RHEL 7 : Satellite 6.8 release (Important) (RHSA-2020:4366)


The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4366 advisory. - rack-protection: Timing attack in authenticity_token.rb (CVE-2018-1000119) - puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL (CVE-2018-11751) - mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018) (CVE-2018-3258) - hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219) - Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS (CVE-2019-12781) - rubygem-rack: hijack sessions by using timing attacks targeting the session id (CVE-2019-16782) - hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693) - jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968) - jackson-databind: Serialization gadgets in javax.swing.JEditorPane (CVE-2020-10969) - jackson-databind: Serialization gadgets in org.springframework:spring-aop (CVE-2020-11619) - jackson-databind: serialization in weblogic/oracle-aqjms (CVE-2020-14061) - jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (CVE-2020-14062) - jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory (CVE-2020-14195) - foreman: unauthorized cache read on RPM-based installations through local user (CVE-2020-14334) - Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover (CVE-2020-14380) - rubygem-secure_headers: limited header injection when using dynamic overrides with user input (CVE-2020-5216) - rubygem-secure_headers: directive injection when using dynamic overrides with user input (CVE-2020-5217) - rubygem-actionview: views that use the `j` or `escape_javascript` methods are susceptible to XSS attacks (CVE-2020-5267) - netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling (CVE-2020-7238) - rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7663) - puppet: Arbitrary catalog retrieval (CVE-2020-7942) - puppet: puppet server and puppetDB may leak sensitive information via metrics API (CVE-2020-7943) - rubygem-rack: directory traversal in Rack::Directory (CVE-2020-8161) - rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names (CVE-2020-8184) - jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840) - jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546) - jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547) - jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.