Issued:
2023-01-18
Updated:
2023-01-18

RHSA-2023:0261 - Security Advisory

Synopsis

Critical: Satellite 6.12.1 Async Security Update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated Satellite 6.12 packages that fixes critical security bugs and several regular bugs are now available for Red Hat Satellite.

Description

Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.

Security fix(es):
tfm-rubygem-activerecord: activerecord: Possible RCE escalation bug with Serialized Columns in Active Record (CVE-2022-32224)
candlepin: apache-commons-text: variable interpolation RCE (CVE-2022-42889)

This update fixes the following bugs:
2082209 - Another deadlock issue when syncing repos with high concurrency
2141308 - It appears that the egg is downloaded every time
2150069 - With every edit of an exising webhook, the value in password field disappears in Satellite 6.10/6.11/6.12
2150108 - Satellite-clone not working if ansible-core 2.13 is installed
2150111 - Insights recommendation sync failing in Satelliite
2150112 - Random failure of Inventory Sync
2150114 - Insights-client --register --verbose throwing error UnicodeEncodeError: 'ascii' codec can't encode character '\ufffd' in position 94: ordinal not in range(128)
2150118 - Error "no certificate or crl found" when using a http proxy as "Default Http Proxy" for content syncing or manifest operations in Satellite 6.12
2150119 - Content view publish fails when the content view and repository both have a large name with : Error message: the server returns an error HTTP status code: 500
2150123 = Inspecting an image with skopeo no longer works on Capsules
2150125 - Syncable exports across partitions causes ' Invalid cross-device link' error
2150120 - Upgrade to Satellite 6.12 may fail to apply RemoveDrpmFromIgnorableContent migration if erratum is also a ignorable content type for any repo

Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Satellite 6.12 x86_64
  • Red Hat Satellite Capsule 6.12 x86_64
  • Red Hat Enterprise Linux for x86_64 8 x86_64

Fixes

  • BZ - 2082209 - Another deadlock issue when syncing repos with high concurrency
  • BZ - 2108997 - CVE-2022-32224 activerecord: Possible RCE escalation bug with Serialized Columns in Active Record
  • BZ - 2135435 - CVE-2022-42889 apache-commons-text: variable interpolation RCE
  • BZ - 2141308 - It appears that the egg is downloaded every time
  • BZ - 2150069 - With every edit of an exising webhook, the value in password field disappears in Satellite 6.10/6.11/6.12
  • BZ - 2150108 - Satellite-clone not working if ansible-core 2.13 is installed
  • BZ - 2150111 - Insights recommendation sync failing in Satelliite
  • BZ - 2150112 - random failure of Inventory Sync
  • BZ - 2150114 - insights-client --register --verbose throwing error UnicodeEncodeError: 'ascii' codec can't encode character '\ufffd' in position 94: ordinal not in range(128)
  • BZ - 2150118 - Error "no certificate or crl found" when using a http proxy as "Default Http Proxy" for content syncing or manifest operations in Satellite 6.12
  • BZ - 2150119 - Content view publish fails when the content view and repository both have a large name with : Error message: the server returns an error HTTP status code: 500
  • BZ - 2150120 - Upgrade to Satellite 6.12 may fail to apply RemoveDrpmFromIgnorableContent migration if erratum is also a ignorable content type for any repo
  • BZ - 2150123 - Inspecting an image with skopeo no longer works on Capsules
  • BZ - 2150125 - Syncable exports across partitions causes ' Invalid cross-device link' error

