.rhsa:def:20182283
NOTICE: Skipping errata CESA-2018:2283 (Moderate CentOS java-1.7.0-openjdk Security Update) -- No packages found
DEBUG: Processing CESA-2018:2284
DEBUG: Processing CESA-2018:2284 -- OVAL ID is oval:com.redhat.rhsa:def:20182284
DEBUG: Package: yum-NetworkManager-dispatcher-1.1.30-42.el6_10.noarch.rpm not found
DEBUG: Package: yum-plugin-aliases-1.1.30-42.el6_10.noarch.rpm not found
DEBUG: Package: yum-plugin-auto-update-debug-info-1.1.30-42.el6_10.noarch.rpm not found
DEBUG: Package: yum-plugin-changelog-1.1.30-42.el6_10.noarch.rpm not found
DEBUG: Package: yum-plugin-fastestmirror-1.1.30-42.el6_10.noarch.rpm not found
DEBUG: Package: yum-plugin-filter-data-1.1.30-42.el6_10.noarch.rpm not found
DEBUG: Package: yum-plugin-fs-snapshot-1.1.30-42.el6_10.noarch.rpm not found
DEBUG: Package: yum-plugin-keys-1.1.30-42.el6_10.noarch.rpm not found
DEBUG: Package: yum-plugin-list-data-1.1.30-42.el6_10.noarch.rpm not found
DEBUG: Package: yum-plugin-local-1.1.30-42.el6_10.noarch.rpm not found
DEBUG: Package: yum-plugin-merge-conf-1.1.30-42.el6_10.noarch.rpm not found
DEBUG: Package: yum-plugin-ovl-1.1.30-42.el6_10.noarch.rpm not found
DEBUG: Package: yum-plugin-post-transaction-actions-1.1.30-42.el6_10.noarch.rpm not found
DEBUG: Package: yum-plugin-priorities-1.1.30-42.el6_10.noarch.rpm not found
DEBUG: Package: yum-plugin-protectbase-1.1.30-42.el6_10.noarch.rpm not found
DEBUG: Package: yum-plugin-ps-1.1.30-42.el6_10.noarch.rpm not found
DEBUG: Package: yum-plugin-remove-with-leaves-1.1.30-42.el6_10.noarch.rpm not found
DEBUG: Package: yum-plugin-rpm-warm-cache-1.1.30-42.el6_10.noarch.rpm not found
DEBUG: Package: yum-plugin-security-1.1.30-42.el6_10.noarch.rpm not found
DEBUG: Package: yum-plugin-show-leaves-1.1.30-42.el6_10.noarch.rpm not found
DEBUG: Package: yum-plugin-tmprepo-1.1.30-42.el6_10.noarch.rpm not found
DEBUG: Package: yum-plugin-tsflags-1.1.30-42.el6_10.noarch.rpm not found
DEBUG: Package: yum-plugin-upgrade-helper-1.1.30-42.el6_10.noarch.rpm not found
DEBUG: Package: yum-plugin-verify-1.1.30-42.el6_10.noarch.rpm not found
DEBUG: Package: yum-plugin-versionlock-1.1.30-42.el6_10.noarch.rpm not found
DEBUG: Package: yum-updateonboot-1.1.30-42.el6_10.noarch.rpm not found
DEBUG: Package: yum-utils-1.1.30-42.el6_10.noarch.rpm not found
DEBUG: Package: yum-utils-1.1.30-42.el6_10.src.rpm not found
DEBUG: Using description from oval:com.redhat.rhsa:def:20182284
NOTICE: Skipping errata CESA-2018:2284 (Important CentOS yum-utils Security Update) -- No packages found
DEBUG: Processing CESA-2018:2285
DEBUG: Processing CESA-2018:2285 -- OVAL ID is oval:com.redhat.rhsa:def:20182285
