RHSA-2023:0261
Vulnerability Summary
Timeline
Description
Red Hat Security Advisory: Satellite 6.12.1 Async Security Update
CVSS Metrics
- v3.1•HIGH•Score: 8.5CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected Systems
- redhat•candlepin
< 0:4.1.18-1.el8sat
- redhat•candlepin-selinux
< 0:4.1.18-1.el8sat
- redhat•foreman
< 0:3.3.0.18-1.el8sat
- redhat•foreman-cli
< 0:3.3.0.18-1.el8sat
- redhat•foreman-debug
< 0:3.3.0.18-1.el8sat
- redhat•foreman-dynflow-sidekiq
< 0:3.3.0.18-1.el8sat
- redhat•foreman-ec2
< 0:3.3.0.18-1.el8sat
- redhat•foreman-gce
< 0:3.3.0.18-1.el8sat
- redhat•foreman-journald
< 0:3.3.0.18-1.el8sat
- redhat•foreman-libvirt
< 0:3.3.0.18-1.el8sat
- redhat•foreman-openstack
< 0:3.3.0.18-1.el8sat
- redhat•foreman-ovirt
< 0:3.3.0.18-1.el8sat
- redhat•foreman-postgresql
< 0:3.3.0.18-1.el8sat
- redhat•foreman-service
< 0:3.3.0.18-1.el8sat
- redhat•foreman-telemetry
< 0:3.3.0.18-1.el8sat
- redhat•foreman-vmware
< 0:3.3.0.18-1.el8sat
- redhat•python-pulp-container
< 0:2.10.10-1.el8pc
- redhat•python-pulp-rpm
< 0:3.18.9-1.el8pc
- redhat•python-pulpcore
< 0:3.18.11-1.el8pc
- redhat•python39-pulp-container
< 0:2.10.10-1.el8pc
- redhat•python39-pulp-rpm
< 0:3.18.9-1.el8pc
- redhat•python39-pulpcore
< 0:3.18.11-1.el8pc
- redhat•rubygem-actioncable
< 0:6.0.6-2.el8sat
- redhat•rubygem-actionmailbox
< 0:6.0.6-2.el8sat
- redhat•rubygem-actionmailer
< 0:6.0.6-2.el8sat
- redhat•rubygem-actionpack
< 0:6.0.6-2.el8sat
- redhat•rubygem-actiontext
< 0:6.0.6-2.el8sat
- redhat•rubygem-actionview
< 0:6.0.6-2.el8sat
- redhat•rubygem-activejob
< 0:6.0.6-2.el8sat
- redhat•rubygem-activemodel
< 0:6.0.6-2.el8sat
- redhat•rubygem-activerecord
< 0:6.0.6-2.el8sat
- redhat•rubygem-activestorage
< 0:6.0.6-2.el8sat
- redhat•rubygem-activesupport
< 0:6.0.6-1.el8sat
- redhat•rubygem-foreman_rh_cloud
< 0:6.0.44-1.el8sat
- redhat•rubygem-foreman_webhooks
< 0:3.0.5-1.1.el8sat
- redhat•rubygem-katello
< 0:4.5.0.22-1.el8sat
- redhat•rubygem-rails
< 0:6.0.6-2.el8sat
- redhat•rubygem-railties
< 0:6.0.6-2.el8sat
- redhat•rubygem-smart_proxy_container_gateway
< 0:1.0.7-1.el8sat
- redhat•satellite
< 0:6.12.1-1.el8sat
- redhat•satellite-capsule
< 0:6.12.1-1.el8sat
- redhat•satellite-cli
< 0:6.12.1-1.el8sat
- redhat•satellite-clone
< 0:3.2.0-2.el8sat
- redhat•satellite-common
< 0:6.12.1-1.el8sat
References (31)
- https://access.redhat.com/errata/RHSA-2023:0261
- https://access.redhat.com/security/updates/classification/#critical
- https://bugzilla.redhat.com/show_bug.cgi?id=2082209
- https://bugzilla.redhat.com/show_bug.cgi?id=2108997
- https://bugzilla.redhat.com/show_bug.cgi?id=2135435
- https://bugzilla.redhat.com/show_bug.cgi?id=2141308
- https://bugzilla.redhat.com/show_bug.cgi?id=2150069
- https://bugzilla.redhat.com/show_bug.cgi?id=2150108
- https://bugzilla.redhat.com/show_bug.cgi?id=2150111
- https://bugzilla.redhat.com/show_bug.cgi?id=2150112
- https://bugzilla.redhat.com/show_bug.cgi?id=2150114
- https://bugzilla.redhat.com/show_bug.cgi?id=2150118
- https://bugzilla.redhat.com/show_bug.cgi?id=2150119
- https://bugzilla.redhat.com/show_bug.cgi?id=2150120
- https://bugzilla.redhat.com/show_bug.cgi?id=2150123
- https://bugzilla.redhat.com/show_bug.cgi?id=2150125
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0261.json
- https://access.redhat.com/security/cve/CVE-2022-32224
- https://www.cve.org/CVERecord?id=CVE-2022-32224
- https://nvd.nist.gov/vuln/detail/CVE-2022-32224
- https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017
- https://access.redhat.com/security/cve/CVE-2022-42003
- https://bugzilla.redhat.com/show_bug.cgi?id=2135244
- https://www.cve.org/CVERecord?id=CVE-2022-42003
- https://nvd.nist.gov/vuln/detail/CVE-2022-42003
- https://access.redhat.com/security/cve/CVE-2022-42889
- https://www.cve.org/CVERecord?id=CVE-2022-42889
- https://nvd.nist.gov/vuln/detail/CVE-2022-42889
- https://blogs.apache.org/security/entry/cve-2022-42889
- https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om
- https://seclists.org/oss-sec/2022/q4/22