Sicherheit: Mehrere Probleme in Satellite - Pro-Linux

Login

Funktion steht nur registrierten Nutzern zur Verfügung!

Newsletter

Funktion steht nur registrierten Nutzern zur Verfügung!

Werbung

Lesezeichen hinzufügen

Sicherheit: Mehrere Probleme in Satellite

Name:	Mehrere Probleme in Satellite

ID:	RHSA-2024:2010

Distribution:	Red Hat

Plattformen:	Red Hat Satellite 6.15 for RHEL 8

Datum:	Di, 23. April 2024, 22:51

Referenzen:	https://access.redhat.com/security/cve/CVE-2023-41164 https://bugzilla.redhat.com/show_bug.cgi?id=2053416 https://bugzilla.redhat.com/show_bug.cgi?id=2209968 https://bugzilla.redhat.com/show_bug.cgi?id=2121957 https://bugzilla.redhat.com/show_bug.cgi?id=2125809 https://bugzilla.redhat.com/show_bug.cgi?id=2253212 https://bugzilla.redhat.com/show_bug.cgi?id=2251643 https://bugzilla.redhat.com/show_bug.cgi?id=2254408 https://bugzilla.redhat.com/show_bug.cgi?id=2173870 https://bugzilla.redhat.com/show_bug.cgi?id=2208557 https://bugzilla.redhat.com/show_bug.cgi?id=2252248 https://bugzilla.redhat.com/show_bug.cgi?id=2068527 https://bugzilla.redhat.com/show_bug.cgi?id=2253673 https://bugzilla.redhat.com/show_bug.cgi?id=2166428 https://bugzilla.redhat.com/show_bug.cgi?id=2168202 https://bugzilla.redhat.com/show_bug.cgi?id=2216533 https://bugzilla.redhat.com/show_bug.cgi?id=2254074 https://bugzilla.redhat.com/show_bug.cgi?id=2224170 https://bugzilla.redhat.com/show_bug.cgi?id=2254827 https://bugzilla.redhat.com/show_bug.cgi?id=2229095 https://bugzilla.redhat.com/show_bug.cgi?id=2131798 https://bugzilla.redhat.com/show_bug.cgi?id=2026701 https://bugzilla.redhat.com/show_bug.cgi?id=2239630 https://bugzilla.redhat.com/show_bug.cgi?id=2172384 https://bugzilla.redhat.com/show_bug.cgi?id=2180761 https://bugzilla.redhat.com/show_bug.cgi?id=2252945 https://bugzilla.redhat.com/show_bug.cgi?id=2215310 https://bugzilla.redhat.com/show_bug.cgi?id=2091900 https://bugzilla.redhat.com/show_bug.cgi?id=2255424 https://bugzilla.redhat.com/show_bug.cgi?id=2236693 https://bugzilla.redhat.com/show_bug.cgi?id=2125728 https://bugzilla.redhat.com/show_bug.cgi?id=2214331 https://bugzilla.redhat.com/show_bug.cgi?id=2071097 https://bugzilla.redhat.com/show_bug.cgi?id=2188287 https://bugzilla.redhat.com/show_bug.cgi?id=2164844 https://bugzilla.redhat.com/show_bug.cgi?id=2254230 https://bugzilla.redhat.com/show_bug.cgi?id=2254178 https://bugzilla.redhat.com/show_bug.cgi?id=2184151 https://bugzilla.redhat.com/show_bug.cgi?id=2256411 https://access.redhat.com/security/cve/CVE-2023-5189 https://access.redhat.com/security/cve/CVE-2024-22047 https://bugzilla.redhat.com/show_bug.cgi?id=2155083 https://bugzilla.redhat.com/show_bug.cgi?id=2070487 https://bugzilla.redhat.com/show_bug.cgi?id=2236502 https://access.redhat.com/security/cve/CVE-2024-23334 https://bugzilla.redhat.com/show_bug.cgi?id=2232500 https://bugzilla.redhat.com/show_bug.cgi?id=2251019 https://bugzilla.redhat.com/show_bug.cgi?id=2231814 