For Red Hat Satellite 6.13, see the following documentation for the
release.
https://docs.redhat.com/en/documentation/red_hat_satellite/6.13
The important instructions on how to upgrade are available below.
https://docs.redhat.com/en/documentation/red_hat_satellite/6.13/html/upgrading_and_updating_red_hat_satellite/index
Red Hat Satellite is a systems management tool for Linux-based
infrastructure. It allows for provisioning, remote management, and
monitoring of multiple Linux deployments with a single centralized tool.
Security Fix(es):
* CVE-2022-1471 CVE-2022-25857 CVE-2022-38749 CVE-2022-38750 CVE-2022-38751
CVE-2022-38752 candlepin and puppetserver: various flaws
* CVE-2022-22577 tfm-rubygem-actionpack: rubygem-actionpack: Possible
cross-site scripting vulnerability in Action Pack
* CVE-2022-23514 rubygem-loofah: inefficient regular expression leading to
denial of service
* CVE-2022-23515 rubygem-loofah: rubygem-loofah: Improper neutralization of
data URIs leading to Cross Site Scripting
* CVE-2022-23516 rubygem-loofah: Uncontrolled Recursion leading to denial
of service
* CVE-2022-23517 tfm-rubygem-rails-html-sanitizer:
rubygem-rails-html-sanitizer: Inefficient Regular Expression leading to
denial of service
* CVE-2022-23518 tfm-rubygem-rails-html-sanitizer:
rubygem-rails-html-sanitizer: Improper neutralization of data URIs leading
to Cross site scripting
* CVE-2022-23519 tfm-rubygem-rails-html-sanitizer:
rubygem-rails-html-sanitizer: Cross site scripting vulnerability with
certain configurations
* CVE-2022-23520 tfm-rubygem-rails-html-sanitizer:
rubygem-rails-html-sanitizer: Cross site scripting vulnerability with
certain configurations
* CVE-2022-27777 tfm-rubygem-actionview: Possible cross-site scripting
vulnerability in Action View tag helpers* CVE-2022-31163 rubygem-tzinfo: rubygem-tzinfo: arbitrary code execution
* CVE-2022-32224 tfm-rubygem-activerecord: activerecord: Possible RCE
escalation bug with Serialized Columns in Active Record
* CVE-2022-33980 candlepin: apache-commons-configuration2: Apache Commons
Configuration insecure interpolation defaults
* CVE-2022-41323 satellite-capsule:el8/python-django: Potential
denial-of-service vulnerability in internationalized URLs
* CVE-2022-41946 candlepin: postgresql-jdbc: Information leak of prepared
statement data due to insecure temporary file permissions
* CVE-2022-42003 CVE-2022-42004 candlepin: various flaws
* CVE-2022-42889 candlepin: apache-commons-text: variable interpolation RCE
* CVE-2022-23514 rubygem-loofah: inefficient regular expression leading to
denial of service
* CVE-2023-23969 python-django: Potential denial-of-service via
Accept-Language headers* CVE-2023-24580 python-django: Potential denial-of-service vulnerability
in file uploads
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
The items above are not a complete list of changes. This update also fixes
several bugs and adds various enhancements. Documentation for these changes
is available from the Release Notes document.
