5 - RHSA-2019:1222

Problem Description:

Red Hat Satellite 6.5 for RHEL 7 is now available containing security fixes, bug fixes, and enhancements.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Satellite 6.5 - noarch, x86_64 Red Hat Satellite Capsule 6.5 - noarch, x86_64

3. Description:

Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool.

Security Fix(es):

* RESTEasy: Abuse of GZIPInterceptor in RESTEasy can lead to denial of service attack (CVE-2016-6346)

* pulp: Improper path parsing leads to overwriting of iso repositories (CVE-2018-10917)

* foreman: Persisted XSS on all pages that use breadcrumbs (CVE-2018-14664)

* foreman: stored XSS in success notification after entity creation (CVE-2018-16861)

* katello: stored XSS in subscriptions and repositories pages (CVE-2018-16887)

* candlepin: credentials exposure through log files (CVE-2019-3891)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1143987 - [RFE] Hammer task missing info subcommand 1155811 - [RFE] Support Infoblox IPAM appliances as subnet / domain providers 1170174 - [RFE] Satellite 6 product FIPS mode Compliance 1232475 - [RFE] generate a report of Specific fields in the Content Hosts -> Details section 1233431 - [RFE] CSR should not be mandatory when installing Satellite Server or generating Capsule certificate bundle with custom ssl certificates 1267766 - capsule installer generates invalid dhcp.conf for non local networks 1305040 - [RFE] User control of Capsule sync policy and other traffic from Satellite to capsule 1335621 - [RFE] Ignore warnings when syncing repos and SRC packages are missing 1339743 - [RFE] Search OpenSCAP reports using host collections 1356126 - [RFE] Implement host disassociation command 1372120 - CVE-2016-6346 RESTEasy: Abuse of GZIPInterceptor in RESTEasy can lead to denial of service attack 1396974 - VM orchestration should provide better error reporting and logging 1397590 - [RFE] “Unregister Host†needs a clear instruction for options under it 1402134 - [RFE] Need Hammer CLI commands to do the HostGroup / Environments associations with Provisioning Template. 1408782 - [RFE] virt-who need to make sure there is only one entry in satellite content host for the same hypervisor when configure hypervisor_id for uuid or hostname or hwuuid 1418026 - goferd errors with "[...] Condition('amqp:resource-limit-exceeded', 'local-idle-timeout expired')" when pushing Errata from Satellite 1438030 - [RFE] Feature to use the 'dzdo' as the "remote_execution_effective_user_method" to run the remote commands with a non-root user. 1445070 - katello models not working with foreman-hooks plugin 1447963 - Switching installation media (or source) back and forth corrupts initdamdisk/kernel 1449290 - Global PXE hostgroups menu entries missing when Installation Media is set to Synced Content 1451277 - [RFE] Support storing and presenting Vendor field in package API 1458898 - [RFE] Pre-canned Virt-who roles do not have a description 1468557 - Discovery KExec does not work with Atomic Host 7 1470987 - discovery settings are named differently in hammer than in UI 1476379 - [RFE] Add randomness to SCAP client runs to avoid DDOS of the server 1476938 - katello-change-hostname should check for enough ram before making changes 1481315 - Cloud-init integration with ovirt supports just a subset of cloud-init keywords 1488235 - Email subject prefix accepts long strings 1488475 - Specifying wrong content source id for host or hostgroup via hammer throws SQL error 1489252 - [RFE] Add a note to ignore "WARNING" message when foreman_scap_client command executed manually 1489379 - Non admins users should be able to add Organization / Locations to themselves 1489486 - API hosts/X interfaces array info inconsistent return of interface flags 1492848 - Roles cleared when error detected in User creation dialog 1495308 - [RFE] Feature to add the "--fetch-remote-resources" to the foreman_scap_client. 1500972 - traceback when deleting organization: javax.persistence.RollbackException: Error while committing the transaction 1501683 - Pulp repository sync step not skipped automatically when fail with "Abnormal termination". 1501927 - RHV compute resource screen shows DataTables warning invalid json response 1502752 - refresh manifest - proxy password with special character 1508169 - incremental update of content-view added errata RHSA-2017:2998 packages and also added some other packages as well , which is not present in errata 1514013 - Atomic Host 7.4.2 deployed from Satellite 6.2.12 cannot be upgraded out of the box 1515082 - Rerunning a ReX job with JobTemplate not in current Org/Loc shows undefined method `input_values' for nil:NilClass 1515671 - [RFE] Extend "Service Action - SSH Default" job template to be able to enable and disable services 1516803 - uploading a package to custom repo does not trigger sync of Capsule in Library LE 1517084 - Duplicate hammer options to view available compute-resource image 1517706 - Could not able to see filters of any role with org_admin user 1519779 - puppet classes info doesn't consider puppet environments parameter 1523147 - Templates tab in Hosts>Operating Systems have confusing and misleading asterisks 1523433 - Celery worker consumes large number of memory when regenerating applicability for a consumer that binds to many repositories with many errata. 