RHEL 8 : Satellite 6.14.3 Async Security Update (Moderate) (RHSA-2024:1536)

2024-04-2800:00:00

www.tenable.com

rhel 8

satellite 6.14.3

async

security update

vulnerabilities

rhsa-2024:1536

ansible

python django

aiohttp

jinja2

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.8 High

AI Score

Confidence

High

0.052 Low

EPSS

Percentile

93.0%

JSON

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1536 advisory.

Red Hat Satellite is a system management solution that allows organizations     to configure and maintain their systems without the necessity to provide     public Internet access to their servers or other client systems. It     performs provisioning and configuration management of predefined standard     operating environments.
Security Fix(es):

* automation-hub: Ansible Automation Hub: insecure galaxy-importer tarfile extraction (CVE-2023-5189)
* python-aiohttp: aiohttp: follow_symlinks directory traversal vulnerability (CVE-2024-23334)
* python-aiohttp: http request smuggling (CVE-2024-23829)
* python-aiohttp: numerous issues in HTTP parser with header parsing (CVE-2023-47627)
* python-aiohttp: aiohttp: HTTP request modification (CVE-2023-49081)
* python-django: Denial-of-service possibility in django.utils.text.Truncator (CVE-2023-43665)
* python-jinja2: jinja2: HTML attribute injection when passing user input as keys to xmlattr filter     (CVE-2024-22195)

Bug Fix(es):
2266107 - hammer host list does not print parameters even if they are present in the fields list like LCE     and CVs.
2266110 - Incremental update of *multiple* CVs with same repo of different content generates wrong katello     content     2266139 - Failed incremental CV import shows error: duplicate key value violates unique constraint     rpm_updatecollectionname_name_update_record_id_6ef33bed_uniq     2266140 - wrong links to provisioning guide in CR help     2266142 - When using the customer data (json) with 13 diff conf files, we can see some weird behavior when     updating the hypervisors     2266144 - Promoting a composite content view to environment with registry name as &lt;%=     lifecycle_environment.label %&gt;/&lt;%= repository.name %&gt; on Red Hat Satellite 6 fails with 'undefined     method '#label' for NilClass::Jail (NilClass)'     2266145 - CertificateCleanupJob fails with foreign key constraint violation on table cp_certificate     2266146 - katello:reimport fails with TypeError: no implicit conversion of String into Integer when     there are product contents to move     2266147 - Postgresql logs contain PG::UniqueViolation: ERROR: duplicate key value violates unique     constraint katello_available_module_streams_name_stream_context     2266148 - Adding a CV to a CCV lists CV versions disorderly     2266149 - 'Remove orphans' task fails on DeleteOrphanAlternateContentSources step     2266413 - [RFE] Add content view window and Update version window should display content view version,     description and publishing date     2266113 - [RFE] To make customers aware about satellite versions going EOL by adding warning banner on the     Login page or on the Dashboard page.
2266141 - wrong link to scap content documentation     Users of Red Hat Satellite are advised to upgrade to these updated     packages, which fix these bugs.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2024:1536. The text
# itself is copyright (C) Red Hat, Inc.
##

include('compat.inc');

if (description)
{
  script_id(194355);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/03");

  script_cve_id(
    "CVE-2023-5189",
    "CVE-2023-43665",
    "CVE-2023-47627",
    "CVE-2023-49081",
    "CVE-2024-22195",
    "CVE-2024-23334",
    "CVE-2024-23829"
  );
  script_xref(name:"RHSA", value:"2024:1536");

  script_name(english:"RHEL 8 : Satellite 6.14.3 Async Security Update (Moderate) (RHSA-2024:1536)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2024:1536 advisory.

    Red Hat Satellite is a system management solution that allows organizations
    to configure and maintain their systems without the necessity to provide
    public Internet access to their servers or other client systems. It
    performs provisioning and configuration management of predefined standard
    operating environments.
    Security Fix(es):

    * automation-hub: Ansible Automation Hub: insecure galaxy-importer tarfile extraction (CVE-2023-5189)
    * python-aiohttp: aiohttp: follow_symlinks directory traversal vulnerability (CVE-2024-23334)
    * python-aiohttp: http request smuggling (CVE-2024-23829)
    * python-aiohttp: numerous issues in HTTP parser with header parsing (CVE-2023-47627)
    * python-aiohttp: aiohttp: HTTP request modification (CVE-2023-49081)
    * python-django: Denial-of-service possibility in django.utils.text.Truncator (CVE-2023-43665)
    * python-jinja2: jinja2: HTML attribute injection when passing user input as keys to xmlattr filter
    (CVE-2024-22195)

