Red Hat Satellite is a systems management tool for Linux-based
infrastructure. It allows for provisioning, remote management, and
monitoring of multiple Linux deployments with a single centralized tool.
Security Fix(es):
golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
GitPython: Insecure non-multi options in clone and clone_from is not blocked (CVE-2023-40267)
kubeclient: kubeconfig parsing error can lead to MITM attacks (CVE-2022-0759)
foreman: OS command injection via ct_command and fcct_command (CVE-2022-3874)
ruby-git: code injection vulnerability (CVE-2022-46648)
ruby-git: code injection vulnerability (CVE-2022-47318)
Foreman: Arbitrary code execution through templates (CVE-2023-0118)
rubygem-activerecord: SQL Injection (CVE-2023-22794)
openssl: c_rehash script allows command injection (CVE-2022-1292)
openssl: the c_rehash script allows command injection (CVE-2022-2068)
Pulp:Tokens stored in plaintext (CVE-2022-3644)
satellite: Blind SSRF via Referer header (CVE-2022-4130)
python-future: remote attackers can cause denial of service via crafted Set-Cookie header from malicious web server (CVE-2022-40899)
golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
rubygem-activerecord: Denial of Service (CVE-2022-44566)
rubygem-rack: denial of service in Content-Disposition parsing (CVE-2022-44570)
rubygem-rack: denial of service in Content-Disposition parsing (CVE-2022-44571)
rubygem-rack: denial of service in Content-Disposition parsing (CVE-2022-44572)
Foreman: Stored cross-site scripting in host tab (CVE-2023-0119)
puppet: Puppet Server ReDoS (CVE-2023-1894)
rubygem-actionpack: Denial of Service in Action Dispatch (CVE-2023-22792)
rubygem-actionpack: Denial of Service in Action Dispatch (CVE-2023-22795)
rubygem-activesupport: Regular Expression Denial of Service (CVE-2023-22796)
rubygem-globalid: ReDoS vulnerability (CVE-2023-22799)
rubygem-rack: Denial of service in Multipart MIME parsing (CVE-2023-27530)
rubygem-rack: denial of service in header parsing (CVE-2023-27539)
golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)
sqlparse: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) (CVE-2023-30608)
python-django: Potential bypass of validation when uploading multiple files using one form field (CVE-2023-31047)
python-requests: Unintended leak of Proxy-Authorization header (CVE-2023-32681)
python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator (CVE-2023-36053)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 8 | x86_64 | python39-pygments | < 2.14.0-1.el8pc | python39-pygments-2.14.0-1.el8pc.x86_64.rpm |
RedHat | 8 | noarch | foreman-telemetry | < 3.7.0.9-1.el8sat | foreman-telemetry-3.7.0.9-1.el8sat.noarch.rpm |
RedHat | 8 | x86_64 | cjson-debugsource | < 1.7.14-5.el8sat | cjson-debugsource-1.7.14-5.el8sat.x86_64.rpm |
RedHat | 8 | noarch | rubygem-crass | < 1.0.6-2.el8sat | rubygem-crass-1.0.6-2.el8sat.noarch.rpm |
RedHat | 8 | noarch | python39-enrich | < 1.2.6-5.el8pc | python39-enrich-1.2.6-5.el8pc.noarch.rpm |
RedHat | 8 | noarch | python39-sqlparse | < 0.4.4-1.el8pc | python39-sqlparse-0.4.4-1.el8pc.noarch.rpm |
RedHat | 8 | noarch | rubygem-deep_cloneable | < 3.2.0-1.el8sat | rubygem-deep_cloneable-3.2.0-1.el8sat.noarch.rpm |
RedHat | 8 | noarch | python39-aiosignal | < 1.3.1-1.el8pc | python39-aiosignal-1.3.1-1.el8pc.noarch.rpm |
RedHat | 8 | noarch | foreman-proxy-content | < 4.9.0-1.el8sat | foreman-proxy-content-4.9.0-1.el8sat.noarch.rpm |
RedHat | 8 | noarch | python39-pycodestyle | < 2.7.0-5.el8pc | python39-pycodestyle-2.7.0-5.el8pc.noarch.rpm |