1523940 - [RFE] [sat 6.3] k5login should support setting selinux context and owner attributes 1528524 - [RFE][Satellite 6.3 Beta] Need a way to split pulp_data.tar into smaller files 1532675 - incorrectly rendered empty lines in commands output on "Detail of Commands run" page 1534608 - [RFE] Searching for all instances of packages in all repos 1534967 - reboot ReX fails with "Runner error: NameError - uninitialized constant ForemanRemoteExecutionCore::ScriptRunner::MAX_PROCESS_RETRIES" 1537266 - [RFE] Add option to lock template upon import using foreman_templates plugin 1538688 - 'hammer ping' can erroneously say foreman-tasks is down when its just busy 1541393 - Improve help and error messages when adding CVs to a CCV 1545364 - Cloned Satellite improperly handles Pulp event_notifier URL and db entries 1547821 - while creating new hosts RHEVM assocation of compute profile doesn't show correct network for the Cluster 1549088 - Various Action:: Tasks types stop with warning: "no such file or directory" for file in foreman cache hierarchy 1549761 - [RFE] Flag to avoid deletion from compute resource of an host associated when it's removed from satellite 1552142 - Installation on FIPS enabled rhel7 fails with '/usr/bin/pulp-gen-ca-certificate' returned 1 instead of one of [0] 1552159 - Installation on FIPS enabled rhel7 failing with with certutil issues 1552200 - Upgrade to 6.3 failed with "Could not find dependency Class[Puppet::Server::Install] for File[/etc/pki/katello/puppet]" 1553105 - composite_content_view_ids field of a content_view_version is always empty 1554421 - candlepin takes >2m on /candlepin/consumers/UUID/guests query 1557436 - Unnecessary requirement of CSR when running --certs-update-server 1560978 - hammer host list --thin removed in Red Hat Satellite 6.3 1561249 - Several JS errors visiting repo discovery page 1561691 - Creating user with hammer having authentication source LDAP/AD should not ask for password 1561990 - UI: After add the CV on the CCV, Content View still on the list to add 1563529 - Root password hash in Operating System written in capital letters 1564867 - update bootstrap.py to works also on RHEL5 1565903 - ansible_provisioning_callback snippet does not set executable permission for '/root/ansible_provisioning_call.sh' 1566000 - KVM hypervisor profile does not contain guests running on it in the webui and creates duplicate profile with virt-who-* prefix 1566092 - using a filter for bastion layout/partials/table.html does not update the selected counts 1566166 - unable to register client to freshly installed capsule on fresh katello 1566540 - javascript error on new gpg key page 1566543 - [Satellite6] cd-rom settings in compute profile for vmware compute resource never showed as enabled 1568063 - [RFE] Hammer Job Cancellation 1568700 - Sat6.3.1 WEBUI Documentation link is unaccessible 1568838 - [RFE] Handle multiple capsules' ssh keys 1568848 - [RFE] Handle multiple capsules' ssh keys 1569395 - [Satellite 6] Adding search for lifecycle_environment or lifecycle_environment_id in role host fiter with permission view_hosts does not construct SQL querry when API is used 1571889 - [RFE] Allow override of tftpd.map file location and/or contents during installer upgrades 1571913 - Clean up EL6 and service-wait from Katello scripts 1574257 - katello-remove does not completely remove data on mounted filesystems 1575766 - Org/Loc Button ordering not the same when moved after window resize 1577014 - Missing "-name" option on "openssl pkcs12" command may cause incorrect nickname added to the katello nssdb 1577966 - In partition tables, problem with snippet check-box together with operating system 1578021 - [RFE] enable high availability when using ovirt compute resource 1578022 - [RFE] As an API user, I should be able to compare the Packages of a Content View Version to the Packages in Library. 1578470 - [RFE] allow configuration of helloMaxAge and helloInterval 1579876 - MMV stats disappear rendering pmlogger unable to restart 1582210 - Create RHEV host: Listing Images produces traceback when no images on CR 1582293 - Unable to unset proxy settings once set 1582484 - [RFE] As an API user, I should be able to compare the Errata of a Content View Version to the installable Errata in Library. 