https://access.redhat.com/security/cve/CVE-2022-1471 https://access.redhat.com/security/cve/CVE-2022-22577 https://access.redhat.com/security/cve/CVE-2022-23514 https://access.redhat.com/security/cve/CVE-2022-23515 https://access.redhat.com/security/cve/CVE-2022-23516 https://access.redhat.com/security/cve/CVE-2022-23517 https://access.redhat.com/security/cve/CVE-2022-23518 https://access.redhat.com/security/cve/CVE-2022-23519 https://access.redhat.com/security/cve/CVE-2022-23520 https://access.redhat.com/security/cve/CVE-2022-25857 https://access.redhat.com/security/cve/CVE-2022-27777 https://access.redhat.com/security/cve/CVE-2022-31163 https://access.redhat.com/security/cve/CVE-2022-32224 https://access.redhat.com/security/cve/CVE-2022-33980 https://access.redhat.com/security/cve/CVE-2022-38749 https://access.redhat.com/security/cve/CVE-2022-38750 https://access.redhat.com/security/cve/CVE-2022-38751 https://access.redhat.com/security/cve/CVE-2022-38752 https://access.redhat.com/security/cve/CVE-2022-41323 https://access.redhat.com/security/cve/CVE-2022-41946 https://access.redhat.com/security/cve/CVE-2022-42003 https://access.redhat.com/security/cve/CVE-2022-42004 https://access.redhat.com/security/cve/CVE-2022-42889 Read the Full Advisory
Red Hat Satellite 6.13 for RHEL 8:
Source:
ansible-collection-redhat-satellite-3.9.0-2.el8sat.src.rpm
ansible-collection-redhat-satellite_operations-1.3.0-2.el8sat.src.rpm
ansible-lint-5.0.8-4.el8pc.src.rpm
ansible-runner-2.2.1-3.el8sat.src.rpm
ansiblerole-foreman_scap_client-0.2.0-2.el8sat.src.rpm
ansiblerole-insights-client-1.7.1-2.el8sat.src.rpm
candlepin-4.2.13-1.el8sat.src.rpm
cjson-1.7.14-5.el8sat.src.rpm
createrepo_c-0.20.1-1.el8pc.src.rpm
dynflow-utils-1.6.3-1.el8sat.src.rpm
foreman-3.5.1.14-1.el8sat.src.rpm
foreman-bootloaders-redhat-202102220000-1.el8sat.src.rpm
foreman-discovery-image-4.1.0-10.el8sat.src.rpm
foreman-discovery-image-service-1.0.0-4.1.el8sat.src.rpm
foreman-installer-3.5.2.1-1.el8sat.src.rpm
foreman-obsolete-packages-1.1-1.el8sat.src.rpm
foreman-proxy-3.5.1-1.el8sat.src.rpm
foreman-selinux-3.5.1-1.el8sat.src.rpm
katello-4.7.0-1.el8sat.src.rpm
katello-certs-tools-2.9.0-1.el8sat.src.rpm
katello-client-bootstrap-1.7.9-1.el8sat.src.rpm
katello-selinux-4.0.2-2.el8sat.src.rpm
libcomps-0.1.18-4.el8pc.src.rpm
libsodium-1.0.17-3.el8sat.src.rpm
libsolv-0.7.22-4.el8pc.src.rpm
libwebsockets-2.4.2-2.el8.src.rpm
mosquitto-2.0.14-1.el8sat.src.rpm
postgresql-evr-0.0.2-1.el8sat.src.rpm
pulpcore-selinux-1.3.2-1.el8pc.src.rpm
Read the Full Advisory
An update is now available for Red Hat Satellite 6.13. The release containsanew version of Satellite and important security fixes for variouscomponents.
Red Hat Satellite 6.13 for RHEL 8 - noarch, x86_64
1225819 - [RFE] Ability to sync from closest CDN mirror for Capsule
1266407 - IPA (external users) not able to authenticate using hammer CLI: invalid user / SSO failed
1630294 - [RFE] Remote execution overview dashboard should be more interactive like the Monitor Dashboard
1638226 - [RFE] Show difference in errata between ContentViewVersions
1650468 - [RFE] Allow to export Docker images from content views or as repository as part ISS
1761012 - [RFE] Ability to generate a report for ansible/remote execution task result.
1786358 - [RFE] Ability to make persistent changes in "ansible.cfg" on Satellite Server.
1787456 - [RFE] Candlepin log rotation settings should be user-configurable
1813274 - [RFE] Allow customers to be able to add more columns to 'All Hosts' page in Red Hat Satellite 6 webui.
1826648 - [RFE] new report template to list all the installed packages
1837767 - Errata search filtered with ID does not work in Web UI
1841534 - Provide support for "Privileged User" session when host console is being taken via cockpit from Satellite 6.7 UI
1845489 - Audit page shows "auditable id / Host2" for "Host1" but Host2 does not exist or deleted from the all hosts
1880947 - Satellite fails with "HTTP error (500 - Internal Server Error): PG::UniqueViolation: ERROR: duplicate key value violates unique constraint" while running concurrent registrations
1888667 - "Applied Errata" report template does not consider input "Up to" and "Since" in WebUI, hammer works
Get the latest Linux and open source security news straight to your inbox.