RHSA-2023:5980

Description

Red Hat Security Advisory: Satellite 6.11.5.6 async security update

CVSS Metrics

• v3.1•CRITICAL•Score: 9.1CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected Systems

• redhat•foreman

  < 0:3.1.1.27-1.el7sat | < 0:3.1.1.27-1.el8sat

• redhat•foreman-cli

  < 0:3.1.1.27-1.el7sat | < 0:3.1.1.27-1.el8sat

• redhat•foreman-debug

  < 0:3.1.1.27-1.el7sat | < 0:3.1.1.27-1.el8sat

• redhat•foreman-dynflow-sidekiq

  < 0:3.1.1.27-1.el7sat | < 0:3.1.1.27-1.el8sat

• redhat•foreman-ec2

  < 0:3.1.1.27-1.el7sat | < 0:3.1.1.27-1.el8sat

• redhat•foreman-gce

  < 0:3.1.1.27-1.el7sat | < 0:3.1.1.27-1.el8sat

• redhat•foreman-journald

  < 0:3.1.1.27-1.el7sat | < 0:3.1.1.27-1.el8sat

• redhat•foreman-libvirt

  < 0:3.1.1.27-1.el7sat | < 0:3.1.1.27-1.el8sat

• redhat•foreman-openstack

  < 0:3.1.1.27-1.el7sat | < 0:3.1.1.27-1.el8sat

• redhat•foreman-ovirt

  < 0:3.1.1.27-1.el7sat | < 0:3.1.1.27-1.el8sat

• redhat•foreman-postgresql

  < 0:3.1.1.27-1.el7sat | < 0:3.1.1.27-1.el8sat

• redhat•foreman-service

  < 0:3.1.1.27-1.el7sat | < 0:3.1.1.27-1.el8sat

• redhat•foreman-telemetry

  < 0:3.1.1.27-1.el7sat | < 0:3.1.1.27-1.el8sat

• redhat•foreman-vmware

  < 0:3.1.1.27-1.el7sat | < 0:3.1.1.27-1.el8sat

• redhat•puppet-agent

  < 0:7.26.0-3.el7sat | < 0:7.26.0-3.el8sat

• redhat•rubygem-git

  < 0:1.18.0-0.1.el8sat

• redhat•tfm-rubygem-git

  < 0:1.18.0-0.1.el7sat

• redhat•yggdrasil-worker-forwarder

  < 0:0.0.3-1.el7sat | < 0:0.0.3-1.el8sat

References (46)

• https://access.redhat.com/errata/RHSA-2023:5980
• https://access.redhat.com/security/updates/classification/#important
• https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
• https://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html-single/upgrading_and_updating_red_hat_satellite/index#updating_satellite
• https://bugzilla.redhat.com/show_bug.cgi?id=2081494
• https://bugzilla.redhat.com/show_bug.cgi?id=2097310
• https://bugzilla.redhat.com/show_bug.cgi?id=2159291
• https://bugzilla.redhat.com/show_bug.cgi?id=2159672
• https://bugzilla.redhat.com/show_bug.cgi?id=2162970
• https://bugzilla.redhat.com/show_bug.cgi?id=2169385
• https://bugzilla.redhat.com/show_bug.cgi?id=2242803
• https://bugzilla.redhat.com/show_bug.cgi?id=2243296
• https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5980.json
• https://access.redhat.com/security/cve/CVE-2022-1292
• https://www.cve.org/CVERecord?id=CVE-2022-1292
• https://nvd.nist.gov/vuln/detail/CVE-2022-1292
• https://www.openssl.org/news/secadv/20220503.txt
• https://access.redhat.com/security/cve/CVE-2022-2068
• https://www.cve.org/CVERecord?id=CVE-2022-2068
• https://nvd.nist.gov/vuln/detail/CVE-2022-2068
• https://www.openssl.org/news/secadv/20220621.txt
• https://access.redhat.com/security/cve/CVE-2022-46648
• https://www.cve.org/CVERecord?id=CVE-2022-46648
• https://nvd.nist.gov/vuln/detail/CVE-2022-46648
• https://jvn.jp/en/jp/JVN16765254/
• https://access.redhat.com/security/cve/CVE-2022-47318
• https://www.cve.org/CVERecord?id=CVE-2022-47318
• https://nvd.nist.gov/vuln/detail/CVE-2022-47318
• https://access.redhat.com/security/cve/CVE-2023-0118
• https://www.cve.org/CVERecord?id=CVE-2023-0118
• https://nvd.nist.gov/vuln/detail/CVE-2023-0118
• https://access.redhat.com/security/cve/CVE-2023-0462
• https://www.cve.org/CVERecord?id=CVE-2023-0462
• https://nvd.nist.gov/vuln/detail/CVE-2023-0462
• https://access.redhat.com/security/cve/CVE-2023-39325
• https://www.cve.org/CVERecord?id=CVE-2023-39325
• https://nvd.nist.gov/vuln/detail/CVE-2023-39325
• https://access.redhat.com/security/cve/CVE-2023-44487
• https://go.dev/issue/63417
• https://pkg.go.dev/vuln/GO-2023-2102
• https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487
• https://www.cve.org/CVERecord?id=CVE-2023-44487
• https://nvd.nist.gov/vuln/detail/CVE-2023-44487
• https://github.com/dotnet/announcements/issues/277
• https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog