Red Hat Security Advisory 2024-8906-03
2024-11-7 03:14:22 Author: packetstormsecurity.com(查看原文) 阅读量:3 收藏

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8906.json

Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================
Red Hat Security Advisory

Synopsis: Critical: Satellite 6.16.0 release
Advisory ID: RHSA-2024:8906-03
Product: Red Hat Satellite 6
Advisory URL: https://access.redhat.com/errata/RHSA-2024:8906
Issue date: 2024-11-06
Revision: 03
CVE Names: CVE-2024-4067
====================================================================

Summary:

A new release is now available for Red Hat Satellite 6.16 for RHEL 8 and 9.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description:

Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.

Security Fix(es):

* mosquitto: sending specific sequences of packets may trigger memory leak
(CVE-2024-8376)
* micromatch: vulnerable to Regular Expression Denial of Service (CVE-2024-4067)
urllib3: proxy-authorization request header is not stripped during cross-origin redirects (CVE-2024-37891)
* node-tar: denial of service while parsing a tar file due to lack of folders depth validation (CVE-2024-28863)
* python-django: Potential denial-of-service in django.utils.html.urlize() (CVE-2024-38875)
* python-django: Username enumeration through timing difference for users with unusable passwords (CVE-2024-39329)
* python-django: Potential directory-traversal in django.core.files.storage.Storage.save() (CVE-2024-39330)
* python-django: Potential denial-of-service in django.utils.translation.get_supported_language_variant() (CVE-2024-39614)
* github.com/jaraco/zipp: Denial of Service (infinite loop) via crafted zip file in jaraco/zipp (CVE-2024-5569)
* puppet-foreman: An authentication bypass vulnerability exists in Foreman (CVE-2024-7012)
* python-django: Potential SQL injection in QuerySet.values() and values_list() (CVE-2024-42005)
* grpc: client communicating with a HTTP/2 proxy can poison the HPACK table between the proxy and the backend (CVE-2024-7246)
* puppet-pulpcore: An authentication bypass vulnerability exists in pulpcore (CVE-2024-7923)
* foreman: Read-only access to entire DB from templates (CVE-2024-8553)

Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.

Solution:

https://access.redhat.com/documentation/en-us/red_hat_satellite/6.16/html/updating_red_hat_satellite/index

CVEs:

CVE-2024-4067

References:

https://access.redhat.com/security/updates/classification/#critical
https://bugzilla.redhat.com/show_bug.cgi?id=2280601
https://bugzilla.redhat.com/show_bug.cgi?id=2292788
https://bugzilla.redhat.com/show_bug.cgi?id=2293200
https://bugzilla.redhat.com/show_bug.cgi?id=2295935
https://bugzilla.redhat.com/show_bug.cgi?id=2295936
https://bugzilla.redhat.com/show_bug.cgi?id=2295937
https://bugzilla.redhat.com/show_bug.cgi?id=2295938
https://bugzilla.redhat.com/show_bug.cgi?id=2296413
https://bugzilla.redhat.com/show_bug.cgi?id=2299429
https://bugzilla.redhat.com/show_bug.cgi?id=2302436
https://bugzilla.redhat.com/show_bug.cgi?id=2305718
https://bugzilla.redhat.com/show_bug.cgi?id=2312524
https://bugzilla.redhat.com/show_bug.cgi?id=2318080
https://issues.redhat.com/browse/SAT-12847
https://issues.redhat.com/browse/SAT-15089
https://issues.redhat.com/browse/SAT-15466
https://issues.redhat.com/browse/SAT-15467
https://issues.redhat.com/browse/SAT-15549
https://issues.redhat.com/browse/SAT-16224
https://issues.redhat.com/browse/SAT-16247
https://issues.redhat.com/browse/SAT-16381
https://issues.redhat.com/browse/SAT-16537
https://issues.redhat.com/browse/SAT-16593
https://issues.redhat.com/browse/SAT-17442
https://issues.redhat.com/browse/SAT-17443
https://issues.redhat.com/browse/SAT-17785
https://issues.redhat.com/browse/SAT-18093
https://issues.redhat.com/browse/SAT-18270
https://issues.redhat.com/browse/SAT-18327
https://issues.redhat.com/browse/SAT-18410
https://issues.redhat.com/browse/SAT-18461
https://issues.redhat.com/browse/SAT-18568
https://issues.redhat.com/browse/SAT-18610
https://issues.redhat.com/browse/SAT-18705
https://issues.redhat.com/browse/SAT-18721
https://issues.redhat.com/browse/SAT-18859
https://issues.redhat.com/browse/SAT-18993
https://issues.redhat.com/browse/SAT-19018
https://issues.redhat.com/browse/SAT-19269
https://issues.redhat.com/browse/SAT-19342
https://issues.redhat.com/browse/SAT-19389
https://issues.redhat.com/browse/SAT-19394
https://issues.redhat.com/browse/SAT-19501
https://issues.redhat.com/browse/SAT-19502
https://issues.redhat.com/browse/SAT-19504
https://issues.redhat.com/browse/SAT-19511
https://issues.redhat.com/browse/SAT-19592
https://issues.redhat.com/browse/SAT-19614
https://issues.redhat.com/browse/SAT-19621
https://issues.redhat.com/browse/SAT-19748
https://issues.redhat.com/browse/SAT-19789
https://issues.redhat.com/browse/SAT-19922
https://issues.redhat.com/browse/SAT-19993
https://issues.redhat.com/browse/SAT-19999
https://issues.redhat.com/browse/SAT-20099
https://issues.redhat.com/browse/SAT-20361
https://issues.redhat.com/browse/SAT-20445
https://issues.redhat.com/browse/SAT-20553
https://issues.redhat.com/browse/SAT-21261
https://issues.redhat.com/browse/SAT-21266
https://issues.redhat.com/browse/SAT-21268
https://issues.redhat.com/browse/SAT-21273
https://issues.redhat.com/browse/SAT-21353
https://issues.redhat.com/browse/SAT-21374
https://issues.redhat.com/browse/SAT-21375
https://issues.redhat.com/browse/SAT-21395
https://issues.redhat.com/browse/SAT-21396
https://issues.redhat.com/browse/SAT-21421
https://issues.redhat.com/browse/SAT-21463
https://issues.redhat.com/browse/SAT-21682
https://issues.redhat.com/browse/SAT-21757
https://issues.redhat.com/browse/SAT-21920
https://issues.redhat.com/browse/SAT-21994
https://issues.redhat.com/browse/SAT-22047
https://issues.redhat.com/browse/SAT-22048
https://issues.redhat.com/browse/SAT-22156
https://issues.redhat.com/browse/SAT-22172
https://issues.redhat.com/browse/SAT-22358
https://issues.redhat.com/browse/SAT-22442
https://issues.redhat.com/browse/SAT-22491
https://issues.redhat.com/browse/SAT-22554
https://issues.redhat.com/browse/SAT-22579
https://issues.redhat.com/browse/SAT-22626
https://issues.redhat.com/browse/SAT-22849
https://issues.redhat.com/browse/SAT-22872