1583318 - hammer recurring-logic list command does not accept options --per-page or --page but suggests those option 1584162 - Error: No such repository with name 1585410 - some tasks in Monitor -> Tasks have "N/A" in a first column 1586271 - SSL 64-bit Block Size Cipher Suites Supported (SWEET32) 1586336 - The checksum type configuration of yum distributor should always fallback to the scratchped if it is not explicitly set to use a particular checksum type by the user. 1589515 - [RFE] Add kernel version to the hosts inventory report 1589625 - no unique constraint to the name column on the roles table 1589736 - Can not delete organization, if virt-who is configured 1591731 - [RFE] Audit discovery of new host and provision actions 1592570 - [RFE]: Ship Ansible Playbook for bootstrap.py as part of the katello-client-bootstrap package. 1593253 - installer missing --upgrade-mongo-storage option 1593647 - EC2 CR create with invalid data -> uninitialized constant ComputeResourcesController::OVIRT 1594289 - [RFE] Dashboard: Show a list of hosts with an expired token 1594882 - [RFE] Enable configuration setting to turn on foreman tasks cleanup logging 1595784 - Missing hammer command for BMC boot API 1595924 - production.log filled with too many no route errors for rhsm/consumer URLs for accessible_content calls 1596372 - [RFE] Dependency calculations in Satellite should handle rich dependencies 1596504 - hammer hostgroup info --output json returns json including non unique keys 1596885 - Manifest upload UI status bleeds into other orgs 1597035 - [RFE] RH Repos Content type filter default text could be better 1597089 - [RFE] Subscriptions "Export CSV" functionality should include/offer org in filename 1597208 - Partition table not set for host when using hammer cli, provisioning method bootdisk and host group 1597968 - Provisioning a new host with bond interface without domain and subnet failed with undefined method `vlanid' for nil:NilClass 1598928 - CVE-2018-10917 pulp: Improper path parsing leads to overwriting of iso repositories 1599303 - after new host group is created search doesn't work properly, search menu opens the create host group 1600095 - Non admin user is unable to see the audits for katello and taxable resources created by admin using Any Location context 1600450 - command "foreman-rake reports:expire" does not delete reports 1600710 - Breadcrumb switcher in Host Facts page is missing 1601155 - Templates get rendered when visiting job invocation details, leading to slow UI 1601762 - accessing subscription.rhn.redhat.com unexpectedly 1602110 - The number of MAX_RETRIES exceeded: PersistenceError in executor: terminating when running tasks are removed from database 1602367 - Hammer/API - wrong error message 1603185 - RHV4: Unable to do network provision host on RHV, auto selects blank template 1603219 - '--owner' key/value not recognized anymore with 'hammer host create' (Satellite 6.3.2) 1606236 - Subscription info can show many provided products 1606369 - [RFE] De-emphasize yStreams in the repos page 1607207 - [RFE] Job_invocation reset API could support its output being formatted in clean JSON by providing an API endpoint 1607845 - Monitor Tasks export is empty 1608400 - [File Repository] - All Repositories are shown for file content instead of contained Library Repositories 1609567 - Hostgroup can save without 'Partition table' even 'Operating system' selected 1612921 - Getting error "Oops, we're sorry but something went wrong undefined method `port' for #" while associating VMs to compute resource 1612959 - Per-page setting does not work in RPM and repo listings 1613304 - hammer subnet create do not honor the default organization and location 1613679 - VMWare SCSI PV driver not present in FDI initramdisk 1614768 - [RFE] API Support for easier use of Smart-Class Param Overrides 1614927 - [RFE] Provide the ability to delete a lifecycle environment from the middle of an existing path 1615800 - Export list of content host do not honour search filter 1616153 - [RFE] Support of modular errata and its applicability 1618485 - Subscription details doesn't show in web UI 1618811 - boostrap.py fails when registering nodes with org_environment contentAccessMode 1618868 - Breadcrumb bar for smart class parameter doesn't contain name. 1618872 - Breadcrumb bar on OS page doesn't show name of OS 1619284 - [Sync Plan] - Buttons are getting disabled after putting duplicate Sync Plan Name 1620179 - no way to list cluster IDs inside compute resource 1622802 - Running Ansible role fails with: Actions::ProxyAction::ProxyActionMissing: Proxy task gone missing from the capsule 1623277 - katello-host-tools triggers package profile update at install-time, potentially causing issues at scale. 1623937 - Extra logging in Satellite 6.4 Production logs 1624401 - Discovery templates are not assigned to default org 1624416 - Hammer command with content view version --order is not working as expected. 1624479 - Show Repo Label on Enabled repos results 1625109 - katello-debug.sh still calls katello-service status rather than foreman-maintain 1625174 - Two meanings of "Enabled" on new Subscription tab might cause confusion 1625649 - Yum plugins are loaded multiple times after updating the host to the latest katello-agent packages 1625965 - RHEL8 provisioning requires more than one enabled repository 1626113 - Some default values not shown in Settings page tool tips 1626114 - Header logo is not branded in upstream nightly + foreman_theme_satellite 1626119 - [RFE] Non-default settings should be bolded. 