RHEA-2019:1283: Red Hat Enhancement Advisory: RHUI 3.1 bug fix and enhancement update

Updated RHUI 3 packages that fix several bugs and various enhancements are now available.Red Hat Update Infrastructure (RHUI) is a highly scalable, highly redundant framework that enables you to manage repositories and content. It also enables cloud providers to deliver content and updates to Red Hat Enterprise Linux (RHEL) instances. Based on the upstream Pulp project, RHUI allows cloud providers to locally mirror Red Hat-hosted repository content, create custom repositories with their own content, and make those repositories available to a large group of end users through a load-balanced content delivery system. Important: as of version 3.1, RHUI will not be supported on RHEL 6 anymore. This and future updates will only be made available for RHEL 7. Users of RHUI on RHEL 6 are encouraged to migrate to RHEL 7. The MongoDB packages have been upgraded to upstream version 2.6, which provides a number of bug fixes and enhancements over the previous version. (BZ#1487523) The Pulp packages have been upgraded to upstream version 2.18, which provides a number of bug fixes and enhancements over the previous version. The following list includes notable bug fixes:

• When an updated version of updateinfo.xml.gz is found in Red Hat CDN, the previously saved updateinfo.xml.gz file is no longer kept locally in order to save disk space. Note that updateinfo.xml.gz files saved prior to this update will not be deleted after the next synchronization by Pulp 2.18. Remove them by hand or using the script described in the solution article which is linked in the References section. (BZ#1593218)
• If an erratum affects multiple repositories, the updateinfo.xml.gz files are correctly generated for all of them so that the “yum updateinfo” command can correctly display the relevant errata information. (BZ#1599116)
• The Red Hat Enterprise Linux 7 Server from RHUI repository has recently started to fail to synchronize, with an error message stating “DocumentTooLarge: BSON document too large.” As a consequence, kernel-3.10.0-957.12.1.el7 was not available in RHUI. This problem has been fixed, and the repository can be synchronized correctly. (BZ#1707778) This update adds the following enhancements:
• As a Pulp-based solution, RHUI can serve as an alternate content source for another systems management product. A RHUI administrator can now create a configuration RPM containing files that allow the other product to download packages from RHUI. (BZ#1695464)
• Legacy Certificate Authority (CA) certificates can be installed on CDS nodes to keep clients from losing access to entitled repositories after a new CA certificate is deployed in RHUI 3. (BZ#1698806) Note: the System Administrator’s Guide, linked to in the References section, will be updated to reflect these enhancements shortly after the release of this advisory. Users of RHUI are advised to upgrade to these updated packages that fix these bugs and add these enhancements. Related CVEs:
• CVE-2018-10917: pulp: Improper path parsing leads to overwriting of iso repositories