[Spacewalk-list] Spacewalk Possible Remote Code Exploit Heads Up

[Eric]

CVE-2017-5638

Struts.  Our struts package is from the Generic Jpackage repository.  The 
struts rpm there has not been maintained for years.  The current build 
directions point at that repository, so I believe that makes ALL current 
versions of Spacewalk, including 2.6, vulnerable.

Thoughts?  I believe it's applicable, but I may be mistaken, please correct me 
if I'm wrong!!!

If it is vulnerable, is there an alternative package that is known to work 
with Spacewalk?  I am facing the very real possibility of being required to 
take my Spacewalk server offline today, a huge impact to my environment.

Thanks!