1626138 - When Setting has a "empty" default, the tool tip shows an empty string. 1626178 - Validation failed: Cannot set auto publish to a non-composite content view 1626494 - New Repositories page needs a clear option for the search bar. 1626956 - Internal Server error when matcher #23 is created for smart class parameter 1627640 - recurring jobs ignore organization context of host search 1628488 - Incorrect spelling of an operating systems list im provisioning cloud instances 1628505 - Ansible processes might get killed when logrotate runs for smart_proxy_dynflow_core 1628544 - ActiveRecord::RecordInvalid error when syncing RHEL 7 s390x kickstart repo 1628561 - hammer job-invocation output returns ISE on providing invalid invocation id 1628638 - The termination procedure after memory threshold exceeded can get stuck, waiting infinitely for some events to occur 1629564 - [RFE] Able to search Puppet parameters alphabetically 1631019 - [RFE] Satellite 6.x bootstrap is too aggressive and shouldn't run 'yum clean all' 1631299 - [RFE] bootstrap.py should support python 3 1632111 - repositories-validate check don't consider custom organization/activation key 1632626 - only "katello" and "satellite" rpms require java-1.7.0-openjdk*, candlepin requires java-1.8.0 1633236 - changing "per page" on Monitor -> Jobs does not have any effect 1633347 - Virt-who configs are tied to organization, but deploy command does not include org ID. 1633360 - Allow admin to opt-out from the Brute-force attack protection 1633937 - Manifest refresh fails with error "Failed to import archive" 1635364 - Failed to upload to Foreman, saving in spool. Failed with: Net::ReadTimeout 1635540 - Running a `sync_task` while the tasks service gets restarted might lead to passenger process hanging forever 1635680 - 6.4 snap25 bug joining a realm on kickstart 1636052 - "404 Not Found" when querying images without OS selected in Create Host dialogue 1636446 - [RFE] New Audit UI as per new UX design 1637042 - undefined method `[]' for nil:NilClass when more virt-who reports are sent a short time after other 1637431 - Branding changes after layout change 1637436 - The default Organization Admin role has double (Miscellaneous) filter 1637883 - Improve help text for RHV attributes, where ever user needs to pass ID's 1637955 - Satellite fails to create VMs on RHV system based on a template. 1638130 - CVE-2018-14664 foreman: Persisted XSS on all pages that use breadcrumbs 1638223 - Capsule scenario should enable REX by default 1638781 - Unable to create Content Credential bookmark via WebUI 1638866 - [RFE] Shorten name of "subscription-manager" zypper plugin to rhsm for readability. 1638906 - Update Foreman Hammer CLI VMware helpers 1639352 - When deleting content views, UI indicates wrong number of environments 1639406 - [RFE] Add support for sha512 1639676 - Unable to persistently set redirect_host for lazy sync to empty value 1640628 - Prevent multiple instances of /usr/bin/smart-proxy-openscap-send 1640644 - [RFE] Add switch to hammer CLI to disable the defaults 1640686 - While upgrading satellite from 6.3->6.4, satellite-installer does not perform remove_legacy_mongo step in some situations which results in error 1641017 - Upgrade to Satellite 6.4 is failning on script 20180516103339_update_idm_params.rb 1641266 - Wrong counts of success/fail/pending tasks on Bulk actions 1641785 - Upgrade from Satellite 6.3.4 to 6.4.0 fails in "Upgrade Step: clear_checksum_type..." 1641864 - Missing module errors after upgrading to gofer-2.12.1-1 1642088 - Upgrade from 6.3.4 to 6.4 is failing on foreman-rake katello:import_subscriptions 1642496 - improper command given in output of "katello-certs-check" 1642549 - Content Host filter is showing only 1 page of result 1643130 - Satellite Tools repository/module for RHEL8 1643432 - Subscription Status Widget showing incorrect information on Dashboard 1643740 - [6.5] No SCAP content profiles in default scap-contents 1643818 - Cannot update GPG Key on created product 1643871 - qdrouterd listens on 127.0.0.1 only 1644127 - Adding subscription shows notification with html tags 1644144 - katello-certs-check output shows foreman-installer/foreman-proxy-certs-generate 1644189 - Importing ansible role gives wrong number of arguments (given 1, expected 0) 1644191 - blue flashing(upstream) page appears when login page is visited. 