(RHSA-2024:1536) Moderate: Satellite 6.14.3 Async Security Update

Red Hat Satellite is a system management solution that allows organizations
to configure and maintain their systems without the necessity to provide
public Internet access to their servers or other client systems. It
performs provisioning and configuration management of predefined standard
operating environments.
Security Fix(es):

• automation-hub: Ansible Automation Hub: insecure galaxy-importer tarfile extraction (CVE-2023-5189)
• python-aiohttp: aiohttp: follow_symlinks directory traversal vulnerability (CVE-2024-23334)
• python-aiohttp: http request smuggling (CVE-2024-23829)
• python-aiohttp: numerous issues in HTTP parser with header parsing (CVE-2023-47627)
• python-aiohttp: aiohttp: HTTP request modification (CVE-2023-49081)
• python-django: Denial-of-service possibility in django.utils.text.Truncator (CVE-2023-43665)
• python-jinja2: jinja2: HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-22195)

Bug Fix(es):
2266107 - hammer host list does not print parameters even if they are present in the fields list like LCE and CVs.
2266110 - Incremental update of multiple CVs with same repo of different content generates wrong katello content
2266139 - Failed incremental CV import shows error: duplicate key value violates unique constraint “rpm_updatecollectionname_name_update_record_id_6ef33bed_uniq”
2266140 - wrong links to provisioning guide in CR help
2266142 - When using the customer data (json) with 13 diff conf files, we can see some weird behavior when updating the hypervisors
2266144 - Promoting a composite content view to environment with registry name as “<%= lifecycle_environment.label %>/<%= repository.name %>” on Red Hat Satellite 6 fails with “‘undefined method ‘#label’ for NilClass::Jail (NilClass)’”
2266145 - CertificateCleanupJob fails with foreign key constraint violation on table cp_certificate
2266146 - katello:reimport fails with “TypeError: no implicit conversion of String into Integer” when there are product contents to move
2266147 - Postgresql logs contain PG::UniqueViolation: ERROR: duplicate key value violates unique constraint “katello_available_module_streams_name_stream_context”
2266148 - Adding a CV to a CCV lists CV versions disorderly
2266149 - ‘Remove orphans’ task fails on DeleteOrphanAlternateContentSources step
2266413 - [RFE] “Add content view” window and “Update version” window should display content view version, description and publishing date
2266113 - [RFE] To make customers aware about satellite versions going EOL by adding warning banner on the Login page or on the Dashboard page.
2266141 - wrong link to scap content documentation
Users of Red Hat Satellite are advised to upgrade to these updated
packages, which fix these bugs.