Red Hat Satellite 6.12

SRPM
candlepin-4.1.18-1.el8sat.src.rpm SHA-256: 561247230ff7e99d896d552b778d65233262c545959d54276687893e87f3b594
foreman-3.3.0.18-1.el8sat.src.rpm SHA-256: fedd2d422f03e8d6232e89b00f38f8403471e2644e954185b87d1c15f89d32cb
python-pulp-container-2.10.10-1.el8pc.src.rpm SHA-256: cd6f1a17d6265dba862589d60eea2b0d74ba050b5571095f83f78204c9bcd5fb
python-pulp-rpm-3.18.9-1.el8pc.src.rpm SHA-256: 2dc0012a268125b99d449b4df3b171aaf72aff195d40acc87159f35b15a7ca2a
python-pulpcore-3.18.11-1.el8pc.src.rpm SHA-256: d8b01c749458a2b90808404a49911c1bd35fdb5962c7595d601f09678b20f794
rubygem-actioncable-6.0.6-2.el8sat.src.rpm SHA-256: 31e6d11e7b7f501b8020fa9f005c64519db0d02cada6c968bd843c60e9219c81
rubygem-actionmailbox-6.0.6-2.el8sat.src.rpm SHA-256: a84be9c95cfe5be3f847a315006f1c2a282b558a8198105a73e7425680cc2fc8
rubygem-actionmailer-6.0.6-2.el8sat.src.rpm SHA-256: 2588a0dfb56baa39163e9431abf6ce4a4ff19f9b4a811a10c2298628ab7d7de7
rubygem-actionpack-6.0.6-2.el8sat.src.rpm SHA-256: 291404d5ceb98943360b945cadfc05f6e8181d27d9cbded940dd46c8226be6f7
rubygem-actiontext-6.0.6-2.el8sat.src.rpm SHA-256: 0416ec87b4bdbc802684079b5b3a8b4975d3c823930a0a2287769c23a0fc33df
rubygem-actionview-6.0.6-2.el8sat.src.rpm SHA-256: 8a65dbaf02d7de8dc710f38f2d0747f345b898c5ebbd68887f28f0f647e58be9
rubygem-activejob-6.0.6-2.el8sat.src.rpm SHA-256: 05a6e14278b156027feece0993c12f1f8586ac77c181fbe165c2c863dbe37984
rubygem-activemodel-6.0.6-2.el8sat.src.rpm SHA-256: 62e905bd51bf4d9494940e56098f9bab0d2cd5104201df450c445f261f4618c9
rubygem-activerecord-6.0.6-2.el8sat.src.rpm SHA-256: 2e8d82c5ca535a5bcd4dac5e5827a8b1259b3021ebd094defcc7036d4eb53c90
rubygem-activestorage-6.0.6-2.el8sat.src.rpm SHA-256: 78761daf5ed5b844e1bfe709a0e6fed95f17f487b33e00495343e58609b92d6c
rubygem-activesupport-6.0.6-1.el8sat.src.rpm SHA-256: 46cc47a6c0f4441912db3cad29c64fa0c4dd4edeff8737cbe55f624711da4a13
rubygem-foreman_rh_cloud-6.0.44-1.el8sat.src.rpm SHA-256: 21ae39df61498bac2a3a218d3d15407dc333e71c20c31251eee30ebeab3300ad
rubygem-foreman_webhooks-3.0.5-1.1.el8sat.src.rpm SHA-256: de85af8510b4e1a02b6243716caabf975fa37ab4f7df294c0d5844e8d58b6a7b
rubygem-katello-4.5.0.22-1.el8sat.src.rpm SHA-256: 618d8bd5ccde392c8d3b10aa86592787f2a44b1f229a8b068024ddced1f784c6
rubygem-rails-6.0.6-2.el8sat.src.rpm SHA-256: 30f5170b2ff9706a90dda033246b1f846189bd9d0b64cbe3fa7f5daa363d64fc
rubygem-railties-6.0.6-2.el8sat.src.rpm SHA-256: 3575df4fdd8338a7bc01c858997acd5213f043c87fc6d894e5d4e846f4142e72
