Red Hat Product Errata RHSA-2022:1708 - Security Advisory
Issued:
2022-05-04
Updated:
2022-05-04

RHSA-2022:1708 - Security Advisory

Synopsis

Important: Satellite 6.10.5 Async Bug Fix Update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated Satellite 6.10 packages that fix several bugs are now available for Red Hat Satellite.

Description

Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.

Security Fix(es):

2023859 puppet: unsafe HTTP redirect (CVE-2021-27023)
2023853 puppet: silent configuration failure in agent (CVE-2021-27025)

This update fixes the following bugs:

2070996 Upgrade to Satellite 6.10 fails at db:migrate stage if there are errata reference present for some ostree\puppet type repos
2070991 Warning: postgresql.service changed on disk, when calling foreman-maintain service restart
2071004 Config report upload failed with No smart proxy server found on [capsule.example.com] and is not in trusted_hosts
2070984 Uploading external DISA SCAP content to satellite 6.10 fails with exception Invalid SCAP file type
2075031 Content Import does not delete version on failure
2070985 Upgrading from Satellite 6.9 to Satellite 6.10.3 fails with error undefined method operatingsystems for nil:NilClass during the db:migrate step
2070994 Index content is creating duplicated errata in katello_erratum table after upgrading to Satellite 6.10
2070999 Fail to import contents when the connected and disconnected Satellite have different product labels for the same product
2071002 Error when importing content and same package belongs to multiple repositories
2071006 Content not accessible after importing
2076979 Wrong satellite version on login screen
2077046 Upgrade fails during db:migrate with PG::ForeignKeyViolation: ERROR: update or delete on table katello_errata violates foreign key constraint katello_content_facet_errata_errata_id

Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For detailed instructions how to apply this update, refer to:

https://access.redhat.com/documentation/en-us/red_hat_satellite/6.10/html/upgrading_and_updating_red_hat_satellite/updating_satellite_server_capsule_server_and_content_hosts

Affected Products

  • Red Hat Satellite 6.10 x86_64
  • Red Hat Satellite Capsule 6.10 x86_64

Fixes

  • BZ - 2023853 - CVE-2021-27025 puppet: silent configuration failure in agent
  • BZ - 2023859 - CVE-2021-27023 puppet: unsafe HTTP redirect
  • BZ - 2070984 - Uploading external DISA SCAP content to satellite 6.10 fails with exception "Invalid SCAP file type"
  • BZ - 2070985 - Upgrading from Satellite 6.9 to Satellite 6.10.3 fails with error "undefined method operatingsystems' for nil:NilClass" during the db:migrate step
  • BZ - 2070991 - Warning: postgresql.service changed on disk, when calling foreman-maintain service restart
  • BZ - 2070994 - Index content is creating duplicated errata in "katello_erratum" table after upgrading to Satellite 6.10
  • BZ - 2070996 - Upgrade to Satellite 6.10 fails at db:migrate stage if there are errata reference present for some ostree\puppet type repos
  • BZ - 2070999 - Fail to import contents when the connected and disconnected Satellite have different product labels for the same product
  • BZ - 2071002 - Error when importing content and same package belongs to multiple repositories
  • BZ - 2071004 - Config report upload failed with "No smart proxy server found on ["capsule.example.com"] and is not in trusted_hosts"
  • BZ - 2071006 - Content not accessible after importing
  • BZ - 2075031 - Content Import does not delete version on failure
  • BZ - 2076979 - Wrong satellite version on login screen
  • BZ - 2077046 - Upgrade fails during db:migrate with PG::ForeignKeyViolation: ERROR: update or delete on table "katello_errata" violates foreign key constraint "katello_content_facet_errata_errata_id"

