Red Hat Security Advisory 2024-2010-03
2024-4-24 23:2:40 Author: packetstormsecurity.com(查看原文) 阅读量:0 收藏

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2010.json

Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================
Red Hat Security Advisory

Synopsis: Important: Satellite 6.15.0 release
Advisory ID: RHSA-2024:2010-03
Product: Red Hat Satellite 6
Advisory URL: https://access.redhat.com/errata/RHSA-2024:2010
Issue date: 2024-04-23
Revision: 03
CVE Names: CVE-2022-40896
====================================================================

Summary:

An update is now available for Red Hat Satellite 6.15. The release contains a
new version of Satellite and important security fixes for various components.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

Security fixes:
* python-pygments: ReDoS in pygments (CVE-2022-40896)
* python-pycryptodomex: Side-channel leakage for OAEP decryption in PyCryptodome and pycryptodomex (CVE-2023-52323)
* satellite: Arithmetic overflow in satellite (CVE-2023-4320)
* automation-hub: Ansible Automation Hub: insecure galaxy-importer tarfile extraction (CVE-2023-5189)
* jetty: Improper addition of quotation marks to user inputs in CgiServlet (CVE-2023-36479)
* python-aiohttp: HTTP request smuggling via llhttp HTTP request parser (CVE-2023-37276)
* rubygem-activesupport: File Disclosure of Locally Encrypted Files (CVE-2023-38037)
* jetty: Improper validation of HTTP/1 content-length (CVE-2023-40167)
* python-django: Potential denial of service vulnerability in `django.utils.encoding.uri_to_iri()` (CVE-2023-41164)
* python-django: Denial-of-service possibility in django.utils.text.Truncator (CVE-2023-43665)
* python-aiohttp: Numerous issues in HTTP parser with header parsing (CVE-2023-47627)
* python-aiohttp: HTTP request modification (CVE-2023-49081)
* python-aiohttp: CRLF injection if user controls the HTTP method using aiohttp client (CVE-2023-49082)
* rubygem-puma: HTTP request smuggling when parsing chunked Transfer-Encoding Bodies (CVE-2024-21647)
* rubygem-audited: Race condition can lead to audit logs being incorrectly attributed to the wrong user (CVE-2024-22047)
* python-jinja2: HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-22195)
* python-aiohttp: Follow_symlinks directory traversal vulnerability (CVE-2024-23334)
* python-aiohttp: HTTP request smuggling (CVE-2024-23829)

Additional Changes:
This update also fixes several bugs and adds various enhancements.

Documentation for these changes is available from the Release Notes document linked to in the References section.

Solution:

CVEs:

CVE-2022-40896

References:

https://access.redhat.com/security/updates/classification/#important
https://bugzilla.redhat.com/show_bug.cgi?id=1393613
https://bugzilla.redhat.com/show_bug.cgi?id=1792187
https://bugzilla.redhat.com/show_bug.cgi?id=1884395
https://bugzilla.redhat.com/show_bug.cgi?id=1937203
https://bugzilla.redhat.com/show_bug.cgi?id=1943306
https://bugzilla.redhat.com/show_bug.cgi?id=1964539
https://bugzilla.redhat.com/show_bug.cgi?id=1967073
https://bugzilla.redhat.com/show_bug.cgi?id=1976178
https://bugzilla.redhat.com/show_bug.cgi?id=1976213
https://bugzilla.redhat.com/show_bug.cgi?id=1992495
https://bugzilla.redhat.com/show_bug.cgi?id=1993917
https://bugzilla.redhat.com/show_bug.cgi?id=1994654
https://bugzilla.redhat.com/show_bug.cgi?id=2015344
https://bugzilla.redhat.com/show_bug.cgi?id=2026701
https://bugzilla.redhat.com/show_bug.cgi?id=2044527
https://bugzilla.redhat.com/show_bug.cgi?id=2048805
https://bugzilla.redhat.com/show_bug.cgi?id=2053416
https://bugzilla.redhat.com/show_bug.cgi?id=2063218
https://bugzilla.redhat.com/show_bug.cgi?id=2063717
https://bugzilla.redhat.com/show_bug.cgi?id=2068263
https://bugzilla.redhat.com/show_bug.cgi?id=2068527
https://bugzilla.redhat.com/show_bug.cgi?id=2070487
https://bugzilla.redhat.com/show_bug.cgi?id=2071097
https://bugzilla.redhat.com/show_bug.cgi?id=2081244
https://bugzilla.redhat.com/show_bug.cgi?id=2087537
https://bugzilla.redhat.com/show_bug.cgi?id=2091900
https://bugzilla.redhat.com/show_bug.cgi?id=2096930
https://bugzilla.redhat.com/show_bug.cgi?id=2097084
https://bugzilla.redhat.com/show_bug.cgi?id=2103757
https://bugzilla.redhat.com/show_bug.cgi?id=2104582
https://bugzilla.redhat.com/show_bug.cgi?id=2106256
https://bugzilla.redhat.com/show_bug.cgi?id=2108725
https://bugzilla.redhat.com/show_bug.cgi?id=2109740
https://bugzilla.redhat.com/show_bug.cgi?id=2121957
https://bugzilla.redhat.com/show_bug.cgi?id=2124275
https://bugzilla.redhat.com/show_bug.cgi?id=2125367
https://bugzilla.redhat.com/show_bug.cgi?id=2125728
https://bugzilla.redhat.com/show_bug.cgi?id=2125809
https://bugzilla.redhat.com/show_bug.cgi?id=2126357
https://bugzilla.redhat.com/show_bug.cgi?id=2126420
https://bugzilla.redhat.com/show_bug.cgi?id=2129296
https://bugzilla.redhat.com/show_bug.cgi?id=2131798
https://bugzilla.redhat.com/show_bug.cgi?id=2138905
https://bugzilla.redhat.com/show_bug.cgi?id=2139834
https://bugzilla.redhat.com/show_bug.cgi?id=2141421
https://bugzilla.redhat.com/show_bug.cgi?id=2143980
https://bugzilla.redhat.com/show_bug.cgi?id=2144615
https://bugzilla.redhat.com/show_bug.cgi?id=2148439
https://bugzilla.redhat.com/show_bug.cgi?id=2148534
https://bugzilla.redhat.com/show_bug.cgi?id=2149288
https://bugzilla.redhat.com/show_bug.cgi?id=2152709
https://bugzilla.redhat.com/show_bug.cgi?id=2153523
https://bugzilla.redhat.com/show_bug.cgi?id=2153548
https://bugzilla.redhat.com/show_bug.cgi?id=2155083
https://bugzilla.redhat.com/show_bug.cgi?id=2155218
https://bugzilla.redhat.com/show_bug.cgi?id=2155444
https://bugzilla.redhat.com/show_bug.cgi?id=2158524
https://bugzilla.redhat.com/show_bug.cgi?id=2158959
https://bugzilla.redhat.com/show_bug.cgi?id=2159706
https://bugzilla.redhat.com/show_bug.cgi?id=2160160
https://bugzilla.redhat.com/show_bug.cgi?id=2162637
https://bugzilla.redhat.com/show_bug.cgi?id=2162882
https://bugzilla.redhat.com/show_bug.cgi?id=2164844