DEBUG: Package: yum-NetworkManager-dispatcher-1.1.31-46.el7_5.noarch.rpm -> yum-NetworkManager-dispatcher-1.1.31-46.el7_5.noarch.rpm -> 1-cv-os-centos7-v1_0-cb3398f5-decb-449b-872f-96e9771c3c3d
DEBUG: Package: yum-plugin-aliases-1.1.31-46.el7_5.noarch.rpm -> yum-plugin-aliases-1.1.31-46.el7_5.noarch.rpm -> 1-cv-os-centos7-v1_0-cb3398f5-decb-449b-872f-96e9771c3c3d
DEBUG: Package: yum-plugin-auto-update-debug-info-1.1.31-46.el7_5.noarch.rpm -> yum-plugin-auto-update-debug-info-1.1.31-46.el7_5.noarch.rpm -> 1-cv-os-centos7-v1_0-cb3398f5-decb-449b-872f-96e9771c3c3d
DEBUG: Package: yum-plugin-changelog-1.1.31-46.el7_5.noarch.rpm -> yum-plugin-changelog-1.1.31-46.el7_5.noarch.rpm -> 1-cv-os-centos7-v1_0-cb3398f5-decb-449b-872f-96e9771c3c3d
DEBUG: Package: yum-plugin-copr-1.1.31-46.el7_5.noarch.rpm -> yum-plugin-copr-1.1.31-46.el7_5.noarch.rpm -> 1-cv-os-centos7-v1_0-cb3398f5-decb-449b-872f-96e9771c3c3d
DEBUG: Package: yum-plugin-fastestmirror-1.1.31-46.el7_5.noarch.rpm -> yum-plugin-fastestmirror-1.1.31-46.el7_5.noarch.rpm -> 1-cv-os-centos7-v1_0-cb3398f5-decb-449b-872f-96e9771c3c3d
DEBUG: Package: yum-plugin-filter-data-1.1.31-46.el7_5.noarch.rpm -> yum-plugin-filter-data-1.1.31-46.el7_5.noarch.rpm -> 1-cv-os-centos7-v1_0-cb3398f5-decb-449b-872f-96e9771c3c3d
DEBUG: Package: yum-plugin-fs-snapshot-1.1.31-46.el7_5.noarch.rpm -> yum-plugin-fs-snapshot-1.1.31-46.el7_5.noarch.rpm -> 1-cv-os-centos7-v1_0-cb3398f5-decb-449b-872f-96e9771c3c3d
DEBUG: Package: yum-plugin-keys-1.1.31-46.el7_5.noarch.rpm -> yum-plugin-keys-1.1.31-46.el7_5.noarch.rpm -> 1-cv-os-centos7-v1_0-cb3398f5-decb-449b-872f-96e9771c3c3d
DEBUG: Package: yum-plugin-list-data-1.1.31-46.el7_5.noarch.rpm -> yum-plugin-list-data-1.1.31-46.el7_5.noarch.rpm -> 1-cv-os-centos7-v1_0-cb3398f5-decb-449b-872f-96e9771c3c3d
DEBUG: Package: yum-plugin-local-1.1.31-46.el7_5.noarch.rpm -> yum-plugin-local-1.1.31-46.el7_5.noarch.rpm -> 1-cv-os-centos7-v1_0-cb3398f5-decb-449b-872f-96e9771c3c3d
DEBUG: Package: yum-plugin-merge-conf-1.1.31-46.el7_5.noarch.rpm -> yum-plugin-merge-conf-1.1.31-46.el7_5.noarch.rpm -> 1-cv-os-centos7-v1_0-cb3398f5-decb-449b-872f-96e9771c3c3d
DEBUG: Package: yum-plugin-ovl-1.1.31-46.el7_5.noarch.rpm -> yum-plugin-ovl-1.1.31-46.el7_5.noarch.rpm -> 1-cv-os-centos7-v1_0-cb3398f5-decb-449b-872f-96e9771c3c3d
DEBUG: Package: yum-plugin-post-transaction-actions-1.1.31-46.el7_5.noarch.rpm -> yum-plugin-post-transaction-actions-1.1.31-46.el7_5.noarch.rpm -> 1-cv-os-centos7-v1_0-cb3398f5-decb-449b-872f-96e9771c3c3d
DEBUG: Package: yum-plugin-pre-transaction-actions-1.1.31-46.el7_5.noarch.rpm -> yum-plugin-pre-transaction-actions-1.1.31-46.el7_5.noarch.rpm -> 1-cv-os-centos7-v1_0-cb3398f5-decb-449b-872f-96e9771c3c3d