rubygem-smart_proxy_container_gateway-1.0.7-1.el8sat.src.rpm SHA-256: d25225fe207575004785594c7a797968efb5f3dc463fa5618824911825029226
satellite-6.12.1-1.el8sat.src.rpm SHA-256: 3a3be1e9d607f32dac9448f424ff0d51aac25197b0d7f5ec242a384e2d0a6963
x86_64
candlepin-4.1.18-1.el8sat.noarch.rpm SHA-256: ad6022877cc9f56e0fd77ef5e7a81e4a8db8c18f245e0eb8aa254123ffe275fb
candlepin-selinux-4.1.18-1.el8sat.noarch.rpm SHA-256: 0ca2b61fcb707865846579c16b299a76fc273389ded9883eaf2319abd6e8a547
foreman-3.3.0.18-1.el8sat.noarch.rpm SHA-256: cc4881c84b6f510ca4b7f16cd5a854093946a211e98e37d107a7c663da1bbec6
foreman-cli-3.3.0.18-1.el8sat.noarch.rpm SHA-256: 205e3b4d18a357980881d6ece2a7d8a0fbe5fb9ad10f6e27e7dbc3353ee0f15c
foreman-debug-3.3.0.18-1.el8sat.noarch.rpm SHA-256: 12bfe44c71f91bce4f9d14d2d04bd73454abe848e777f7dfe4dd7e243040528f
foreman-dynflow-sidekiq-3.3.0.18-1.el8sat.noarch.rpm SHA-256: 9ca1157f3a5712cd423f2f4ac46668cc4d6436d24ade3ad431d1b1f1aa877582
foreman-ec2-3.3.0.18-1.el8sat.noarch.rpm SHA-256: 9045c95764132129268681096fd5b078b6a0b0448a44bc3efcd831d414676f01
foreman-gce-3.3.0.18-1.el8sat.noarch.rpm SHA-256: 5e442082e1caf66809b0c81e8725f41f08558868432d9accec993664d21f0ec2
foreman-journald-3.3.0.18-1.el8sat.noarch.rpm SHA-256: a3c9a2a87c092351ad7e690c8aab45a54cd22b1c8db7c64b2213d2e8ec6f462a
foreman-libvirt-3.3.0.18-1.el8sat.noarch.rpm SHA-256: 9315d10a519fe92875e791a4b99320417eb84149615134188624cd0aedab430d
foreman-openstack-3.3.0.18-1.el8sat.noarch.rpm SHA-256: a6ec4bf9aee78505ff44b1c55a587fbda9d8234d5a7575d836e85fdbcf2dedb7
foreman-ovirt-3.3.0.18-1.el8sat.noarch.rpm SHA-256: 552ccff0a3775a1fa4eb493bd43e4d936db20c8fd1e0cf70d9f18db944aff8b2
foreman-postgresql-3.3.0.18-1.el8sat.noarch.rpm SHA-256: 9eb3601c3a49356a63a366a112b04b00a160e7ee6e92eee8a8c83a23d4004507
foreman-service-3.3.0.18-1.el8sat.noarch.rpm SHA-256: 3e72402b6cedd95ad6e37d461fa7ff31a1aeb9d4e9627c9875361fc5fa4c542e
foreman-telemetry-3.3.0.18-1.el8sat.noarch.rpm SHA-256: 979605e7187ecfab5e36511066f26550c7ce92936031738a46f414e4378bf20d
foreman-vmware-3.3.0.18-1.el8sat.noarch.rpm SHA-256: 9a66da85a2170d226d4c3038a4f5559ea39069546bf8c40e8e2aec9223bdb450
python39-pulp-container-2.10.10-1.el8pc.noarch.rpm SHA-256: 84ac2ee7857074b971a185187e780b912340724a48263f87668d7430cf010c65
python39-pulp-rpm-3.18.9-1.el8pc.noarch.rpm SHA-256: 64f3223da865364ce4cbae63de6cf4d691861422b1466db88149b0cf6dbd68ba
python39-pulpcore-3.18.11-1.el8pc.noarch.rpm SHA-256: 7a3d202d96fad2122e932da115effcda999e74a5675476090912efc18caa9786