https://bugzilla.redhat.com/show_bug.cgi?id=2181595 https://bugzilla.redhat.com/show_bug.cgi?id=2192939 https://bugzilla.redhat.com/show_bug.cgi?id=2153523 https://bugzilla.redhat.com/show_bug.cgi?id=2168503 https://bugzilla.redhat.com/show_bug.cgi?id=2236806 https://bugzilla.redhat.com/show_bug.cgi?id=1976213 https://bugzilla.redhat.com/show_bug.cgi?id=2165012 https://bugzilla.redhat.com/show_bug.cgi?id=1993917 https://bugzilla.redhat.com/show_bug.cgi?id=2249904 https://bugzilla.redhat.com/show_bug.cgi?id=2218278 https://bugzilla.redhat.com/show_bug.cgi?id=2253621 https://bugzilla.redhat.com/show_bug.cgi?id=2109740 https://access.redhat.com/security/cve/CVE-2024-23829 https://bugzilla.redhat.com/show_bug.cgi?id=2256154 https://bugzilla.redhat.com/show_bug.cgi?id=2252968 https://bugzilla.redhat.com/show_bug.cgi?id=2153548 https://bugzilla.redhat.com/show_bug.cgi?id=2270295 https://bugzilla.redhat.com/show_bug.cgi?id=1967073 https://bugzilla.redhat.com/show_bug.cgi?id=2239549 https://bugzilla.redhat.com/show_bug.cgi?id=2255900 https://bugzilla.redhat.com/show_bug.cgi?id=2232625 https://bugzilla.redhat.com/show_bug.cgi?id=2246546 https://bugzilla.redhat.com/show_bug.cgi?id=2263815 https://bugzilla.redhat.com/show_bug.cgi?id=2257854 https://bugzilla.redhat.com/show_bug.cgi?id=2269363 https://access.redhat.com/security/cve/CVE-2022-40896 https://bugzilla.redhat.com/show_bug.cgi?id=2254712 https://bugzilla.redhat.com/show_bug.cgi?id=2181991 https://bugzilla.redhat.com/show_bug.cgi?id=2139834 https://bugzilla.redhat.com/show_bug.cgi?id=2172394 https://bugzilla.redhat.com/show_bug.cgi?id=1992495 https://bugzilla.redhat.com/show_bug.cgi?id=2097084 https://bugzilla.redhat.com/show_bug.cgi?id=2068263 https://bugzilla.redhat.com/show_bug.cgi?id=2258109 https://bugzilla.redhat.com/show_bug.cgi?id=1937203 https://bugzilla.redhat.com/show_bug.cgi?id=2254694 https://bugzilla.redhat.com/show_bug.cgi?id=2224122 https://bugzilla.redhat.com/show_bug.cgi?id=2170016 https://bugzilla.redhat.com/show_bug.cgi?id=2172379 https://bugzilla.redhat.com/show_bug.cgi?id=2255426 https://bugzilla.redhat.com/show_bug.cgi?id=2245050 https://bugzilla.redhat.com/show_bug.cgi?id=2256927 https://bugzilla.redhat.com/show_bug.cgi?id=2148439 https://bugzilla.redhat.com/show_bug.cgi?id=2239634 https://bugzilla.redhat.com/show_bug.cgi?id=2216006 https://bugzilla.redhat.com/show_bug.cgi?id=2214285 https://bugzilla.redhat.com/show_bug.cgi?id=2208588 https://bugzilla.redhat.com/show_bug.cgi?id=2172756 https://bugzilla.redhat.com/show_bug.cgi?id=2216158 https://bugzilla.redhat.com/show_bug.cgi?id=2264342 https://bugzilla.redhat.com/show_bug.cgi?id=2241934 https://bugzilla.redhat.com/show_bug.cgi?id=2255969 https://bugzilla.redhat.com/show_bug.cgi?id=2141421 https://bugzilla.redhat.com/show_bug.cgi?id=2245081 https://access.redhat.com/security/cve/CVE-2023-38037 https://bugzilla.redhat.com/show_bug.cgi?id=2256452 