https://bugzilla.redhat.com/show_bug.cgi?id=2164856
https://bugzilla.redhat.com/show_bug.cgi?id=2164997
https://bugzilla.redhat.com/show_bug.cgi?id=2165012
https://bugzilla.redhat.com/show_bug.cgi?id=2165092
https://bugzilla.redhat.com/show_bug.cgi?id=2166428
https://bugzilla.redhat.com/show_bug.cgi?id=2167493
https://bugzilla.redhat.com/show_bug.cgi?id=2168013
https://bugzilla.redhat.com/show_bug.cgi?id=2168152
https://bugzilla.redhat.com/show_bug.cgi?id=2168173
https://bugzilla.redhat.com/show_bug.cgi?id=2168202
https://bugzilla.redhat.com/show_bug.cgi?id=2168503
https://bugzilla.redhat.com/show_bug.cgi?id=2168728
https://bugzilla.redhat.com/show_bug.cgi?id=2168866
https://bugzilla.redhat.com/show_bug.cgi?id=2170016
https://bugzilla.redhat.com/show_bug.cgi?id=2170448
https://bugzilla.redhat.com/show_bug.cgi?id=2170727
https://bugzilla.redhat.com/show_bug.cgi?id=2172083
https://bugzilla.redhat.com/show_bug.cgi?id=2172094
https://bugzilla.redhat.com/show_bug.cgi?id=2172379
https://bugzilla.redhat.com/show_bug.cgi?id=2172384
https://bugzilla.redhat.com/show_bug.cgi?id=2172393
https://bugzilla.redhat.com/show_bug.cgi?id=2172394
https://bugzilla.redhat.com/show_bug.cgi?id=2172756
https://bugzilla.redhat.com/show_bug.cgi?id=2173870
https://bugzilla.redhat.com/show_bug.cgi?id=2175132
https://bugzilla.redhat.com/show_bug.cgi?id=2179974
https://bugzilla.redhat.com/show_bug.cgi?id=2180568
https://bugzilla.redhat.com/show_bug.cgi?id=2180761
https://bugzilla.redhat.com/show_bug.cgi?id=2181595
https://bugzilla.redhat.com/show_bug.cgi?id=2181991
https://bugzilla.redhat.com/show_bug.cgi?id=2184151
https://bugzilla.redhat.com/show_bug.cgi?id=2188287
https://bugzilla.redhat.com/show_bug.cgi?id=2189318
https://bugzilla.redhat.com/show_bug.cgi?id=2189687
https://bugzilla.redhat.com/show_bug.cgi?id=2192939
https://bugzilla.redhat.com/show_bug.cgi?id=2193010
https://bugzilla.redhat.com/show_bug.cgi?id=2203077
https://bugzilla.redhat.com/show_bug.cgi?id=2208310
https://bugzilla.redhat.com/show_bug.cgi?id=2208557
https://bugzilla.redhat.com/show_bug.cgi?id=2208588
https://bugzilla.redhat.com/show_bug.cgi?id=2209968
https://bugzilla.redhat.com/show_bug.cgi?id=2212499
https://bugzilla.redhat.com/show_bug.cgi?id=2213163
https://bugzilla.redhat.com/show_bug.cgi?id=2214285
https://bugzilla.redhat.com/show_bug.cgi?id=2214331
https://bugzilla.redhat.com/show_bug.cgi?id=2215050
https://bugzilla.redhat.com/show_bug.cgi?id=2215310
https://bugzilla.redhat.com/show_bug.cgi?id=2216006
https://bugzilla.redhat.com/show_bug.cgi?id=2216017
https://bugzilla.redhat.com/show_bug.cgi?id=2216158
https://bugzilla.redhat.com/show_bug.cgi?id=2216533
https://bugzilla.redhat.com/show_bug.cgi?id=2217397
https://bugzilla.redhat.com/show_bug.cgi?id=2218179
https://bugzilla.redhat.com/show_bug.cgi?id=2218278
https://bugzilla.redhat.com/show_bug.cgi?id=2218821
https://bugzilla.redhat.com/show_bug.cgi?id=2221673
https://bugzilla.redhat.com/show_bug.cgi?id=2222725
https://bugzilla.redhat.com/show_bug.cgi?id=2222816
https://bugzilla.redhat.com/show_bug.cgi?id=2222968
https://bugzilla.redhat.com/show_bug.cgi?id=2223567
https://bugzilla.redhat.com/show_bug.cgi?id=2224122
https://bugzilla.redhat.com/show_bug.cgi?id=2224170
https://bugzilla.redhat.com/show_bug.cgi?id=2224185
https://bugzilla.redhat.com/show_bug.cgi?id=2224719