Red Hat Satellite 6.10

SRPM
foreman-2.5.2.21-1.el7sat.src.rpm SHA-256: 94bbde824a8855f9273d379b458d106f9a2620910f643b4bf58f5425f3da18c4
foreman-installer-2.5.2.14-1.el7sat.src.rpm SHA-256: 241bb066308417504ddcbe1f5dc2c80e159e7adba51914577ee41f7968e3844b
puppet-agent-6.26.0-1.el7sat.src.rpm SHA-256: 4b54010a91ee8ffafe075b64c4003ad988d42c9316766dddd1fa73fcb4e25bfd
puppetserver-6.18.0-1.el7sat.src.rpm SHA-256: dcb912fb60c55732164584ac91ab58a4c55f09f197d4dba7e7cbf386aa6477f5
satellite-6.10.5-1.el7sat.src.rpm SHA-256: eb2184e8560a7764d94c9e8f0ab73ff274eda850ad681cb8cbf5ffa5106d438b
tfm-rubygem-katello-4.1.1.55-1.el7sat.src.rpm SHA-256: 6af276213dceb299a4480cad86d959573be0bd6cba7cae777dd70eb8a7ebe502
tfm-rubygem-smart_proxy_openscap-0.9.2-1.el7sat.src.rpm SHA-256: dab252cfca589d1d043b2dafa501aa4dfd7a43549ced1d9a27f812a379420364
x86_64
foreman-2.5.2.21-1.el7sat.noarch.rpm SHA-256: 33dc9e069a4b8115ccd69f58318e950339aed463c93a5d3951c0647188a53f80
foreman-cli-2.5.2.21-1.el7sat.noarch.rpm SHA-256: f59de9f57d06fae2de770a88da1b3265345383c68251b57573c7edf900ba501e
foreman-debug-2.5.2.21-1.el7sat.noarch.rpm SHA-256: d0587e4af58ad327338862d34cd8a150c085801bed88a593a0a5248def480914
foreman-dynflow-sidekiq-2.5.2.21-1.el7sat.noarch.rpm SHA-256: bdff5898e6af0e46c00f62de6f3043b2cde0d771f276ff24827271420d09ec33
foreman-ec2-2.5.2.21-1.el7sat.noarch.rpm SHA-256: 9ba70bf37f0a66a3c7d35a2590a8b5a209a7248f9b46fa0b76b698c4eb1497b8
foreman-gce-2.5.2.21-1.el7sat.noarch.rpm SHA-256: 496255bd7a87a1c3996e17199e89a00a899688a766b03861cd670a9506b47c87
foreman-installer-2.5.2.14-1.el7sat.noarch.rpm SHA-256: eeeda268f26b26b01d661077640c661c3fd9e2723b0fbcf116f3e4ba6a11121a
foreman-installer-katello-2.5.2.14-1.el7sat.noarch.rpm SHA-256: de5528b21941eaef123f8e611395d4319d060d69131413dee287c9afddf28ac9
foreman-journald-2.5.2.21-1.el7sat.noarch.rpm SHA-256: 6d558f6ea02fb6d62ed4c2a0a211de14f133a344a3003cafd3cf02eed675e44e
foreman-libvirt-2.5.2.21-1.el7sat.noarch.rpm SHA-256: 25579fd4c50c6758471917d6b6823ab6d7528fc6a2aafa38febe49991efa570d
foreman-openstack-2.5.2.21-1.el7sat.noarch.rpm SHA-256: 3cad0d6ba92e47561422eb1874bdd991011671087244a02af50fb30d1c6b6358
foreman-ovirt-2.5.2.21-1.el7sat.noarch.rpm SHA-256: 6143996888c8dccb74efbeed6de9c15aee5eb6e97b2a7969e56b051c1894d9cd
foreman-postgresql-2.5.2.21-1.el7sat.noarch.rpm SHA-256: bf9200100e4f5a6757bb4311a4f32caf29bb178d4f460ff8ca25a537cfd52f35
foreman-service-2.5.2.21-1.el7sat.noarch.rpm SHA-256: de90508801bdcf8b395e34da42f5544616c1fedacafb28fbb1583ea5f970ca81
foreman-telemetry-2.5.2.21-1.el7sat.noarch.rpm SHA-256: 4ea5d1f9de8606d7fb8bdd66684a8811322e101f4e85d34fff326dddb724d590
foreman-vmware-2.5.2.21-1.el7sat.noarch.rpm SHA-256: 40ea8f4ce72551b3f6d1536e02c4bac30b809fe0165b081a88e78521458b196e
puppet-agent-6.26.0-1.el7sat.x86_64.rpm SHA-256: 6cb336f7438068db6128648f43bf826a8a3b096954f92537d4eaefe286304e06
puppetserver-6.18.0-1.el7sat.noarch.rpm SHA-256: 301cc35fd03649ac293d782020a71b3e5d158ddbedea043d3cc90754670587f3
satellite-6.10.5-1.el7sat.noarch.rpm SHA-256: e3ee11a8212e0b0b4779f3499e44a30569d8e100223f25145d6de91f3d169b7a
satellite-cli-6.10.5-1.el7sat.noarch.rpm SHA-256: d0c83acacff1dbd98c61011da2bd165aad2f74d05f7b819c3f1cc9de34d544f5
satellite-common-6.10.5-1.el7sat.noarch.rpm SHA-256: e389405300e1d6feb82ce4c32d41dfeb0fa88715fff1362ca2aa15dd97db6746
tfm-rubygem-katello-4.1.1.55-1.el7sat.noarch.rpm SHA-256: 192ca6c89c938e2948a4f71d875439495338236dbd95df4dc4ef3dcd2d4fc728
tfm-rubygem-smart_proxy_openscap-0.9.2-1.el7sat.noarch.rpm SHA-256: b3d1f792727a1481dfb6c49ae3249cf7aa640632fb26bb825dd384a188dcf125