https://bugzilla.redhat.com/show_bug.cgi?id=2225534 https://access.redhat.com/security/cve/CVE-2023-37276 https://bugzilla.redhat.com/show_bug.cgi?id=2244811 https://bugzilla.redhat.com/show_bug.cgi?id=2158524 https://bugzilla.redhat.com/show_bug.cgi?id=2129296 https://bugzilla.redhat.com/show_bug.cgi?id=1884395 https://bugzilla.redhat.com/show_bug.cgi?id=2229810 https://bugzilla.redhat.com/show_bug.cgi?id=2257340 https://bugzilla.redhat.com/show_bug.cgi?id=2249825 https://bugzilla.redhat.com/show_bug.cgi?id=2159706 https://bugzilla.redhat.com/show_bug.cgi?id=2247081 https://bugzilla.redhat.com/show_bug.cgi?id=2255344 https://bugzilla.redhat.com/show_bug.cgi?id=2249970 https://bugzilla.redhat.com/show_bug.cgi?id=2168866 https://bugzilla.redhat.com/show_bug.cgi?id=2233162 https://bugzilla.redhat.com/show_bug.cgi?id=2236261 https://bugzilla.redhat.com/show_bug.cgi?id=2241017 https://bugzilla.redhat.com/show_bug.cgi?id=2253191 https://bugzilla.redhat.com/show_bug.cgi?id=2255026 https://bugzilla.redhat.com/show_bug.cgi?id=2254492 https://bugzilla.redhat.com/show_bug.cgi?id=2227753 https://bugzilla.redhat.com/show_bug.cgi?id=2167493 https://bugzilla.redhat.com/show_bug.cgi?id=2254383 https://bugzilla.redhat.com/show_bug.cgi?id=2172083 https://bugzilla.redhat.com/show_bug.cgi?id=2255421 https://bugzilla.redhat.com/show_bug.cgi?id=2126420 https://bugzilla.redhat.com/show_bug.cgi?id=2189687 https://bugzilla.redhat.com/show_bug.cgi?id=2087537 https://bugzilla.redhat.com/show_bug.cgi?id=2162882 https://bugzilla.redhat.com/show_bug.cgi?id=2255329 https://bugzilla.redhat.com/show_bug.cgi?id=2243679 https://access.redhat.com/security/cve/CVE-2023-52323 https://bugzilla.redhat.com/show_bug.cgi?id=2124275 https://access.redhat.com/security/cve/CVE-2023-43665 https://bugzilla.redhat.com/show_bug.cgi?id=2237258 https://bugzilla.redhat.com/show_bug.cgi?id=2152709 https://bugzilla.redhat.com/show_bug.cgi?id=2256473 https://bugzilla.redhat.com/show_bug.cgi?id=2259163 https://access.redhat.com/security/cve/CVE-2024-21647 https://access.redhat.com/security/cve/CVE-2023-49081 https://bugzilla.redhat.com/show_bug.cgi?id=1994654 https://bugzilla.redhat.com/show_bug.cgi?id=2230459 https://bugzilla.redhat.com/show_bug.cgi?id=2044527 https://access.redhat.com/security/cve/CVE-2023-4320 https://bugzilla.redhat.com/show_bug.cgi?id=2234467 https://bugzilla.redhat.com/show_bug.cgi?id=2168173 https://bugzilla.redhat.com/show_bug.cgi?id=2238906 https://bugzilla.redhat.com/show_bug.cgi?id=2223567 https://bugzilla.redhat.com/show_bug.cgi?id=2242214 https://bugzilla.redhat.com/show_bug.cgi?id=2257957 https://bugzilla.redhat.com/show_bug.cgi?id=2249736 https://bugzilla.redhat.com/show_bug.cgi?id=2143980 https://bugzilla.redhat.com/show_bug.cgi?id=2138905 https://bugzilla.redhat.com/show_bug.cgi?id=2203077 https://bugzilla.redhat.com/show_bug.cgi?id=2249913 https://bugzilla.redhat.com/show_bug.cgi?id=2252064 