https://bugzilla.redhat.com/show_bug.cgi?id=2225534
https://bugzilla.redhat.com/show_bug.cgi?id=2226714
https://bugzilla.redhat.com/show_bug.cgi?id=2227753
https://bugzilla.redhat.com/show_bug.cgi?id=2229095
https://bugzilla.redhat.com/show_bug.cgi?id=2229810
https://bugzilla.redhat.com/show_bug.cgi?id=2230237
https://bugzilla.redhat.com/show_bug.cgi?id=2230459
https://bugzilla.redhat.com/show_bug.cgi?id=2231814
https://bugzilla.redhat.com/show_bug.cgi?id=2232500
https://bugzilla.redhat.com/show_bug.cgi?id=2232625
https://bugzilla.redhat.com/show_bug.cgi?id=2233162
https://bugzilla.redhat.com/show_bug.cgi?id=2233490
https://bugzilla.redhat.com/show_bug.cgi?id=2234387
https://bugzilla.redhat.com/show_bug.cgi?id=2234467
https://bugzilla.redhat.com/show_bug.cgi?id=2236261
https://bugzilla.redhat.com/show_bug.cgi?id=2236418
https://bugzilla.redhat.com/show_bug.cgi?id=2236502
https://bugzilla.redhat.com/show_bug.cgi?id=2236693
https://bugzilla.redhat.com/show_bug.cgi?id=2236806
https://bugzilla.redhat.com/show_bug.cgi?id=2237258
https://bugzilla.redhat.com/show_bug.cgi?id=2238325
https://bugzilla.redhat.com/show_bug.cgi?id=2238906
https://bugzilla.redhat.com/show_bug.cgi?id=2238952
https://bugzilla.redhat.com/show_bug.cgi?id=2239549
https://bugzilla.redhat.com/show_bug.cgi?id=2239630
https://bugzilla.redhat.com/show_bug.cgi?id=2239634
https://bugzilla.redhat.com/show_bug.cgi?id=2239767
https://bugzilla.redhat.com/show_bug.cgi?id=2240243
https://bugzilla.redhat.com/show_bug.cgi?id=2240956
https://bugzilla.redhat.com/show_bug.cgi?id=2241017
https://bugzilla.redhat.com/show_bug.cgi?id=2241046
https://bugzilla.redhat.com/show_bug.cgi?id=2241934
https://bugzilla.redhat.com/show_bug.cgi?id=2242214
https://bugzilla.redhat.com/show_bug.cgi?id=2242515
https://bugzilla.redhat.com/show_bug.cgi?id=2242812
https://bugzilla.redhat.com/show_bug.cgi?id=2243256
https://bugzilla.redhat.com/show_bug.cgi?id=2243344
https://bugzilla.redhat.com/show_bug.cgi?id=2243679
https://bugzilla.redhat.com/show_bug.cgi?id=2244122
https://bugzilla.redhat.com/show_bug.cgi?id=2244370
https://bugzilla.redhat.com/show_bug.cgi?id=2244629
https://bugzilla.redhat.com/show_bug.cgi?id=2244811
https://bugzilla.redhat.com/show_bug.cgi?id=2245050
https://bugzilla.redhat.com/show_bug.cgi?id=2245081
https://bugzilla.redhat.com/show_bug.cgi?id=2245455
https://bugzilla.redhat.com/show_bug.cgi?id=2246121
https://bugzilla.redhat.com/show_bug.cgi?id=2246546
https://bugzilla.redhat.com/show_bug.cgi?id=2247081
https://bugzilla.redhat.com/show_bug.cgi?id=2248864
https://bugzilla.redhat.com/show_bug.cgi?id=2248865
https://bugzilla.redhat.com/show_bug.cgi?id=2249540
https://bugzilla.redhat.com/show_bug.cgi?id=2249736
https://bugzilla.redhat.com/show_bug.cgi?id=2249825
https://bugzilla.redhat.com/show_bug.cgi?id=2249847
https://bugzilla.redhat.com/show_bug.cgi?id=2249904
https://bugzilla.redhat.com/show_bug.cgi?id=2249913
https://bugzilla.redhat.com/show_bug.cgi?id=2249970
https://bugzilla.redhat.com/show_bug.cgi?id=2250397
https://bugzilla.redhat.com/show_bug.cgi?id=2251014
https://bugzilla.redhat.com/show_bug.cgi?id=2251019
https://bugzilla.redhat.com/show_bug.cgi?id=2251200
https://bugzilla.redhat.com/show_bug.cgi?id=2251643
https://bugzilla.redhat.com/show_bug.cgi?id=2252064
https://bugzilla.redhat.com/show_bug.cgi?id=2252235
https://bugzilla.redhat.com/show_bug.cgi?id=2252248