rubygem-actioncable-6.0.6-2.el8sat.noarch.rpm SHA-256: 87fdd5dbb54c1d1be1df75e65d684aacd463370c87faffbef22e36a18c371379
rubygem-actionmailbox-6.0.6-2.el8sat.noarch.rpm SHA-256: 0ab3af02733d5c62242f20acf3dd14354bdbffe4bcacb5361c5505cb7af86f9d
rubygem-actionmailer-6.0.6-2.el8sat.noarch.rpm SHA-256: c02f7d419efd182714ee93565f47c30f9929d497b85e328e97bee0eddf28281e
rubygem-actionpack-6.0.6-2.el8sat.noarch.rpm SHA-256: d30eaf11aa6c569471fe12caddf8839dc63f68c4ef164cf68660a3e636e00d19
rubygem-actiontext-6.0.6-2.el8sat.noarch.rpm SHA-256: e091583c278829928256e34f4fe0d3a5b3ab4d5f2fa8cc3523a0db40d06ed714
rubygem-actionview-6.0.6-2.el8sat.noarch.rpm SHA-256: a0465479f248bcb4a33a8ed488e88234bd47a60256eeb9a00efaa94c370c0a41
rubygem-activejob-6.0.6-2.el8sat.noarch.rpm SHA-256: 5e6b5a917aa551ff9d789e28a9b700bf080ae1159b17182bc2c768a6d9876321
rubygem-activemodel-6.0.6-2.el8sat.noarch.rpm SHA-256: 78fa3666ac1ce42086bdac74f578dab4a16fcd7feb58bf76019ffe485f572e76
rubygem-activerecord-6.0.6-2.el8sat.noarch.rpm SHA-256: 911e8f4e956f76e7cc48e69228e657a5a2f06447e21316937e3bca8a14786991
rubygem-activestorage-6.0.6-2.el8sat.noarch.rpm SHA-256: 8db60be83a38c85daa190c321496b22bad2071155b801d2a4dd55f88a63a32f5
rubygem-activesupport-6.0.6-1.el8sat.noarch.rpm SHA-256: 8aef3959423815b7d2de7d172ef1ccd11e1b46a91996d455d574303fa9d1852a
rubygem-foreman_rh_cloud-6.0.44-1.el8sat.noarch.rpm SHA-256: fc3e08af550705c15d38ca9d2b345c966faa181e27f8d0fed4ce59519ee76ade
rubygem-foreman_webhooks-3.0.5-1.1.el8sat.noarch.rpm SHA-256: c1a15ab29873724656df5fa0c7fbfcf54db22dc980be672049b6da20503f5cda
rubygem-katello-4.5.0.22-1.el8sat.noarch.rpm SHA-256: b5dc595c446d3b09cfbd1ca3e560f0e2cea1a0d43f1cbf008e8b167e94fd1bbe
rubygem-rails-6.0.6-2.el8sat.noarch.rpm SHA-256: a418543b5598a97abc6b39732fb304dc0ac757ec6043d25de8ee8b6462db1668
rubygem-railties-6.0.6-2.el8sat.noarch.rpm SHA-256: abe0556b0565b81d09e6f6699fd5ab2b161681a9a0c915ae88f4f0e996dd8574
rubygem-smart_proxy_container_gateway-1.0.7-1.el8sat.noarch.rpm SHA-256: ef5b233817897809d1b706f5fdb7fe695d93107caf3134b996fe2901a5cbbe09
satellite-6.12.1-1.el8sat.noarch.rpm SHA-256: 3c81b543f57e0f682d70fbd5e46670ca6eaffd6aa976295c295f1cf1f973fc02
satellite-cli-6.12.1-1.el8sat.noarch.rpm SHA-256: 87c5539d875d7078c78db6fed2e1afdcf304413f23d1d05f99aa491da223ab46
satellite-common-6.12.1-1.el8sat.noarch.rpm SHA-256: 60dfe63c002eb68116467abbc06bc6d0c9d8d9fff706d08bbf41075ac4a0f725