DEBUG: Package: yum-plugin-priorities-1.1.31-46.el7_5.noarch.rpm -> yum-plugin-priorities-1.1.31-46.el7_5.noarch.rpm -> 1-cv-os-centos7-v1_0-cb3398f5-decb-449b-872f-96e9771c3c3d
DEBUG: Package: yum-plugin-protectbase-1.1.31-46.el7_5.noarch.rpm -> yum-plugin-protectbase-1.1.31-46.el7_5.noarch.rpm -> 1-cv-os-centos7-v1_0-cb3398f5-decb-449b-872f-96e9771c3c3d
DEBUG: Package: yum-plugin-ps-1.1.31-46.el7_5.noarch.rpm -> yum-plugin-ps-1.1.31-46.el7_5.noarch.rpm -> 1-cv-os-centos7-v1_0-cb3398f5-decb-449b-872f-96e9771c3c3d
DEBUG: Package: yum-plugin-remove-with-leaves-1.1.31-46.el7_5.noarch.rpm -> yum-plugin-remove-with-leaves-1.1.31-46.el7_5.noarch.rpm -> 1-cv-os-centos7-v1_0-cb3398f5-decb-449b-872f-96e9771c3c3d
DEBUG: Package: yum-plugin-rpm-warm-cache-1.1.31-46.el7_5.noarch.rpm -> yum-plugin-rpm-warm-cache-1.1.31-46.el7_5.noarch.rpm -> 1-cv-os-centos7-v1_0-cb3398f5-decb-449b-872f-96e9771c3c3d
DEBUG: Package: yum-plugin-show-leaves-1.1.31-46.el7_5.noarch.rpm -> yum-plugin-show-leaves-1.1.31-46.el7_5.noarch.rpm -> 1-cv-os-centos7-v1_0-cb3398f5-decb-449b-872f-96e9771c3c3d
DEBUG: Package: yum-plugin-tmprepo-1.1.31-46.el7_5.noarch.rpm -> yum-plugin-tmprepo-1.1.31-46.el7_5.noarch.rpm -> 1-cv-os-centos7-v1_0-cb3398f5-decb-449b-872f-96e9771c3c3d
DEBUG: Package: yum-plugin-tsflags-1.1.31-46.el7_5.noarch.rpm -> yum-plugin-tsflags-1.1.31-46.el7_5.noarch.rpm -> 1-cv-os-centos7-v1_0-cb3398f5-decb-449b-872f-96e9771c3c3d
DEBUG: Package: yum-plugin-upgrade-helper-1.1.31-46.el7_5.noarch.rpm -> yum-plugin-upgrade-helper-1.1.31-46.el7_5.noarch.rpm -> 1-cv-os-centos7-v1_0-cb3398f5-decb-449b-872f-96e9771c3c3d
DEBUG: Package: yum-plugin-verify-1.1.31-46.el7_5.noarch.rpm -> yum-plugin-verify-1.1.31-46.el7_5.noarch.rpm -> 1-cv-os-centos7-v1_0-cb3398f5-decb-449b-872f-96e9771c3c3d
DEBUG: Package: yum-plugin-versionlock-1.1.31-46.el7_5.noarch.rpm -> yum-plugin-versionlock-1.1.31-46.el7_5.noarch.rpm -> 1-cv-os-centos7-v1_0-cb3398f5-decb-449b-872f-96e9771c3c3d
DEBUG: Package: yum-updateonboot-1.1.31-46.el7_5.noarch.rpm -> yum-updateonboot-1.1.31-46.el7_5.noarch.rpm -> 1-cv-os-centos7-v1_0-cb3398f5-decb-449b-872f-96e9771c3c3d
DEBUG: Package: yum-utils-1.1.31-46.el7_5.noarch.rpm -> yum-utils-1.1.31-46.el7_5.noarch.rpm -> 1-cv-os-centos7-v1_0-cb3398f5-decb-449b-872f-96e9771c3c3d
DEBUG: Package: yum-utils-1.1.31-46.el7_5.src.rpm not found
DEBUG: Using description from oval:com.redhat.rhsa:def:20182285
INFO: Creating errata for CESA-2018:2285 (Important CentOS yum-utils Security Update) (28 of 29)
INFO: +----------------------------------------------------------------------+
Unit Upload
+----------------------------------------------------------------------+
Extracting necessary metadata for each request...
