[Spacewalk-list] Spacewalk Possible Remote Code Exploit Heads Up
Eric
ericb at enrsystems.com
Wed Mar 8 18:49:18 UTC 2017
CVE-2017-5638
Struts. Our struts package is from the Generic Jpackage repository. The
struts rpm there has not been maintained for years. The current build
directions point at that repository, so I believe that makes ALL current
versions of Spacewalk, including 2.6, vulnerable.
Thoughts? I believe it's applicable, but I may be mistaken, please correct me
if I'm wrong!!!
If it is vulnerable, is there an alternative package that is known to work
with Spacewalk? I am facing the very real possibility of being required to
take my Spacewalk server offline today, a huge impact to my environment.
Thanks!
More information about the Spacewalk-list
mailing list