1644192 - Test connection on compute resource shows notification with html tags 1644208 - Dependency issue while installing katello-agent on RHEL6 and RHEL5 1644354 - [RHEL 7.6] Satellite Update failed due to dependency issue Package: ant-junit-1.9.2-9.el7.noarch Requires: ant = 1.9.2-9.el7 1644571 - [RFE] Add Red Hat Satellite Maintenance 6 in recommended repositories 1644586 - System admin role cannot create new organizations 1644593 - Content View Version export breaks while exporting to relative path 1644596 - [Tracker][QE] Content View Export Import 1644618 - Repo sync fails on FIPS enabled machine 1644823 - [RFE] allow import/export of composite content views 1645017 - Atomic repos sync fails with GLib.Error('Server returned status 404: Not Found', 'g-io-error-quark', 1) 1645057 - host_collection controller does not return host_ids key inside a POST response 1645144 - Unable to delete virt-who configuration from satellite. 1645174 - Reimporting the existing CV version should have more refined validation message 1645190 - CVE-2018-16887 katello: stored XSS in subscriptions and repositories pages 1645201 - CVE-2018-16861 foreman: stored XSS in success notification after entity creation 1645365 - Upgrade step katello:upgrades:3.8:clear_checksum_type from 6.4 to 6.5 failed 1645372 - capsule upgrade to 6.5 points the last scenario to foreman-proxy-content and removes capsule-answers 1645396 - add_permissions_to_default_roles fails during db:create 1645398 - [RFE] Add permissions to Canned admin 1645587 - Satellite throws Undefined method error while importing the CVv if clone CV isnt set 1645737 - Capsule upgrade to 6.5 failed with undefined method `enabled?' for nil:NilClass 1646184 - "the field 'created_at' in the order statement is not valid field for search" error on history tab of content view 1646409 - [Container Admin] Changing Registry Name Pattern in Library LE displays error; is saved anyway 1646603 - [Container Admin] Registry Name Pattern with repository.url will always be rejected 1646988 - Satellite upgrade from 6.4 to 6.5 failed at db:migrate 1647216 - Lack of edit_smart_proxies permission causes error when setting host to Build 1647582 - hammer task list --search no longer appears to search ID field 1647631 - [RFE] Change Katello bootstrap.py to preserve rhsm proxy settings 1647762 - Satellite does not import facts from virt-who reported Hypervisors 1647799 - "Maximum call stack size exceeded" error when opening running task in web UI 1647938 - Update default RSS feed to point to new Blog location 1648121 - [6.4]After unregistering hypervisor, unable to view subscriptions on activation key via Satellite WebUI 1648252 - Error after upgrade on subscription page 1648331 - "Request failed with status code 404" error on Tasks page 1648344 - Can't sync discovered containers without slash in name from Docker.io registry 1648358 - [Container Admin] Failed promotion of CV with containers - error message is unhelpful 1648473 - In satellite 6.4 under the Content -> Packages -> Enter Package Name->Details Sections , the installed on,applicable to,upgradable for shows as 0 hosts. 1648506 - virt-who is failing when pushing the information to the Satellite Server 1648903 - Product sync: wrong link to task 1649040 - Update for host task is no clear with what happened, and next steps 1649231 - hammer --help does not work with --output json, csv and yaml 1649471 - [Container Admin] Docker repositories sync - Limit Sync Tags is ignored 1649766 - User input handled incorrectly in preview 1649800 - Preview host set should be limited or generating should be confirmed 1649866 - [Container Admin] Changing repository of any type through web UI changes "Container Image Tags Filter" field value 1649871 - [Container Admin] hammer shows "Container Image Tags Filter" for non-docker repositories 1649938 - Pulp_max_tasks_per_child is disabled in capsule but not in satellite 1649961 - Corrupt Roles after upgrade to 6.4 1650063 - Applicable errata reporting template missing in 6.5 1650259 - slow errata query on dashboard 1650543 - Excessive logging of OpenScap report via Rails 1650624 - Compute profile settings do not get transported during upgrade from Satellite 6.3 to 6.4 1650662 - Dashboard with search query generates multiple slow queries 1651006 - SCAP run failed on RHEL6 with error no such file to load -- json (LoadError) 1651013 - Job name displayed with html tags 1651129 - organization changed from Default org to [object Object] on sync status page in satellite WebUI. 1651189 - /etc/rhsm/rhsm.conf is being incorrectly edited during registration 1651242 - Satellite 6 should expose suse client repos via http 1651324 - [Subscriptions] "Partition table" string is displayed instead of "Enabled" 1651367 - Actions::Candlepin::ListenOnCandlepinEvents occasionally not starting after unclean shutdown of the executor 1651634 - Capsule 05-pulp-https.conf is using old ProxyPass directive for GPG keys (i.e missing the /v2/) 1651774 - Hypervisor <-> guest mapping within UI is not accurate 1651852 - Missing timeout for "Actions::Katello::Host::Package::Update" task 1651916 - Host details/associated host button on discovered host audit gives 404 1651981 - view_subscription filter does not allow subscriptions to be viewed 1652060 - Singleton actions may not start after unclean shutdown 1652423 - Failed to auto-attach RHEL-8.0-Snapshot-1.0 against Satellite6.4 1652497 - Missing