... completed
Creating upload requests on the server...
[==================================================] 100%
Initializing upload
... completed
Starting upload of selected units. If this process is stopped through ctrl+c,
the uploads will be paused and may be resumed later using the resume command or
canceled entirely using the cancel command.
Importing into the repository...
This command may be exited via ctrl+c without affecting the request.
[\]
Running...
Task Succeeded
Deleting the upload request...
... completed
DEBUG: Processing CESA-2018:2286
DEBUG: Processing CESA-2018:2286 -- OVAL ID is oval:com.redhat.rhsa:def:20182286Version: katello_repositories_version: 3.8 katello_repositories_environment: release foreman_repositories_environment: release foreman_repositories_version: 1.19 katello_repositories_pulp_version: 2.16
I also detect that the command pulp-admin repo list: is listing also all content view/composite content view... so to run it on the centos update repo i need to run : /opt/pulp_centos_errata_import/errata_import.pl --errata=/tmp/errata.latest.xml --rhsa-oval=/tmp/com.redhat.rhsa-all.xml --debug --include-repo cb3398f5-decb-449b-872f-96e9771c3c3d
then i list all errata via pulp i see only a few... but i do not see them in katelllo (ho and yes i did try the : hammer repository synchronize --skip-metadata-check 1 --id 1 --async on the concern repos...)
[root@katello-a pulp_centos_errata_import]# pulp-admin rpm repo content errata --repo-id cb3398f5-decb-449b-872f-96e9771c3c3d
Description: Not available
Id: CEBA-2018:3349
Severity:
Title: CentOS NetworkManager BugFix Update
Type: bugfix
Description: Git is a distributed revision control system with a decentralized
architecture. As opposed to centralized version control systems
with a client-server model, Git ensures that each working copy of a
Git repository is an exact copy with complete revision history.
This not only allows the user to work on and contribute to projects
without the need to have permission to push the changes to their
official repositories, but also makes it possible for the user to
work with no network connection. Security Fix(es): * git:
arbitrary code execution via .gitmodules (CVE-2018-17456) For more
details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s)
listed in the References section.
Id: CESA-2018:3408
Severity: Important
Title: CentOS git Security Update
Type: security
Description: Not available
Id: CEBA-2018:3337
Severity:
Title: CentOS cloud-init BugFix Update
Type: bugfix
Description: The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime
Environment and the OpenJDK 8 Java Software Development Kit.
Security Fix(es): * OpenJDK: Improper field access checks
(Hotspot, 8199226) (CVE-2018-3169) * OpenJDK: Unrestricted access
to scripting engine (Scripting, 8202936) (CVE-2018-3183) *
OpenJDK: Incomplete enforcement of the trustURLCodebase restriction
(JNDI, 8199177) (CVE-2018-3149) * OpenJDK: Incorrect handling of
unsigned attributes in singed Jar manifests (Security, 8194534)
(CVE-2018-3136) * OpenJDK: Leak of sensitive header data via HTTP
redirect (Networking, 8196902) (CVE-2018-3139) * OpenJDK: Missing
endpoint identification algorithm check during TLS session
resumption (JSSE, 8202613) (CVE-2018-3180) * OpenJDK: Infinite
loop in RIFF format reader (Sound, 8205361) (CVE-2018-3214) For
more details about the security issue(s), including the impact, a
CVSS score, and other related information, refer to the CVE page(s)
listed in the References section.
Id: CESA-2018:2942
Severity: Critical
Title: CentOS java-1.8.0-openjdk Security Update
Type: security
Description: Not available
Id: CEBA-2018:3342
Severity:
Title: CentOS resource-agents BugFix Update
Type: bugfix
Description: Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 60.3.0. Security
Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 63 and
Firefox ESR 60.3 (CVE-2018-12390) * Mozilla: Crash with nested
event loops (CVE-2018-12392) * Mozilla: Integer overflow during
Unicode conversion while loading JavaScript (CVE-2018-12393) *
Mozilla: Memory safety bugs fixed in Firefox ESR 60.3
(CVE-2018-12389) For more details about the security issue(s),
including the impact, a CVSS score, and other related information,
refer to the CVE page(s) listed in the References section. Red Hat
would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Christian Holler, Bob Owen, Boris Zbarsky,
Calixte Denizet, Jason Kratzer, Jed Davis, Taegeon Lee, Philipp,
Ronald Crane, Raul Gurzau, Gary Kwong, Tyson Smith, Raymond Forbes,
Bogdan Tara, Nils, r, and Daniel Veditz as the original reporters.
