Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2023:5980
HistoryOct 20, 2023 - 6:38 p.m.

(RHSA-2023:5980) Important: Satellite 6.11.5.6 async security update

2023-10-2018:38:54
access.redhat.com
23

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.739 High

EPSS

Percentile

98.1%

JSON

Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.

Security fix(es):

  • golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset) (CVE-2023-39325)

  • HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset) (CVE-2023-44487)

A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaws is available in the References section.

  • ruby-git: code injection vulnerability (CVE-2022-46648)

  • ruby-git: code injection vulnerability (CVE-2022-47318)

  • Foreman: Arbitrary code execution through templates (CVE-2023-0118)

  • Satellite/Foreman: Arbitrary code execution through yaml global parameters (CVE-2023-0462)

  • openssl: c_rehash script allows command injection (CVE-2022-1292)

  • openssl: the c_rehash script allows command injection (CVE-2022-2068)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This update fixes the following bugs:

2159417 - CVE-2023-0118 foreman: Arbitrary code execution through templates [rhn_satellite_6.11]
2163523 - CVE-2023-0462 foreman: Satellite/Foreman: Arbitrary code execution through yaml global parameters [rhn_satellite_6.11]
2242355 - CVE-2022-1292 CVE-2022-2068 puppet-agent for Satellite and Capsule: various flaws [rhn_satellite_6.11]
2242360 - CVE-2022-47318 tfm-rubygem-git: ruby-git: code injection vulnerability [rhn_satellite_6.11]
2242364 - CVE-2022-46648 rubygem-git: ruby-git: code injection vulnerability [rhn_satellite_6.11]
2243832 - [Major Incident] CVE-2023-39325 CVE-2023-44487 yggdrasil-worker-forwarder: various flaws [rhn_satellite_6.11]

Users of Red Hat Satellite are advised to upgrade to these updated packages,
which fix these bugs.

OSVersionArchitecturePackageVersionFilename
RedHat7noarchsatellite-common< 6.11.5.6-1.el7satsatellite-common-6.11.5.6-1.el7sat.noarch.rpm
RedHat7noarchforeman-journald< 3.1.1.27-1.el7satforeman-journald-3.1.1.27-1.el7sat.noarch.rpm
RedHat8x86_64puppet-agent< 7.26.0-3.el8satpuppet-agent-7.26.0-3.el8sat.x86_64.rpm
RedHat7noarchforeman-libvirt< 3.1.1.27-1.el7satforeman-libvirt-3.1.1.27-1.el7sat.noarch.rpm
RedHat8x86_64yggdrasil-worker-forwarder< 0.0.3-1.el8satyggdrasil-worker-forwarder-0.0.3-1.el8sat.x86_64.rpm
RedHat7noarchforeman-postgresql< 3.1.1.27-1.el7satforeman-postgresql-3.1.1.27-1.el7sat.noarch.rpm
RedHat7noarchforeman-gce< 3.1.1.27-1.el7satforeman-gce-3.1.1.27-1.el7sat.noarch.rpm
RedHat8noarchrubygem-safemode< 1.3.8-0.1.el8satrubygem-safemode-1.3.8-0.1.el8sat.noarch.rpm
RedHat8noarchforeman-telemetry< 3.1.1.27-1.el8satforeman-telemetry-3.1.1.27-1.el8sat.noarch.rpm
RedHat7noarchforeman-openstack< 3.1.1.27-1.el7satforeman-openstack-3.1.1.27-1.el7sat.noarch.rpm
Rows per page:
1-10 of 461