consumed and entitlements columns at subscriptions page 1652526 - [RFE] The CV exported tar should have name respective to Content View name 1652531 - CV with repo having background download policy is importing and exporting 1652557 - Unable to search host in host search box page 1652677 - "Host Groups" menu item changed to "Host Group" 1652732 - Virt-who reported host on Satellite WEB-UI , under Hosts---> Content Hosts shows "Type" as blank 1652885 - [Modularity][RHEL8]- RHEL8 HBT repo sync are failed to sync module streams 1652905 - Scriptlet error while upgrading to 6.5 in foreman-installer-1.20 1652909 - Upgrade from 6.4 to 6.5 failed showing PG::UndefinedTable: ERROR: relation "katello_root_repositories" does not exist 1652938 - blank page on navigating from foreman to katello page 1652961 - blank affected organizations/locations for restricted user 1653200 - Wrong autocomplete suggestion for xccdf_rule_name parameter 1653251 - Activation key search is broken 1653386 - Can't search for virt-who hypervisors 1653584 - [Life Cycle Environment] - Duplicate repos are getting displayed in Library->yum repositories 1653646 - [Recurring logic/Sync Plan] - Associated Resources are not shown in Recurring Logic created using sync plan 1653657 - [Recurring Logic] -- UI issue on recurring logic page 1653792 - Content credential repo page is broken 1654094 - system purpose status on Satellite is not correct 1654160 - undefined method medium_uri in AutoYaST default iPXE template 1654217 - Dynlfow undefined method `dynflow_logger' 1654263 - Non-admin user can't generate report if it has any user input 1654327 - Missing value for template kind in provisioning templates audits 1654565 - katello-ca-consumer-latest.noarch.rpm script, some redirect writing is wrong. 1654598 - CVv with mirror_on_sync repo is being imported 1654721 - [Container Admin] hammer lifecycle-environment info doesn't show Registry-related fields 1654944 - No validation on download policy for non-yum repositories 1654975 - Dynflow executor termination may hang if there is an action which keeps the executor occupied 1655094 - Additional new lines in remote execution output 1655239 - Could not enable redhat repository using hammer cli 1655243 - Syncing puppet repo gives Error: PLP0034: The distributor indicated a failed response when publishing repository 1655277 - Upgrade step katello:upgrades:3.9:migrate_sync_plans failed while 6.4 to 6.5 upgrade 1655407 - [Sync Plan] - Hammer Sync-Plan info does not show foreman_tasks_recurring_logic_id 1655483 - Importing manifest from UI is broken : TypeError: Cannot read property 'title' of undefined 1655595 - Sync plans does not start 'repositories sync' first time as per defined "Start Date" and same happened for all 'hourly/daily/weekly' Intervals 1655628 - Registered hosts' report performs poorly 1655870 - Unable to delete filters on a Role using system admin 1655981 - Importing manifest gets slow with increasing number of organizations 1655982 - [Module Streams] - Getting a blank page with an error in console for modules streams details Page 1656043 - Provide a branded satellite-maintain script 1656078 - [Module Streams] - "Filter by Status:" is not working if user tried to use pagination 1656425 - Upgrade step katello:upgrades:3.8:clear_checksum_type from 6.3 to 6.4 failed - Download policy Cannot sync file:// repositories with On Demand or Background Download Policies 1656470 - Available Errata report performs poorly for some filters 1656478 - Add support for multipart proxy upload for new platform services 1657062 - Link to 'Learn more about this in the documentation' for Config Goups is incorrect. 1657302 - HTTP Proxies option called "HTTP Capsules" in menus. 1657475 - katello-agent failed because qdrouterd it is not listening to an IPv6 address (just IPv4) 1657699 - [Modularity] - Need to run "/usr/libexec/rhsmcertd-worker" every time to see updated module stream profiles 1657711 - Exporting CV version with non-yum repos not producing correct error for end user 1657719 - Subscription allocation on customer portal changes back to 6.3 from 6.4 after a manifest refresh from upgraded satellite server. 1657942 - Update system purpose Candlepin API usage 1658130 - Typos in user inputs description 1658157 - User name is not displayed for non default account 1658193 - Bump ovirt_provision_plugin to 2.0.3 1658274 - [Container Admin] hammer docker manifest list never shows docker tag names 1658364 - Foreman background colors used on some error pages. 