Id: CESA-2018:3532
Severity: Important
Title: CentOS thunderbird Security Update
Type: security
Description: Not available
Id: CEBA-2018:3635
Severity:
Title: CentOS cronie BugFix Update
Type: bugfix
Description: Not available
Id: CEBA-2018:3442
Severity:
Title: CentOS lvm2 BugFix Update
Type: bugfix
Description: Not available
Id: CEBA-2018:3338
Severity:
Title: CentOS sos BugFix Update
Type: bugfix
Description: Not available
Id: CEBA-2018:3341
Severity:
Title: CentOS xorg-x11-server BugFix Update
Type: bugfix
Description: The python-paramiko package provides a Python module that
implements the SSH2 protocol for encrypted and authenticated
connections to remote machines. Unlike SSL, the SSH2 protocol does
not require hierarchical certificates signed by a powerful central
authority. The protocol also includes the ability to open arbitrary
channels to remote services across an encrypted tunnel. Security
Fix(es): * python-paramiko: Authentication bypass in
auth_handler.py (CVE-2018-1000805) For more details about the
security issue(s), including the impact, a CVSS score, and other
related information, refer to the CVE page(s) listed in the
References section.
Id: CESA-2018:3347
Severity: Critical
Title: CentOS python-paramiko Security Update
Type: security
Description: Apache Tomcat is a servlet container for the Java Servlet and
JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat:
A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336) For
more details about the security issue(s), including the impact, a
CVSS score, and other related information, refer to the CVE page(s)
listed in the References section.
Id: CESA-2018:2921
Severity: Important
Title: CentOS tomcat Security Update
Type: security
Description: Not available
Id: CEBA-2018:3013
Severity:
Title: CentOS tzdata BugFix Update
Type: bugfix
Description: Not available
Id: CEBA-2018:3339
Severity:
Title: CentOS libvirt BugFix Update
Type: bugfix
Description: The java-11-openjdk packages provide the OpenJDK 11 Java Runtime
Environment and the OpenJDK 11 Java Software Development Kit.
Security Fix(es): * OpenJDK: Improper field access checks
(Hotspot, 8199226) (CVE-2018-3169) * OpenJDK: Unrestricted access
to scripting engine (Scripting, 8202936) (CVE-2018-3183) *
OpenJDK: Incomplete enforcement of the trustURLCodebase restriction
(JNDI, 8199177) (CVE-2018-3149) * OpenJDK: Incorrect handling of
unsigned attributes in signed Jar manifests (Security, 8194534)
(CVE-2018-3136) * OpenJDK: Leak of sensitive header data via HTTP
redirect (Networking, 8196902) (CVE-2018-3139) * OpenJDK:
Multi-Release attribute read from outside of the main manifest
attributes (Utility, 8199171) (CVE-2018-3150) * OpenJDK: Missing
endpoint identification algorithm check during TLS session
resumption (JSSE, 8202613) (CVE-2018-3180) For more details about
the security issue(s), including the impact, a CVSS score, and
other related information, refer to the CVE page(s) listed in the
References section.
Id: CESA-2018:3521
Severity: Critical
Title: CentOS java-11-openjdk Security Update
Type: security
Description: Mozilla Firefox is an open-source web browser, designed for
standards compliance, performance, and portability. This update
upgrades Firefox to version 60.3.0 ESR. Security Fix(es): *
Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR
60.3 (CVE-2018-12390) * Mozilla: Crash with nested event loops
(CVE-2018-12392) * Mozilla: Integer overflow during Unicode
conversion while loading JavaScript (CVE-2018-12393) * Mozilla:
WebExtension bypass of domain restrictions through header rewriting
(CVE-2018-12395) * Mozilla: WebExtension content scripts can
execute in disallowed contexts (CVE-2018-12396) * Mozilla:
WebExtension local file permission check bypass (CVE-2018-12397) *
Mozilla: Memory safety bugs fixed in Firefox ESR 60.3
(CVE-2018-12389) For more details about the security issue(s),
including the impact, a CVSS score, and other related information,
refer to the CVE page(s) listed in the References section. Red Hat
would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Christian Holler, Bob Owen, Boris Zbarsky,
Calixte Denizet, Jason Kratzer, Jed Davis, Taegeon Lee, Philipp,
Ronald Crane, Raul Gurzau, Gary Kwong, Tyson Smith, Raymond Forbes,
Bogdan Tara, Nils, r, Rob Wu, Andrew Swan, and Daniel Veditz as the
original reporters. Bug Fix(es): * Previously, passwords saved in
the Firefox browser and encrypted by a master password were erased
when Firefox was exited. This update ensures that NSS files used to
decrypt stored login data are handled correctly. As a result, the
affected passwords are no longer lost after restarting Firefox.