https://bugzilla.redhat.com/show_bug.cgi?id=2213163 https://bugzilla.redhat.com/show_bug.cgi?id=2216017 https://bugzilla.redhat.com/show_bug.cgi?id=2165092 https://bugzilla.redhat.com/show_bug.cgi?id=2170448 https://bugzilla.redhat.com/show_bug.cgi?id=2249847 https://bugzilla.redhat.com/show_bug.cgi?id=2149288 https://bugzilla.redhat.com/show_bug.cgi?id=2224719 https://bugzilla.redhat.com/show_bug.cgi?id=2108725 https://bugzilla.redhat.com/show_bug.cgi?id=2162637 https://bugzilla.redhat.com/show_bug.cgi?id=2255949 https://bugzilla.redhat.com/show_bug.cgi?id=2168728 https://bugzilla.redhat.com/show_bug.cgi?id=2168013 https://bugzilla.redhat.com/show_bug.cgi?id=2221673 https://bugzilla.redhat.com/show_bug.cgi?id=2212499 https://access.redhat.com/security/cve/CVE-2023-49082 https://access.redhat.com/security/cve/CVE-2024-22195 https://bugzilla.redhat.com/show_bug.cgi?id=2096930 https://access.redhat.com/security/cve/CVE-2023-47627 https://bugzilla.redhat.com/show_bug.cgi?id=2256891 https://bugzilla.redhat.com/show_bug.cgi?id=1393613 https://bugzilla.redhat.com/show_bug.cgi?id=2239767 https://bugzilla.redhat.com/show_bug.cgi?id=2233490 https://bugzilla.redhat.com/show_bug.cgi?id=2256683 https://bugzilla.redhat.com/show_bug.cgi?id=2254612 https://bugzilla.redhat.com/show_bug.cgi?id=2257028 https://bugzilla.redhat.com/show_bug.cgi?id=2158959 https://bugzilla.redhat.com/show_bug.cgi?id=2241046 https://bugzilla.redhat.com/show_bug.cgi?id=2125367 https://bugzilla.redhat.com/show_bug.cgi?id=2267949 https://bugzilla.redhat.com/show_bug.cgi?id=2258876 https://bugzilla.redhat.com/show_bug.cgi?id=2238325 https://bugzilla.redhat.com/show_bug.cgi?id=2104582 https://bugzilla.redhat.com/show_bug.cgi?id=2263243 https://bugzilla.redhat.com/show_bug.cgi?id=2048805 https://bugzilla.redhat.com/show_bug.cgi?id=2081244 https://bugzilla.redhat.com/show_bug.cgi?id=2256136 https://bugzilla.redhat.com/show_bug.cgi?id=2063717 https://bugzilla.redhat.com/show_bug.cgi?id=2243344 https://bugzilla.redhat.com/show_bug.cgi?id=2255546 https://bugzilla.redhat.com/show_bug.cgi?id=2251014 https://bugzilla.redhat.com/show_bug.cgi?id=2250397 https://bugzilla.redhat.com/show_bug.cgi?id=2252235 https://bugzilla.redhat.com/show_bug.cgi?id=2217397 https://bugzilla.redhat.com/show_bug.cgi?id=2218821 https://bugzilla.redhat.com/show_bug.cgi?id=2248865 https://bugzilla.redhat.com/show_bug.cgi?id=2252450 https://bugzilla.redhat.com/show_bug.cgi?id=2261887 https://bugzilla.redhat.com/show_bug.cgi?id=2179974 https://bugzilla.redhat.com/show_bug.cgi?id=2246121 https://bugzilla.redhat.com/show_bug.cgi?id=2255346 https://bugzilla.redhat.com/show_bug.cgi?id=2234387 https://bugzilla.redhat.com/show_bug.cgi?id=2256604 https://bugzilla.redhat.com/show_bug.cgi?id=2242812 https://bugzilla.redhat.com/show_bug.cgi?id=2245455 https://bugzilla.redhat.com/show_bug.cgi?id=2240243 https://bugzilla.redhat.com/show_bug.cgi?id=2103757 https://bugzilla.redhat.com/show_bug.cgi?id=2258016 