https://issues.redhat.com/browse/SAT-22889
https://issues.redhat.com/browse/SAT-22900
https://issues.redhat.com/browse/SAT-23047
https://issues.redhat.com/browse/SAT-23077
https://issues.redhat.com/browse/SAT-23093
https://issues.redhat.com/browse/SAT-23096
https://issues.redhat.com/browse/SAT-23109
https://issues.redhat.com/browse/SAT-23124
https://issues.redhat.com/browse/SAT-23167
https://issues.redhat.com/browse/SAT-23211
https://issues.redhat.com/browse/SAT-23228
https://issues.redhat.com/browse/SAT-23279
https://issues.redhat.com/browse/SAT-23288
https://issues.redhat.com/browse/SAT-23302
https://issues.redhat.com/browse/SAT-23335
https://issues.redhat.com/browse/SAT-23405
https://issues.redhat.com/browse/SAT-23407
https://issues.redhat.com/browse/SAT-23424
https://issues.redhat.com/browse/SAT-23426
https://issues.redhat.com/browse/SAT-23487
https://issues.redhat.com/browse/SAT-23505
https://issues.redhat.com/browse/SAT-23544
https://issues.redhat.com/browse/SAT-23573
https://issues.redhat.com/browse/SAT-23592
https://issues.redhat.com/browse/SAT-23610
https://issues.redhat.com/browse/SAT-23752
https://issues.redhat.com/browse/SAT-23841
https://issues.redhat.com/browse/SAT-23894
https://issues.redhat.com/browse/SAT-23943
https://issues.redhat.com/browse/SAT-23947
https://issues.redhat.com/browse/SAT-23951
https://issues.redhat.com/browse/SAT-23954
https://issues.redhat.com/browse/SAT-23957
https://issues.redhat.com/browse/SAT-23990
https://issues.redhat.com/browse/SAT-23992
https://issues.redhat.com/browse/SAT-24050
https://issues.redhat.com/browse/SAT-24064
https://issues.redhat.com/browse/SAT-24073
https://issues.redhat.com/browse/SAT-24111
https://issues.redhat.com/browse/SAT-24132
https://issues.redhat.com/browse/SAT-24197
https://issues.redhat.com/browse/SAT-24470
https://issues.redhat.com/browse/SAT-24478
https://issues.redhat.com/browse/SAT-24479
https://issues.redhat.com/browse/SAT-24489
https://issues.redhat.com/browse/SAT-24521
https://issues.redhat.com/browse/SAT-24526
https://issues.redhat.com/browse/SAT-24531
https://issues.redhat.com/browse/SAT-24545
https://issues.redhat.com/browse/SAT-24548
https://issues.redhat.com/browse/SAT-24577
https://issues.redhat.com/browse/SAT-24600
https://issues.redhat.com/browse/SAT-24769
https://issues.redhat.com/browse/SAT-24771
https://issues.redhat.com/browse/SAT-24774
https://issues.redhat.com/browse/SAT-24779
https://issues.redhat.com/browse/SAT-24781
https://issues.redhat.com/browse/SAT-24786
https://issues.redhat.com/browse/SAT-24787
https://issues.redhat.com/browse/SAT-24801
https://issues.redhat.com/browse/SAT-24805
https://issues.redhat.com/browse/SAT-24837
https://issues.redhat.com/browse/SAT-24854
https://issues.redhat.com/browse/SAT-24878
https://issues.redhat.com/browse/SAT-24884
https://issues.redhat.com/browse/SAT-24893
https://issues.redhat.com/browse/SAT-24917
https://issues.redhat.com/browse/SAT-24918
https://issues.redhat.com/browse/SAT-24919
https://issues.redhat.com/browse/SAT-24920
https://issues.redhat.com/browse/SAT-24932
https://issues.redhat.com/browse/SAT-24936
https://issues.redhat.com/browse/SAT-24943
https://issues.redhat.com/browse/SAT-24988
https://issues.redhat.com/browse/SAT-25032
https://issues.redhat.com/browse/SAT-25129
https://issues.redhat.com/browse/SAT-25152
https://issues.redhat.com/browse/SAT-25155
https://issues.redhat.com/browse/SAT-25159
https://issues.redhat.com/browse/SAT-25160
https://issues.redhat.com/browse/SAT-25194
https://issues.redhat.com/browse/SAT-25213
https://issues.redhat.com/browse/SAT-25217
https://issues.redhat.com/browse/SAT-25243
https://issues.redhat.com/browse/SAT-25250
https://issues.redhat.com/browse/SAT-25328
https://issues.redhat.com/browse/SAT-25368
https://issues.redhat.com/browse/SAT-25429