Red Hat Satellite Capsule 6.12

SRPM
foreman-3.3.0.18-1.el8sat.src.rpm SHA-256: fedd2d422f03e8d6232e89b00f38f8403471e2644e954185b87d1c15f89d32cb
python-pulp-container-2.10.10-1.el8pc.src.rpm SHA-256: cd6f1a17d6265dba862589d60eea2b0d74ba050b5571095f83f78204c9bcd5fb
python-pulp-rpm-3.18.9-1.el8pc.src.rpm SHA-256: 2dc0012a268125b99d449b4df3b171aaf72aff195d40acc87159f35b15a7ca2a
python-pulpcore-3.18.11-1.el8pc.src.rpm SHA-256: d8b01c749458a2b90808404a49911c1bd35fdb5962c7595d601f09678b20f794
rubygem-smart_proxy_container_gateway-1.0.7-1.el8sat.src.rpm SHA-256: d25225fe207575004785594c7a797968efb5f3dc463fa5618824911825029226
satellite-6.12.1-1.el8sat.src.rpm SHA-256: 3a3be1e9d607f32dac9448f424ff0d51aac25197b0d7f5ec242a384e2d0a6963
x86_64
foreman-debug-3.3.0.18-1.el8sat.noarch.rpm SHA-256: 12bfe44c71f91bce4f9d14d2d04bd73454abe848e777f7dfe4dd7e243040528f
python39-pulp-container-2.10.10-1.el8pc.noarch.rpm SHA-256: 84ac2ee7857074b971a185187e780b912340724a48263f87668d7430cf010c65
python39-pulp-rpm-3.18.9-1.el8pc.noarch.rpm SHA-256: 64f3223da865364ce4cbae63de6cf4d691861422b1466db88149b0cf6dbd68ba
python39-pulpcore-3.18.11-1.el8pc.noarch.rpm SHA-256: 7a3d202d96fad2122e932da115effcda999e74a5675476090912efc18caa9786
rubygem-smart_proxy_container_gateway-1.0.7-1.el8sat.noarch.rpm SHA-256: ef5b233817897809d1b706f5fdb7fe695d93107caf3134b996fe2901a5cbbe09
satellite-capsule-6.12.1-1.el8sat.noarch.rpm SHA-256: 80e346fa27f5791e671843f9b4d16c9b9e029703497cc911bae6d1576d8a8350
satellite-common-6.12.1-1.el8sat.noarch.rpm SHA-256: 60dfe63c002eb68116467abbc06bc6d0c9d8d9fff706d08bbf41075ac4a0f725

Red Hat Enterprise Linux for x86_64 8

SRPM
foreman-3.3.0.18-1.el8sat.src.rpm SHA-256: fedd2d422f03e8d6232e89b00f38f8403471e2644e954185b87d1c15f89d32cb
satellite-6.12.1-1.el8sat.src.rpm SHA-256: 3a3be1e9d607f32dac9448f424ff0d51aac25197b0d7f5ec242a384e2d0a6963
satellite-clone-3.2.0-2.el8sat.src.rpm SHA-256: 36047acaca260efa34761fc1ead8175b1a7f8cffdb327955ef030bb164c22037
x86_64
foreman-cli-3.3.0.18-1.el8sat.noarch.rpm SHA-256: 205e3b4d18a357980881d6ece2a7d8a0fbe5fb9ad10f6e27e7dbc3353ee0f15c
satellite-cli-6.12.1-1.el8sat.noarch.rpm SHA-256: 87c5539d875d7078c78db6fed2e1afdcf304413f23d1d05f99aa491da223ab46
satellite-clone-3.2.0-2.el8sat.noarch.rpm SHA-256: fc63c6aeb9601abee4d260e0046984aad80926a5130023fd92dca8af031e50cc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.