https://bugzilla.redhat.com/show_bug.cgi?id=2252450
https://bugzilla.redhat.com/show_bug.cgi?id=2252945
https://bugzilla.redhat.com/show_bug.cgi?id=2252968
https://bugzilla.redhat.com/show_bug.cgi?id=2253191
https://bugzilla.redhat.com/show_bug.cgi?id=2253212
https://bugzilla.redhat.com/show_bug.cgi?id=2253381
https://bugzilla.redhat.com/show_bug.cgi?id=2253519
https://bugzilla.redhat.com/show_bug.cgi?id=2253618
https://bugzilla.redhat.com/show_bug.cgi?id=2253621
https://bugzilla.redhat.com/show_bug.cgi?id=2253673
https://bugzilla.redhat.com/show_bug.cgi?id=2254074
https://bugzilla.redhat.com/show_bug.cgi?id=2254178
https://bugzilla.redhat.com/show_bug.cgi?id=2254230
https://bugzilla.redhat.com/show_bug.cgi?id=2254383
https://bugzilla.redhat.com/show_bug.cgi?id=2254408
https://bugzilla.redhat.com/show_bug.cgi?id=2254491
https://bugzilla.redhat.com/show_bug.cgi?id=2254492
https://bugzilla.redhat.com/show_bug.cgi?id=2254612
https://bugzilla.redhat.com/show_bug.cgi?id=2254690
https://bugzilla.redhat.com/show_bug.cgi?id=2254694
https://bugzilla.redhat.com/show_bug.cgi?id=2254712
https://bugzilla.redhat.com/show_bug.cgi?id=2254827
https://bugzilla.redhat.com/show_bug.cgi?id=2255026
https://bugzilla.redhat.com/show_bug.cgi?id=2255329
https://bugzilla.redhat.com/show_bug.cgi?id=2255344
https://bugzilla.redhat.com/show_bug.cgi?id=2255346
https://bugzilla.redhat.com/show_bug.cgi?id=2255385
https://bugzilla.redhat.com/show_bug.cgi?id=2255421
https://bugzilla.redhat.com/show_bug.cgi?id=2255424
https://bugzilla.redhat.com/show_bug.cgi?id=2255426
https://bugzilla.redhat.com/show_bug.cgi?id=2255546
https://bugzilla.redhat.com/show_bug.cgi?id=2255658
https://bugzilla.redhat.com/show_bug.cgi?id=2255900
https://bugzilla.redhat.com/show_bug.cgi?id=2255949
https://bugzilla.redhat.com/show_bug.cgi?id=2255969
https://bugzilla.redhat.com/show_bug.cgi?id=2256024
https://bugzilla.redhat.com/show_bug.cgi?id=2256136
https://bugzilla.redhat.com/show_bug.cgi?id=2256154
https://bugzilla.redhat.com/show_bug.cgi?id=2256218
https://bugzilla.redhat.com/show_bug.cgi?id=2256411
https://bugzilla.redhat.com/show_bug.cgi?id=2256452
https://bugzilla.redhat.com/show_bug.cgi?id=2256473
https://bugzilla.redhat.com/show_bug.cgi?id=2256604
https://bugzilla.redhat.com/show_bug.cgi?id=2256683
https://bugzilla.redhat.com/show_bug.cgi?id=2256891
https://bugzilla.redhat.com/show_bug.cgi?id=2256927
https://bugzilla.redhat.com/show_bug.cgi?id=2257028
https://bugzilla.redhat.com/show_bug.cgi?id=2257340
https://bugzilla.redhat.com/show_bug.cgi?id=2257854
https://bugzilla.redhat.com/show_bug.cgi?id=2257957
https://bugzilla.redhat.com/show_bug.cgi?id=2258016
https://bugzilla.redhat.com/show_bug.cgi?id=2258109
https://bugzilla.redhat.com/show_bug.cgi?id=2258876
https://bugzilla.redhat.com/show_bug.cgi?id=2259163
https://bugzilla.redhat.com/show_bug.cgi?id=2261887
https://bugzilla.redhat.com/show_bug.cgi?id=2261909
https://bugzilla.redhat.com/show_bug.cgi?id=2263243
https://bugzilla.redhat.com/show_bug.cgi?id=2263815
https://bugzilla.redhat.com/show_bug.cgi?id=2264342
https://bugzilla.redhat.com/show_bug.cgi?id=2267949
https://bugzilla.redhat.com/show_bug.cgi?id=2269363
https://bugzilla.redhat.com/show_bug.cgi?id=2270295


文章来源: https://packetstormsecurity.com/files/178247/RHSA-2024-2010-03.txt
如有侵权请联系:admin#unsafe.sh