Red Hat Satellite 6.12: RHSA-2022:8506-01 Important Security Fixes
red hat
November 16, 2022
An update is now available for Red Hat Satellite 6.12
Solution
For Red Hat Satellite 6.12, see the following documentation for the
release.
https://access.redhat.com/documentation/en-us/red_hat_satellite/6.12
The important instructions on how to upgrade are available below.
https://access.redhat.com/documentation/en-us/red_hat_satellite/6.12/html/upgrading_and_updating_red_hat_satellite
Summary
Red Hat Satellite is a systems management tool for Linux-based
infrastructure. It allows for provisioning, remote management, and
monitoring of multiple Linux deployments with a single centralized tool.
Security Fix(es):
* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for
decompressed data (CVE-2021-37136)
* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may
buffer skippable chunks in an unnecessary way (CVE-2021-37137)
* python3-django: Possible XSS via template tag (CVE-2022-22818)
* tfm-rubygem-nokogiri: ReDoS in HTML encoding detection (CVE-2022-24836)
* tfm-rubygem-sinatra: Path traversal possible outside of public_dir when
serving static files (CVE-2022-29970)
* tfm-rubygem-git: Package vulnerable to Command Injection via git argument
injection (CVE-2022-25648)
* rubygem-rails-html-sanitizer: Possible XSS with certain configurations
(CVE-2022-32209)
* python3-django: Potential SQL injection via Trunc and Extract arguments
(CVE-2022-34265)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
The items above are not a complete list of changes. This update also fixes
several bugs and adds various enhancements. Documentation for these changes
is available from the Release Notes document.
References
https://access.redhat.com/security/cve/CVE-2021-37136 https://access.redhat.com/security/cve/CVE-2021-37137 https://access.redhat.com/security/cve/CVE-2022-22818 https://access.redhat.com/security/cve/CVE-2022-24836 https://access.redhat.com/security/cve/CVE-2022-25648 https://access.redhat.com/security/cve/CVE-2022-29970 https://access.redhat.com/security/cve/CVE-2022-32209 https://access.redhat.com/security/cve/CVE-2022-34265 https://access.redhat.com/security/updates/classification/#important
Package List
Red Hat Satellite 6.12 for RHEL 8:
Source:
ansible-collection-redhat-satellite-3.7.0-2.el8sat.src.rpm
ansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.src.rpm
ansible-lint-5.0.8-4.el8pc.src.rpm
ansible-runner-1.4.7-1.el8ar.src.rpm
ansiblerole-foreman_scap_client-0.2.0-2.el8sat.src.rpm
ansiblerole-insights-client-1.7.1-2.el8sat.src.rpm
candlepin-4.1.15-1.el8sat.src.rpm
cjson-1.7.14-5.el8sat.src.rpm
createrepo_c-0.20.1-1.el8pc.src.rpm
dynflow-utils-1.6.3-1.el8sat.src.rpm
foreman-3.3.0.17-1.el8sat.src.rpm
foreman-bootloaders-redhat-202102220000-1.el8sat.src.rpm
foreman-discovery-image-3.8.2-1.el8sat.src.rpm
foreman-discovery-image-service-1.0.0-4.1.el8sat.src.rpm
foreman-installer-3.3.0.8-1.el8sat.src.rpm
foreman-proxy-3.3.0-1.el8sat.src.rpm
foreman-selinux-3.3.0-2.el8sat.src.rpm
katello-4.5.0-1.el8sat.src.rpm
katello-certs-tools-2.9.0-1.el8sat.src.rpm
katello-client-bootstrap-1.7.9-1.el8sat.src.rpm
katello-selinux-4.0.2-2.el8sat.src.rpm
libcomps-0.1.18-4.el8pc.src.rpm
libdb-5.3.28-42.el8_4.src.rpm
libsodium-1.0.17-3.el8sat.src.rpm
libsolv-0.7.22-4.el8pc.src.rpm
libwebsockets-2.4.2-2.el8.src.rpm
mosquitto-2.0.14-1.el8sat.src.rpm
postgresql-evr-0.0.2-1.el8sat.src.rpm
pulpcore-selinux-1.3.2-1.el8pc.src.rpm
puppet-agent-7.12.1-1.el8sat.src.rpm
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Advisory ID: RHSA-2022:8506-01
Product: Red Hat Satellite 6
Advisory URL: https://access.redhat.com/errata/RHSA-2022:8506
Issue date: 2022-11-16
Topic
An update is now available for Red Hat Satellite 6.12. The release containsa new version of Satellite and important security fixes for variouscomponents.
Relevant Releases Architectures
Red Hat Satellite 6.12 for RHEL 8 - noarch, x86_64
Bugs Fixed
1309740 - [RFE] As a user, I want to schedule a job and receive an e-mail summary when it completes
1703496 - Satellite audits cleanup
1732590 - Cannot add filter on same RPM name with different architectures
1775813 - A publish content view displays (Invalid Date) for the date and time of when the content view was published.
1829468 - [RFE] Be able to retrieve the software vendor package from the installed package
1830968 - [RFE] API should return simple results to understand if the repositories for hosts are enabled or not.
1834897 - [RFE] Remove the configuration 'env=Library' created by the virt-who configuration plugin in the Satellite WebUI
1850393 - [RFE] REX Pull Provider
1868175 - Red Hat Satellite should notify about published content view while removing Lifecycle environment
1868323 - "Confirm services restart" modal window grammatically does not respect that multiple systems are selected for a reboot
1870816 - Deploy script breaks when the password of hypervisor contains single quotes
1879811 - [ALL_LANG] [SAT_6.8 | 6.9 | 6.10|6.11 ] Web elements are not localized (Available Button, ON/OFF Switch Button)
1884148 - description of filter_host_parents does not match virt-who-config
1892218 - Multi-page listing when adding repositories to Content Views confuses the number of repositories to add
1892752 - Scheduled job "Create RSS notifications" does not use proxy
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!