Red Hat Satellite Capsule 6.10

SRPM
foreman-2.5.2.21-1.el7sat.src.rpm SHA-256: 94bbde824a8855f9273d379b458d106f9a2620910f643b4bf58f5425f3da18c4
foreman-installer-2.5.2.14-1.el7sat.src.rpm SHA-256: 241bb066308417504ddcbe1f5dc2c80e159e7adba51914577ee41f7968e3844b
puppet-agent-6.26.0-1.el7sat.src.rpm SHA-256: 4b54010a91ee8ffafe075b64c4003ad988d42c9316766dddd1fa73fcb4e25bfd
puppetserver-6.18.0-1.el7sat.src.rpm SHA-256: dcb912fb60c55732164584ac91ab58a4c55f09f197d4dba7e7cbf386aa6477f5
satellite-6.10.5-1.el7sat.src.rpm SHA-256: eb2184e8560a7764d94c9e8f0ab73ff274eda850ad681cb8cbf5ffa5106d438b
tfm-rubygem-smart_proxy_openscap-0.9.2-1.el7sat.src.rpm SHA-256: dab252cfca589d1d043b2dafa501aa4dfd7a43549ced1d9a27f812a379420364
x86_64
foreman-debug-2.5.2.21-1.el7sat.noarch.rpm SHA-256: d0587e4af58ad327338862d34cd8a150c085801bed88a593a0a5248def480914
foreman-installer-2.5.2.14-1.el7sat.noarch.rpm SHA-256: eeeda268f26b26b01d661077640c661c3fd9e2723b0fbcf116f3e4ba6a11121a
foreman-installer-katello-2.5.2.14-1.el7sat.noarch.rpm SHA-256: de5528b21941eaef123f8e611395d4319d060d69131413dee287c9afddf28ac9
puppet-agent-6.26.0-1.el7sat.x86_64.rpm SHA-256: 6cb336f7438068db6128648f43bf826a8a3b096954f92537d4eaefe286304e06
puppetserver-6.18.0-1.el7sat.noarch.rpm SHA-256: 301cc35fd03649ac293d782020a71b3e5d158ddbedea043d3cc90754670587f3
satellite-capsule-6.10.5-1.el7sat.noarch.rpm SHA-256: 53314b75b2429a04e1ac3f8e74bc900f821cb0e2e249779cd88421841968d86d
satellite-common-6.10.5-1.el7sat.noarch.rpm SHA-256: e389405300e1d6feb82ce4c32d41dfeb0fa88715fff1362ca2aa15dd97db6746
tfm-rubygem-smart_proxy_openscap-0.9.2-1.el7sat.noarch.rpm SHA-256: b3d1f792727a1481dfb6c49ae3249cf7aa640632fb26bb825dd384a188dcf125

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.