https://issues.redhat.com/browse/SAT-25437
https://issues.redhat.com/browse/SAT-25455
https://issues.redhat.com/browse/SAT-25467
https://issues.redhat.com/browse/SAT-25503
https://issues.redhat.com/browse/SAT-25569
https://issues.redhat.com/browse/SAT-25583
https://issues.redhat.com/browse/SAT-25655
https://issues.redhat.com/browse/SAT-25658
https://issues.redhat.com/browse/SAT-25678
https://issues.redhat.com/browse/SAT-25713
https://issues.redhat.com/browse/SAT-25774
https://issues.redhat.com/browse/SAT-25789
https://issues.redhat.com/browse/SAT-25795
https://issues.redhat.com/browse/SAT-25813
https://issues.redhat.com/browse/SAT-25869
https://issues.redhat.com/browse/SAT-25936
https://issues.redhat.com/browse/SAT-25946
https://issues.redhat.com/browse/SAT-26012
https://issues.redhat.com/browse/SAT-26031
https://issues.redhat.com/browse/SAT-26040
https://issues.redhat.com/browse/SAT-26064
https://issues.redhat.com/browse/SAT-26078
https://issues.redhat.com/browse/SAT-26084
https://issues.redhat.com/browse/SAT-26105
https://issues.redhat.com/browse/SAT-26202
https://issues.redhat.com/browse/SAT-26242
https://issues.redhat.com/browse/SAT-26269
https://issues.redhat.com/browse/SAT-26397
https://issues.redhat.com/browse/SAT-26417
https://issues.redhat.com/browse/SAT-26493
https://issues.redhat.com/browse/SAT-26563
https://issues.redhat.com/browse/SAT-26588
https://issues.redhat.com/browse/SAT-26758
https://issues.redhat.com/browse/SAT-26762
https://issues.redhat.com/browse/SAT-26767
https://issues.redhat.com/browse/SAT-26834
https://issues.redhat.com/browse/SAT-26835
https://issues.redhat.com/browse/SAT-26837
https://issues.redhat.com/browse/SAT-26901
https://issues.redhat.com/browse/SAT-26967
https://issues.redhat.com/browse/SAT-27144
https://issues.redhat.com/browse/SAT-27182
https://issues.redhat.com/browse/SAT-27211
https://issues.redhat.com/browse/SAT-27276
https://issues.redhat.com/browse/SAT-27384
https://issues.redhat.com/browse/SAT-27401
https://issues.redhat.com/browse/SAT-27411
https://issues.redhat.com/browse/SAT-27485
https://issues.redhat.com/browse/SAT-27506
https://issues.redhat.com/browse/SAT-27512
https://issues.redhat.com/browse/SAT-27569
https://issues.redhat.com/browse/SAT-27593
https://issues.redhat.com/browse/SAT-27595
https://issues.redhat.com/browse/SAT-27604
https://issues.redhat.com/browse/SAT-27622
https://issues.redhat.com/browse/SAT-27676
https://issues.redhat.com/browse/SAT-27677
https://issues.redhat.com/browse/SAT-27702
https://issues.redhat.com/browse/SAT-27752
https://issues.redhat.com/browse/SAT-27778
https://issues.redhat.com/browse/SAT-27779
https://issues.redhat.com/browse/SAT-27814
https://issues.redhat.com/browse/SAT-27830
https://issues.redhat.com/browse/SAT-27834
https://issues.redhat.com/browse/SAT-27836
https://issues.redhat.com/browse/SAT-27891
https://issues.redhat.com/browse/SAT-27900
https://issues.redhat.com/browse/SAT-27901
https://issues.redhat.com/browse/SAT-27940
https://issues.redhat.com/browse/SAT-27943
https://issues.redhat.com/browse/SAT-27981
https://issues.redhat.com/browse/SAT-28012
https://issues.redhat.com/browse/SAT-28046
https://issues.redhat.com/browse/SAT-28048
https://issues.redhat.com/browse/SAT-28162
https://issues.redhat.com/browse/SAT-28269
https://issues.redhat.com/browse/SAT-28275
https://issues.redhat.com/browse/SAT-28336
https://issues.redhat.com/browse/SAT-28361
https://issues.redhat.com/browse/SAT-28362
https://issues.redhat.com/browse/SAT-28367
https://issues.redhat.com/browse/SAT-28394
https://issues.redhat.com/browse/SAT-28435
https://issues.redhat.com/browse/SAT-28467
https://issues.redhat.com/browse/SAT-28667
https://issues.redhat.com/browse/SAT-7770
https://issues.redhat.com/browse/SAT-8076


文章来源: https://packetstormsecurity.com/files/182519/RHSA-2024-8906-03.txt
如有侵权请联系:admin#unsafe.sh