1658444 - Ostree repo sync fails with 'OverflowError: MongoDB can only handle up to 8-byte ints' 1658474 - sub-menu menus being hidden too quickly 1658592 - [Product]- Sync Plan Interval and timing is shown incorrectly in Product Details Page If Sync Interval is Custom Cron 1658659 - Error When Creating or Editing Host Group With Operating System 1659014 - Unable to use auto-attach hitting Cannot read property "length" from undefined (rules#2926) 1659042 - Bootdisk does not validate media leading to Medium cannot be blank error during bootdisk provision method 1659324 - While executing insights remediation playbooks via satellite it does not honour HTTP Proxy configured 1659549 - productid is not published in the content view if that is the only item which changed in the sync 1659917 - Make request ID longer in production.log 1659941 - hammer erratum list --organization-id="org_id" display all organizations erratum 1660133 - hammer repository info show "Red Hat Repository: no" for a Redhat enabled repository 1660258 - Issue when provision a new Content Host (the network used is different from the selected on the compute profile) 1660489 - Fact imports erroneously cause audits to be created 1660497 - sometimes RHEL8 Beta sync fails: PG::UniqueViolation: ERROR: duplicate key value violates unique constraint "katello_module_stream_artifacts_name_mod_stream_id_uniq" 1660561 - `yum remove java-1.7.0-openjdk` pulls in katello and satellite as dependencies 1661019 - [Container Admin] docker pull does not work 1661422 - Recommended Repositories lists tools for outdated Satellite version 1661483 - Ansible Job Templates fails because sudo password is not provided even though it is 1661498 - Failure parsing Discovery Red Hat kexec: Safemode doesn't allow to access 'append' on # 1661971 - Update from 6.4.1 to 6.5 failed due to yum dependency resolution 1662150 - [RFE][Hammer/Errata/module streams] - Need to add module streams in hammer o/p for "host errata info" 1662164 - Compute Resource Libvirt show wrong Display Type in Edit Page. 1662405 - 403 on attempt to open Packages Actions tab as user with viewer role 1663021 - Error when uploading a manifest file on the disconnected Satellite Server 1664261 - unable to change Red Hat CDN URL: Value (NilClass) '' is not any of: ForemanTasks::Concerns::ActionSubject. 1664281 - it would not possible to provision RHEL 8 Beta (and GA) for disconnected customers 1664296 - error message have wrong links: Failure parsing Kickstart default PXELinux: undefined method `full_path' for nil:NilClass. [Edit] 1664436 - disable host-tools plugins where subman supports combined profile 1664641 - cannot restore backup what was created before upgrade-mongo-storage-engine 1664948 - There is no "Type" attribute column for subscription under "Content" -> "Subscriptions" 1665173 - Dependencies of rubygem-smart_proxy_dhcp_infoblox are missing 1665203 - custom system purpose values not shown in content host details dropdowns 1665466 - satellite-installer --upgrade qpid-config returned 1 instead of one of [0] 1665657 - Upgrade Step: katello:upgrades:3.11:update_puppet_repos failed during 6.4 to 6.5 upgrade 1665780 - hammer host create Error: Found more than one compute_profile 1666312 - Non-grammatical error message when docker tags whitelist is being set for non-docker repos 1666632 - Hammer CV export prints new line character in error message instead on implementing it 1666968 - [Subscription] - Not able to add RHEL8 repositories into Satellite 1667129 - Providing custom=false to products controller does not filter out custom products 1667704 - Not able to delete user associated with usergroup 1667775 - [RFE] Satellite 6.4 WebUI Capsule documentation link is incorrect 1668449 - Unable to refresh manifest or complete Expired Pools job 1669186 - Manifest upload task takes too much time 1669241 - Manifest can be refreshed only by the user who imported. Other user can't refresh that. 1669484 - Red Hat Enterprise Linux Atomic Host (Kickstart) repo is showing "Unspecified" 1670002 - wrong ordering of a smart variable matchers applied when a parameter is in a compound matcher and also standalone 1670090 - Hammer CSV should be deprecated 1670100 - [RFE] RHEL8 Support in Satellite 6 [tracker] 1670104 - [RFE] Add System Purpose to Satellite 6 1670125 - Red Hat Repositories does not show enabled repositories list with search criteria 'Enabled/Both' 1670173 - [RFE] Foreman canned admin 1670276 - Unable to synchronise a repository that uses SSL certificates for authentication 1670524 - Html numeric code is displayed on task page 1670729 - some host group related options are not getting assigned to content host. 1671148 - hammer host update not showing --lifecycle-environment option 1671202 - Capsule sync failed with undefined method `backend_service' for nil:NilClass after upgrade to 6.5 1671517 - hammer host update --service-level fails with Numeric Value is required 1671531 - Expose route for system purpose compliance 1671577 - Regenerate applicability fails when there is a missing repo 1672426 - Remove Red Hat Access Case Management Plugin 1672498 - Change permissions for grub2/shim.efi 1672751 - scan_cdn task failed while enabling red hat repositories from cdn 1673032 - when I sync RHEL8 x86_64 BaseOs and AppStream repos and kickstarts, I do not see "Synced Content" in Hosts -> Create Hosts -> Operating System -> Media Selection 1673215 - Unable to sync 3 SLES Update repositories 1673326 - "Red Hat Registry" is ambiguous 1673474 - vmware compute-attributes scsi_controller_type not honored 1674496 - foreman-rake command throw lot of Warning messages while running any rake commands 1674548 - Recommended repositories page on Satellite 6.5 page listing some non-relevant repositories 1676642 - [Modularity, discovery] - Showing empty discovery repo for repo url containing module streams 1676663 - service command can't connect to remote mongodb 1677014 - Improve diagnostic info for bootstrap.py --rex commands 1677309 - Not able to run Ansible playbooks under Access Insights 1677620 - Clicking on Host count under Ansible Roles, shows null results. 