(BZ#1638082)
Id: CESA-2018:3005
Severity: Critical
Title: CentOS firefox Security Update
Type: security
Description: Not available
Id: CEBA-2018:3543
Severity:
Title: CentOS subscription-manager BugFix Update
Type: bugfix
Description: Not available
Id: CEBA-2018:3454
Severity:
Title: CentOS tzdata BugFix Update
Type: bugfix
Description: Not available
Id: CEBA-2018:3340
Severity:
Title: CentOS selinux-policy BugFix Update
Type: bugfix
Description: The SpamAssassin tool provides a way to reduce unsolicited
commercial email (spam) from incoming email. Security Fix(es): *
spamassassin: Certain unclosed tags in crafted emails allow for
scan timeouts and result in denial of service (CVE-2017-15705) *
spamassassin: Local user code injection in the meta rule syntax
(CVE-2018-11781) For more details about the security issue(s),
including the impact, a CVSS score, and other related information,
refer to the CVE page(s) listed in the References section.
Id: CESA-2018:2916
Severity: Important
Title: CentOS spamassassin Security Update
Type: security
Description: Not available
Id: CEBA-2018:2754
Severity:
Title: CentOS gcc-libraries BugFix Update
Type: bugfix
Description: Not available
Id: CEBA-2018:3346
Severity:
Title: CentOS java-1.8.0-openjdk BugFix Update
Type: bugfix
Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.
Security Fix(es): * OpenJDK: Improper field access checks
(Hotspot, 8199226) (CVE-2018-3169) * OpenJDK: Incomplete
enforcement of the trustURLCodebase restriction (JNDI, 8199177)
(CVE-2018-3149) * OpenJDK: Incorrect handling of unsigned
attributes in signed Jar manifests (Security, 8194534)
(CVE-2018-3136) * OpenJDK: Leak of sensitive header data via HTTP
redirect (Networking, 8196902) (CVE-2018-3139) * OpenJDK: Missing
endpoint identification algorithm check during TLS session
resumption (JSSE, 8202613) (CVE-2018-3180) * OpenJDK: Infinite
loop in RIFF format reader (Sound, 8205361) (CVE-2018-3214) For
more details about the security issue(s), including the impact, a
CVSS score, and other related information, refer to the CVE page(s)
listed in the References section.
Id: CESA-2018:3350
Severity: Important
Title: CentOS java-1.7.0-openjdk Security Update
Type: security
Description: Not available
Id: CEBA-2018:3345
Severity:
Title: CentOS pcp BugFix Update
Type: bugfix
Description: X.Org is an open-source implementation of the X Window System. It
provides the basic low-level functionality that full-fledged
graphical user interfaces are designed upon. Security Fix(es): *
xorg-x11-server: Incorrect permission check in Xorg X server allows
for privilege escalation (CVE-2018-14665) For more details about
the security issue(s), including the impact, a CVSS score, and
other related information, refer to the CVE page(s) listed in the
References section. Red Hat would like to thank Narendra Shinde
for reporting this issue.
Id: CESA-2018:3410
Severity: Important
Title: CentOS xorg-x11-server Security Update
Type: securityI do not know where to look deeper... any idea is welcome :)
I'm not sure what's wrong but when I run './errata_import.pl --errata=./errata.latest.xml' after manually downloading the errata.latest.xml file I get many notices stating "No packages found" and when I look at the centos products in katello/foreman they still show zero erratas. import-fail-log.txt
Any thoughts on why or how to proceed to troubleshoot this?