Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Red Hat Satellite 6.9: RHSA-2022:8532-01 Critical: Request Smuggling Fix

red hat
Calendar Grey November 17, 2022
Dist Redhat Esm H88
Recent Satellite 6.9 updates address several bugs and urgent concerns for Red Hat, improving the safety of system management operations.
Updated Satellite 6.9 packages that fix several bugs are now available for Red Hat Satellite

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For detailed instructions how to apply this update, refer to:

https://docs.redhat.com/en/documentation/red_hat_satellite/6.9/html/upgrading_and_updating_red_hat_satellite/updating_satellite_server_capsule_server_and_content_hosts

Summary

Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.
Security Fix(es): * tfm-rubygem-puma: http request smuggling vulnerabilities (CVE-2022-24790)
This update fixes the following bugs: * 2038995: When executing the content migration (pre-upgrade process), there is a PG query created by pulp that will be sitting forever * 2074099: The errata migration continues to fail with "pymongo.errors.DocumentTooLarge: BSON document too large" error even after upgrading to Satellite 6.9.8 * 2081560: ForeignKeyViolation Error with docker_meta_tags * 2091438: Use of content.count() in app/models/repository.py seems to hit an error * 2093829: 'foreman-maintain content migration-stats' command stucks and consume all memory * 2098221: Pulp 3 migration stats timing is too low for very large deployments * 2141348: It appears that the egg is downloaded every time
Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.

Topics%20covered

Topics Covered

security advisory system management package update security fix important update http request smuggling Red Hat Satellite

References

https://access.redhat.com/security/cve/CVE-2022-24790 https://access.redhat.com/security/updates/classification#important

Package List

Red Hat Satellite Capsule 6.9:
Source: satellite-6.9.10-1.el7sat.src.rpm
noarch: satellite-capsule-6.9.10-1.el7sat.noarch.rpm satellite-common-6.9.10-1.el7sat.noarch.rpm satellite-debug-tools-6.9.10-1.el7sat.noarch.rpm
Red Hat Satellite 6.9:
Source: python-pulp_2to3_migration-0.11.13-1.el7pc.src.rpm satellite-6.9.10-1.el7sat.src.rpm tfm-rubygem-foreman_rh_cloud-3.0.33-1.el7sat.src.rpm tfm-rubygem-katello-3.18.1.55-1.el7sat.src.rpm tfm-rubygem-puma-4.3.12-1.el7sat.src.rpm
noarch: python3-pulp-2to3-migration-0.11.13-1.el7pc.noarch.rpm satellite-6.9.10-1.el7sat.noarch.rpm satellite-cli-6.9.10-1.el7sat.noarch.rpm satellite-common-6.9.10-1.el7sat.noarch.rpm satellite-debug-tools-6.9.10-1.el7sat.noarch.rpm tfm-rubygem-foreman_rh_cloud-3.0.33-1.el7sat.noarch.rpm tfm-rubygem-katello-3.18.1.55-1.el7sat.noarch.rpm
x86_64: tfm-rubygem-puma-4.3.12-1.el7sat.x86_64.rpm tfm-rubygem-puma-debuginfo-4.3.12-1.el7sat.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2022:8532-01
Product: Red Hat Satellite 6
Advisory URL: https://access.redhat.com/errata/RHSA-2022:8532
Issue date: 2022-11-17

Topic

Updated Satellite 6.9 packages that fix several bugs are now available forRed Hat Satellite.

Topics%20covered

Topics Covered

security advisory system management package update security fix important update http request smuggling Red Hat Satellite

Relevant Releases Architectures

Red Hat Satellite 6.9 - noarch, x86_64

Red Hat Satellite Capsule 6.9 - noarch

Bugs Fixed

2038995 - When executing the content migration (pre-upgrade process), there is a PG query created by pulp that will be sitting forever

2071616 - CVE-2022-24790 puma-5.6.4: http request smuggling vulnerabilities

2074099 - The errata migration continues to fail with "pymongo.errors.DocumentTooLarge: BSON document too large" error even after upgrading to Satellite 6.9.8

2081560 - ForeignKeyViolation Error with docker_meta_tags

2091438 - Use of content.count() in app/models/repository.py seems to hit an error

2093829 - 'foreman-maintain content migration-stats' command stucks and consume all memory

2098221 - Pulp 3 migration stats timing is too low for very large deployments

2141348 - It appears that the egg is downloaded every time

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here