1677773 - hammer erratum list fails for host 1677916 - Clone vm fails with error "TypeError: no implicit conversion of nil into String" if host is disassociated 1678177 - Changing Sync plan from Default options to Custom Cron does not work. 1678322 - httpd fails to start after installing capsule in FIPS mode 1678763 - Please add Red Hat Enterprise Linux 7 Server Kickstart x86_64 7.x into recommended list 1678770 - Status of Module Stream is not correctly updated in web UI 1678892 - system purpose dropdowns are not disabled when no values present 1679481 - Discovery taxonomy broken due to regression in puppet importer 1679959 - Link to the documentation at the bottom of 'Hosts --> Content Hosts --> Register Content Host' page is broken 1680067 - Documentation link is wrong for Infrastructure > HTTP Capsules 1680441 - customer db upgrade from 6.4 to 6.5 failed at upgrade task: katello:upgrades:3.11:update_puppet_repos 1681009 - Could not perform package actions on rhel 5 clients 1683081 - when candlepin is in "SUSPEND" mode, `hammer ping` still reports "ok" on candlepin 1683096 - hammer sync-plan update does not work with custom cron 1683350 - FIPS provisioning templates need to be updated 1683592 - Exporting a CV with only puppet modules raises a tar error 1683687 - improve Katello::Pool.import_all by querying candlepin activation keys once per each org only 1683935 - Unable to create docker repository when "Registry Name Pattern" is set in LE 1684291 - [regression] No saved searches listed ( bookmarks ) in Monitor -> Tasks 1685437 - [webUI, Repo-Discovery]- Failed to discover the repository from Repo Discovery Page 1685726 - Unhelpful error message when "Suggest IP" fails due to SSL verify error 1686013 - Unable to install katello-agent on rhel 8 : nothing provides python3-qpid-proton needed by python3-gofer-proton 1686460 - "Requires Virt-Who" column not listed on Red Hat Subscriptions page 1686540 - Update version to state 6.5 Beta for Public Beta 1686604 - manifest upload duplicate key value violates unique constraint 1686964 - [Modularity] - RHEL 8 Appstream/BaseOS beta Repositories not getting available to the content host. 1687190 - sporadic timeouts in opening TCP connection prevents Satellite upgrades 1687250 - Remove Beta from version on login page before GA 1687264 - Could not install katello-host-tools-tracer on rhel 8 : nothing provides python3-beautifulsoup4, python3-psutil needed by python3-tracer 1687378 - Create host for esxi hypervisor fails with Validation failed: Name has already been taken error 1687577 - [Repo-Discovery] - Duplicate URLs getting appended in while creating repos from repo-discovery feature 1687956 - 6.5 Branding 1688636 - Missing checkbox to toggle between applicable errata and installabe errata in the errata content hosts page. 1688840 - Candlepin connection times out on large virt-who checkins 1688973 - Manifest refresh does not import new CDN certificates into Pulp 1689144 - No puppet agent in rhel 8 tools repository 1689240 - Incorrect size of a rebranded icon 1690390 - Enable GA repositories for 6.5 upgrade 1690449 - Satellite UI page headers and Navigation missing when selecting insights pages 1690795 - Remove Grub2 UEFI HTTP options from PXE loader 1691105 - Content view version delete results in broken sym links 1692009 - Javascript error on accessing red hat subscription and repository page 1692697 - virt-who hypervisor_id has different behaviors between sat6.5-snap20 and sat6.5-snap21 1693867 - CVE-2019-3891 candlepin: credentials exposure through log files 1694715 - on big katello-agent update: PG::StringDataRightTruncation: ERROR: value too long for type character varying(255) 1695379 - Update syspurpose status handling to match Candlepin 1696273 - Katello::Content uses removed Katello::Glue::Candlepin::Product.import_product_content 1696718 - arrayIndexOutOfbounds wrapped in JsonMappingException during serializing java.util.Date fields 1696969 - Unable to upload arf report on rhel 6 client: unexpected '.', expecting kEND (SyntaxError) 1698549 - Incremental publish of RPM repos fails after upgrade from 6.4 to 6.5 1698876 - Registered Hosts: inefficient google-style filter 1698947 - Puppet environments are not synced to the capsules 1699017 - rubygem-smart_proxy_dhcp_infoblox and rubygem-smart_proxy_dns_infoblox not avaliable in capsule repo