Related

redhat 44
osv 15
ubuntucve 4
jvn 1
debiancve 3
nessus 63
cve 3
mageia 1
prion 3
github 2
openvas 22
cloudlinux 1
debian 1
f5 1
suse 3
altlinux 2
amazon 3
broadcom 1
openssl 1
redhatcve 3
slackware 2
alpinelinux 1
freebsd 1
oraclelinux 8
rocky 3
ibm 3
almalinux 3
aix 1
redhat
redhat
(RHSA-2023:5979) Important: Satellite 6.12.5.2 Async Security Update
2023-10-20 18:38:33
(RHSA-2023:5982) Important: Red Hat Satellite Client security and bug fix update
2023-10-20 22:17:33
(RHSA-2023:5931) Important: Satellite 6.13.5 Async Security Update
2023-10-19 12:48:52
osv
osv
Code injection in ruby git
2023-01-17 12:30:33
CVE-2022-47318
2023-01-17 10:15:11
CVE-2022-46648
2023-01-17 10:15:11
ubuntucve
ubuntucve
CVE-2022-46648
2023-01-17 00:00:00
CVE-2022-47318
2023-01-17 00:00:00
CVE-2022-2068
2022-06-21 00:00:00
jvn
jvn
JVN#16765254: Multiple code injection vulnerabilities in ruby-git
2023-01-05 00:00:00
debiancve
debiancve
CVE-2022-47318
2023-01-17 10:15:11
CVE-2022-46648
2023-01-17 10:15:11
CVE-2022-2068
2022-06-21 15:15:00
nessus
nessus
Fedora 37 : rubygem-git (2023-e3985c2b3b)
2023-01-29 00:00:00
EulerOS Virtualization 3.0.6.0 : compat-openssl (EulerOS-SA-2022-2548)
2022-10-10 00:00:00
SUSE SLES12 Security Update : openssl-1_1 (SUSE-SU-2022:2182-1)
2022-06-27 00:00:00
cve
cve
CVE-2022-46648
2023-01-17 10:15:11
CVE-2022-47318
2023-01-17 10:15:11
CVE-2022-2068
2022-06-21 15:15:00
mageia
mageia
Updated ruby-git packages fix security vulnerability
2023-03-19 01:16:28
prion
prion
Code injection
2023-01-17 10:15:00
Code injection
2023-01-17 10:15:00
Command injection
2022-06-21 15:15:00
github
github
Code injection in ruby git
2023-01-17 12:30:33
Traefik vulnerable to HTTP/2 request causing denial of service
2023-10-17 02:37:42
openvas
openvas
Mageia: Security Advisory (MGASA-2023-0097)
2023-03-28 00:00:00
Huawei EulerOS: Security Advisory for compat-openssl (EulerOS-SA-2022-2215)
2022-08-18 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:2321-1)
2022-07-08 00:00:00
cloudlinux
cloudlinux
Fixed CVEs in openssl: CVE-2022-1292, CVE-2022-2068
2022-07-14 16:53:26
debian
debian
[SECURITY] [DLA 3303-1] ruby-git security update
2023-01-30 22:33:35
f5
f5
K21600298 : OpenSSL vulnerabilities CVE-2022-1292 and CVE-2022-2068
2022-08-05 00:00:00
suse
suse
Security update for openssl-1_1 (moderate)
2022-09-01 00:00:00
Security update for openssl-1_0_0 (moderate)
2022-07-07 00:00:00
Security update for openssl-1_1 (moderate)
2022-07-04 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 1.1.1p-alt1
2022-06-22 00:00:00
Security fix for the ALT Linux 10 package openssl1.1 version 1.1.1p-alt1
2022-06-24 00:00:00
amazon
amazon
Medium: openssl
2022-07-28 21:55:00
Medium: openssl11
2022-07-28 21:55:00
Medium: openssl
2022-07-28 20:38:00
broadcom
broadcom
openssl file names of certificates being hashed were possibly passed to a command executed through the shell
2023-08-01 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2022-2068
2022-06-21 00:00:00
redhatcve
redhatcve
CVE-2022-2068
2022-06-22 06:36:12
CVE-2023-39325
2023-10-11 17:12:30
CVE-2023-44487
2023-10-10 21:13:33
slackware
slackware
[slackware-security] Slackware 14.2 openssl
2022-06-28 19:28:45
[slackware-security] openssl
2022-06-23 05:32:23
alpinelinux
alpinelinux
CVE-2022-2068
2022-06-21 15:15:00
freebsd
freebsd
traefik -- Resource exhaustion by malicious HTTP/2 client
2023-10-10 00:00:00
oraclelinux
oraclelinux
go-toolset:ol8 security update
2023-10-18 00:00:00
olcne security update
2023-12-07 00:00:00
olcne security update
2023-12-07 00:00:00
rocky
rocky
toolbox security update
2023-11-11 23:00:15
go-toolset:rhel8 security update
2023-10-24 18:35:47
grafana security update
2023-10-24 18:35:47
ibm
ibm
Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes API server security vulnerabilities (CVE-2023-39325 and CVE-2023-44487)
2023-12-08 09:00:02
Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by Kubernetes API server security vulnerabilities (CVE-2023-39325 and CVE-2023-44487)
2023-11-28 09:53:55
Security Bulletin: IBM DataPower Gateway vulnerable to HTTP/2 "Rapid Reset" Denial of Service (CVE-2023-44487, CVE-2023-39325)
2023-10-26 17:35:42
almalinux
almalinux
Moderate: grafana security update
2023-10-18 00:00:00
Moderate: grafana security update
2023-10-18 00:00:00
Important: go-toolset:rhel8 security update
2023-10-16 00:00:00
aix
aix
AIX is vulnerable to arbitrary command execution due to OpenSSL
2022-08-17 16:39:03

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.739 High

EPSS

Percentile

98.1%

JSON
Related for RHSA-2023:5980
redhat44osv15ubuntucve4jvn1debiancve3nessus63cve3mageia1prion3github2openvas22cloudlinux1debian1f51suse3altlinux2amazon3broadcom1openssl1redhatcve3slackware2alpinelinux1freebsd1oraclelinux8rocky3ibm3almalinux3aix1