    Bug Fix(es):
    2266107 - hammer host list does not print parameters even if they are present in the fields list like LCE
    and CVs.
    2266110 - Incremental update of *multiple* CVs with same repo of different content generates wrong katello
    content
    2266139 - Failed incremental CV import shows error: duplicate key value violates unique constraint
    rpm_updatecollectionname_name_update_record_id_6ef33bed_uniq
    2266140 - wrong links to provisioning guide in CR help
    2266142 - When using the customer data (json) with 13 diff conf files, we can see some weird behavior when
    updating the hypervisors
    2266144 - Promoting a composite content view to environment with registry name as <%=
    lifecycle_environment.label %>/<%= repository.name %> on Red Hat Satellite 6 fails with 'undefined
    method '#label' for NilClass::Jail (NilClass)'
    2266145 - CertificateCleanupJob fails with foreign key constraint violation on table cp_certificate
    2266146 - katello:reimport fails with TypeError: no implicit conversion of String into Integer when
    there are product contents to move
    2266147 - Postgresql logs contain PG::UniqueViolation: ERROR: duplicate key value violates unique
    constraint katello_available_module_streams_name_stream_context
    2266148 - Adding a CV to a CCV lists CV versions disorderly
    2266149 - 'Remove orphans' task fails on DeleteOrphanAlternateContentSources step
    2266413 - [RFE] Add content view window and Update version window should display content view version,
    description and publishing date
    2266113 - [RFE] To make customers aware about satellite versions going EOL by adding warning banner on the
    Login page or on the Dashboard page.
    2266141 - wrong link to scap content documentation
    Users of Red Hat Satellite are advised to upgrade to these updated
    packages, which fix these bugs.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#moderate");
  # https://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_and_updating_red_hat_satellite/index
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ae033dc0");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2234387");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2241046");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2249825");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2252235");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2257854");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2261887");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2261909");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2266107");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2266110");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2266113");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2266139");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2266140");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2266141");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2266142");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2266144");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2266145");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2266146");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2266147");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2266148");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2266149");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2266413");
  # https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1536.json
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?21f76942");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2024:1536");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-23334");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(20, 22, 79, 444, 1333);
  script_set_attribute(attribute:"vendor_severity", value:"Moderate");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/10/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/03/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/28");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-aiohttp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-django");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-galaxy-importer");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-jinja2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python39-aiohttp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python39-django");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python39-galaxy-importer");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python39-jinja2");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

var constraints = [
  {
    'repo_relative_urls': [
      'content/dist/layered/rhel8/x86_64/sat-capsule/6.14/debug',
      'content/dist/layered/rhel8/x86_64/sat-capsule/6.14/os',
      'content/dist/layered/rhel8/x86_64/sat-capsule/6.14/source/SRPMS',
      'content/dist/layered/rhel8/x86_64/satellite/6.14/debug',
      'content/dist/layered/rhel8/x86_64/satellite/6.14/os',
      'content/dist/layered/rhel8/x86_64/satellite/6.14/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'python39-aiohttp-3.9.2-0.1.el8pc', 'cpu':'x86_64', 'release':'8', 'el_string':'el8pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2023-47627', 'CVE-2023-49081', 'CVE-2024-23334', 'CVE-2024-23829']},
      {'reference':'python39-django-3.2.22-1.el8pc', 'release':'8', 'el_string':'el8pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2023-43665']},
      {'reference':'python39-galaxy-importer-0.4.18-2.el8pc', 'release':'8', 'el_string':'el8pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2023-5189']},
      {'reference':'python39-jinja2-3.1.3-0.1.el8pc', 'release':'8', 'el_string':'el8pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2024-22195']}
    ]
  }
];

var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);

var flag = 0;
foreach var constraint_array ( constraints ) {
  var repo_relative_urls = NULL;
  if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
  foreach var pkg ( constraint_array['pkgs'] ) {
    var reference = NULL;
    var _release = NULL;
    var sp = NULL;
    var _cpu = NULL;
    var el_string = NULL;
    var rpm_spec_vers_cmp = NULL;
    var epoch = NULL;
    var allowmaj = NULL;
    var exists_check = NULL;
    var cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        _release &&
        rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
        (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
        rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  var extra = NULL;
  if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
  else extra = rpm_report_get();
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : extra
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python39-aiohttp / python39-django / python39-galaxy-importer / etc');
}

VendorProductVersionCPE
redhatenterprise_linuxpython39-aiohttpp-cpe:/a:redhat:enterprise_linux:python39-aiohttp
redhatenterprise_linuxpython-galaxy-importerp-cpe:/a:redhat:enterprise_linux:python-galaxy-importer
redhatenterprise_linuxpython-aiohttpp-cpe:/a:redhat:enterprise_linux:python-aiohttp
redhatenterprise_linuxpython39-jinja2p-cpe:/a:redhat:enterprise_linux:python39-jinja2
redhatenterprise_linuxpython-djangop-cpe:/a:redhat:enterprise_linux:python-django
redhatenterprise_linuxpython39-galaxy-importerp-cpe:/a:redhat:enterprise_linux:python39-galaxy-importer
redhatenterprise_linuxpython-jinja2p-cpe:/a:redhat:enterprise_linux:python-jinja2
redhatenterprise_linuxpython39-djangop-cpe:/a:redhat:enterprise_linux:python39-django
redhatenterprise_linux8cpe:/o:redhat:enterprise_linux:8

Vendor	Product	Version	CPE
redhat	enterprise_linux	python39-aiohttp	p-cpe:/a:redhat:enterprise_linux:python39-aiohttp
redhat	enterprise_linux	python-galaxy-importer	p-cpe:/a:redhat:enterprise_linux:python-galaxy-importer
redhat	enterprise_linux	python-aiohttp	p-cpe:/a:redhat:enterprise_linux:python-aiohttp
redhat	enterprise_linux	python39-jinja2	p-cpe:/a:redhat:enterprise_linux:python39-jinja2
redhat	enterprise_linux	python-django	p-cpe:/a:redhat:enterprise_linux:python-django
redhat	enterprise_linux	python39-galaxy-importer	p-cpe:/a:redhat:enterprise_linux:python39-galaxy-importer
redhat	enterprise_linux	python-jinja2	p-cpe:/a:redhat:enterprise_linux:python-jinja2
redhat	enterprise_linux	python39-django	p-cpe:/a:redhat:enterprise_linux:python39-django
redhat	enterprise_linux	8	cpe:/o:redhat:enterprise_linux:8