https://bugzilla.redhat.com/show_bug.cgi?id=2236418 https://access.redhat.com/security/cve/CVE-2023-40167 https://bugzilla.redhat.com/show_bug.cgi?id=2215050 https://bugzilla.redhat.com/show_bug.cgi?id=2148534 https://bugzilla.redhat.com/show_bug.cgi?id=2172094 https://bugzilla.redhat.com/show_bug.cgi?id=2155444 https://access.redhat.com/security/cve/CVE-2023-36479 https://bugzilla.redhat.com/show_bug.cgi?id=2126357 https://bugzilla.redhat.com/show_bug.cgi?id=2254491 https://bugzilla.redhat.com/show_bug.cgi?id=2175132 https://bugzilla.redhat.com/show_bug.cgi?id=2248864 https://bugzilla.redhat.com/show_bug.cgi?id=2180568 https://bugzilla.redhat.com/show_bug.cgi?id=2253618 https://bugzilla.redhat.com/show_bug.cgi?id=2218179 https://bugzilla.redhat.com/show_bug.cgi?id=2242515 https://bugzilla.redhat.com/show_bug.cgi?id=2222816 https://bugzilla.redhat.com/show_bug.cgi?id=2249540 https://bugzilla.redhat.com/show_bug.cgi?id=2253381 https://bugzilla.redhat.com/show_bug.cgi?id=2155218 https://bugzilla.redhat.com/show_bug.cgi?id=1976178 https://bugzilla.redhat.com/show_bug.cgi?id=2160160 https://bugzilla.redhat.com/show_bug.cgi?id=2172393 https://bugzilla.redhat.com/show_bug.cgi?id=2244122 https://bugzilla.redhat.com/show_bug.cgi?id=2251200 https://bugzilla.redhat.com/show_bug.cgi?id=2164856 https://bugzilla.redhat.com/show_bug.cgi?id=2238952 https://bugzilla.redhat.com/show_bug.cgi?id=2193010 https://bugzilla.redhat.com/show_bug.cgi?id=2256218 https://bugzilla.redhat.com/show_bug.cgi?id=2255385 https://bugzilla.redhat.com/show_bug.cgi?id=2261909 https://bugzilla.redhat.com/show_bug.cgi?id=2164997 https://bugzilla.redhat.com/show_bug.cgi?id=2256024 https://bugzilla.redhat.com/show_bug.cgi?id=2170727 https://bugzilla.redhat.com/show_bug.cgi?id=2222968 https://bugzilla.redhat.com/show_bug.cgi?id=2189318 https://bugzilla.redhat.com/show_bug.cgi?id=2244370 https://bugzilla.redhat.com/show_bug.cgi?id=1792187 https://bugzilla.redhat.com/show_bug.cgi?id=2230237 https://bugzilla.redhat.com/show_bug.cgi?id=2222725 https://bugzilla.redhat.com/show_bug.cgi?id=2244629 https://bugzilla.redhat.com/show_bug.cgi?id=2243256 https://bugzilla.redhat.com/show_bug.cgi?id=2208310 https://bugzilla.redhat.com/show_bug.cgi?id=2240956 https://bugzilla.redhat.com/show_bug.cgi?id=2063218 https://bugzilla.redhat.com/show_bug.cgi?id=2226714 https://bugzilla.redhat.com/show_bug.cgi?id=2255658 https://bugzilla.redhat.com/show_bug.cgi?id=2224185 https://bugzilla.redhat.com/show_bug.cgi?id=1964539 https://access.redhat.com/errata/RHSA-2024:2010 https://bugzilla.redhat.com/show_bug.cgi?id=2015344 https://bugzilla.redhat.com/show_bug.cgi?id=2168152 https://bugzilla.redhat.com/show_bug.cgi?id=2106256 https://bugzilla.redhat.com/show_bug.cgi?id=2254690 https://bugzilla.redhat.com/show_bug.cgi?id=1943306 https://bugzilla.redhat.com/show_bug.cgi?id=2253519 https://bugzilla.redhat.com/show_bug.cgi?id=2144615

Applikationen:	Satellite

Originalnachricht
An update is now available for Red Hat Satellite 6.15. The release contains a new version of Satellite and important security fixes for various components. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Security fixes: * python-pygments: ReDoS in pygments (CVE-2022-40896) * python-pycryptodomex: Side-channel leakage for OAEP decryption in PyCryptodome and pycryptodomex (CVE-2023-52323) * satellite: Arithmetic overflow in satellite (CVE-2023-4320) * automation-hub: Ansible Automation Hub: insecure galaxy-importer tarfile extraction (CVE-2023-5189) * jetty: Improper addition of quotation marks to user inputs in CgiServlet (CVE-2023-36479) * python-aiohttp: HTTP request smuggling via llhttp HTTP request parser (CVE-2023-37276) * rubygem-activesupport: File Disclosure of Locally Encrypted Files (CVE-2023-38037) * jetty: Improper validation of HTTP/1 content-length (CVE-2023-40167) * python-django: Potential denial of service vulnerability in `django.utils.encoding.uri_to_iri()` (CVE-2023-41164) * python-django: Denial-of-service possibility in django.utils.text.Truncator (CVE-2023-43665) * python-aiohttp: Numerous issues in HTTP parser with header parsing (CVE-2023-47627) * python-aiohttp: HTTP request modification (CVE-2023-49081) * python-aiohttp: CRLF injection if user controls the HTTP method using aiohttp client (CVE-2023-49082) * rubygem-puma: HTTP request smuggling when parsing chunked Transfer-Encoding Bodies (CVE-2024-21647) * rubygem-audited: Race condition can lead to audit logs being incorrectly attributed to the wrong user (CVE-2024-22047) * python-jinja2: HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-22195) * python-aiohttp: Follow_symlinks directory traversal vulnerability (CVE-2024-23334) * python-aiohttp: HTTP request smuggling (CVE-2024-23829) Additional Changes: This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section. This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. CVE-2022-40896: Unrestricted Upload of File with Dangerous Type (CWE-434) CVE-2023-4320: Insufficient Session Expiration (CWE-613) CVE-2023-5189 CVE-2023-36479: Improper Neutralization of Quoting Syntax (CWE-149) CVE-2023-37276: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') (CWE-444) CVE-2023-38037: Insecure Temporary File (CWE-377) CVE-2023-40167: Improper Handling of Length Parameter Inconsistency (CWE-130) CVE-2023-41164: Uncontrolled Resource Consumption (CWE-400) CVE-2023-43665: Inefficient Regular Expression Complexity (CWE-1333) CVE-2023-47627: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') (CWE-444) CVE-2023-49081: Improper Input Validation (CWE-20) CVE-2023-49082: Improper Neutralization of CRLF Sequences ('CRLF Injection') (CWE-93) CVE-2023-52323: Observable Discrepancy (CWE-203) CVE-2024-21647: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') (CWE-444) CVE-2024-22047: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362) CVE-2024-22195: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79) CVE-2024-23334: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) CVE-2024-23829: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') (CWE-444)

Pro-Linux

Funktion steht nur registrierten Nutzern zur Verfügung!

Pro-Linux @Facebook

Neue Nachrichten

Funktion steht nur registrierten Nutzern zur Verfügung!

>>mehr

Werbung