- Issued:
- 2023-04-04
- Updated:
- 2023-04-04
RHSA-2023:1630 - Security Advisory
Synopsis
Important: Satellite 6.12.3 Async Security Update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated Satellite 6.12 packages that fixes important security bugs and several
regular bugs are now available for Red Hat Satellite.
Description
Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.
Security fix(es):
- Candlepin: PreparedStatement.setText(int, InputStream) will create a temporary file if the InputStream is larger than 2k (CVE-2022-41946)
This update fixes the following bugs:
2163538 - Pages Blank
2174984 - Getting 'null value in column \"image_manifest_id\" violates not-null constraint' when syncing openstack container repos
2174987 - (Regression of 2033940) Error: AttributeError: 'NoneType' object has no attribute 'cast' thrown while listing repository versions
2174994 - VMware Image based Provisioning fails with error- : Could not find virtual machine network interface matching <IP>
2174997 - Package and Errata actions on content hosts selected using the "select all hosts" option fails.
2174998 - Subscription can't be blank, A Pool and its Subscription cannot belong to different organizations
2175002 - Getting "undefined method `schema_version' for nil:NilClass" while syncing from quay.io
2175005 - New kickstart_kernel_options snippet breaks UEFI (Grub2) PXE provisioning when boot_mode is static
2175008 - RHEL 9 as Guest OS is not available on Satellite 6.11
2174995 - Health check should use hostname -f
2175007 - [regression] data.yml is referring to old sync plain id which does not exist in katello_sync_plans
2176272 - new wait task introduced by rh_cloud 6.0.44 is not recognized by maintain as OK to interrupt
2175010 - Some custom repositories are failing to synchorize with error "This field may not be blank" after upgrading to Red Hat Satellite 6.11
2176922 - [RFE] Need syncable yum-format repository imports
2175003 - Can't perform incremental content exports in syncable format
Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat Satellite 6.12 x86_64
- Red Hat Satellite Capsule 6.12 x86_64
- Red Hat Enterprise Linux for x86_64 8 x86_64
Fixes
- BZ - 2153399 - CVE-2022-41946 postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions
- BZ - 2163538 - Pages Blank
- BZ - 2174984 - Getting 'null value in column \"image_manifest_id\" violates not-null constraint' when syncing openstack container repos
- BZ - 2174987 - (Regression of 2033940) Error: AttributeError: 'NoneType' object has no attribute 'cast' thrown while listing repository versions
- BZ - 2174994 - VMware Image based Provisioning fails with error- : Could not find virtual machine network interface matching <IP>
- BZ - 2174995 - Health check should use hostname -f
- BZ - 2174997 - Package and Errata actions on content hosts selected using the "select all hosts" option fails.
- BZ - 2174998 - Subscription can't be blank, A Pool and its Subscription cannot belong to different organizations
- BZ - 2175002 - Getting "undefined method `schema_version' for nil:NilClass" while syncing from quay.io
- BZ - 2175003 - Can't perform incremental content exports in syncable format
- BZ - 2175005 - New kickstart_kernel_options snippet breaks UEFI (Grub2) PXE provisioning when boot_mode is static
- BZ - 2175007 - [regression] data.yml is referring to old sync plain id which does not exist in katello_sync_plans
- BZ - 2175008 - RHEL 9 as Guest OS is not available on Satellite 6.11
- BZ - 2175010 - Some custom repositories are failing to synchorize with error "This field may not be blank" after upgrading to Red Hat Satellite 6.11
- BZ - 2176272 - new wait task introduced by rh_cloud 6.0.44 is not recognized by maintain as OK to interrupt
- BZ - 2176922 - [RFE] Need syncable yum-format repository imports
CVEs
Red Hat Satellite 6.12
| SRPM | |
|---|---|
| candlepin-4.1.20-1.el8sat.src.rpm | SHA-256: 346847657c60ccd666ce5fed8b093ad697aa8dcdc4d1dbd493e5b06492dbc41b |
| foreman-3.3.0.21-2.el8sat.src.rpm | SHA-256: 3f0834a984705c55daebe4168023bfc040eedb4a7a1123fbab9c8acc11984f49 |
| python-django-3.2.16-1.el8pc.src.rpm | SHA-256: f516eac58d9354c32d84d9f15396e942543fba4dbf389fcb0bacdd91f7520345 |
| python-pulp-container-2.10.12-1.el8pc.src.rpm | SHA-256: 9b70d268759ff149f697e0a3b819bbb0bbcd294deeca9903fb9aaaf17d8d707f |
| python-pulpcore-3.18.16-1.el8pc.src.rpm | SHA-256: 8a1be5f6f590196c1b6bc9c95334ccf9a68e94ec9debecdf61fb1eea00b2c0cb |
| rubygem-fog-vsphere-3.6.0-1.el8sat.src.rpm | SHA-256: 6bb8b6682f02465d1d14b1a56d41394e975999ce4d2329415a2f76055e113c95 |
| rubygem-foreman_maintain-1.1.12-1.el8sat.src.rpm | SHA-256: 331ad894085a8d7feb30dec40a7e2d87ddaf9bfe247dbf2137ae82666012d71e |
| rubygem-hammer_cli_katello-1.6.0.2-1.el8sat.src.rpm | SHA-256: 1ec9a4b7c068a5b9b6be73b45648cab76d194df243f23832b27a3ac06b83aa70 |
| rubygem-katello-4.5.0.32-1.el8sat.src.rpm | SHA-256: e2096e5e31a246c25899840cbe1ca3c78816ab650fc0561b91f274394d603d5d |
| rubygem-optimist-3.0.1-1.el8sat.src.rpm | SHA-256: 8d827772525c54a2313617817e0cb3e1d817b510b22516124756562d483ebe0b |
| rubygem-rbvmomi2-3.6.0-2.el8sat.src.rpm | SHA-256: 139896162b7570f89ddccde5a539e8ec12e561c9a276b9e5edf2676aca6d6be8 |
| satellite-6.12.3-1.el8sat.src.rpm | SHA-256: b7e2fbaa5f82ce1cd824960060a7363e691a5c4de41f716b15b46a17a67ebfa2 |
| x86_64 | |
| candlepin-4.1.20-1.el8sat.noarch.rpm | SHA-256: dc65236f025d116ca4ad42f7f8799a170f2f367da05a0cae6750fb900a2876a9 |
| candlepin-selinux-4.1.20-1.el8sat.noarch.rpm | SHA-256: fc8e96387613765708cf515226be3f5c37bfe429c9f0c3c51e56854acb2f7e2d |
| foreman-3.3.0.21-2.el8sat.noarch.rpm | SHA-256: faeefbb4fc2baea56fd5f1c9206eedd7358c51b461fbc655cc26decfc7cd1214 |
| foreman-cli-3.3.0.21-2.el8sat.noarch.rpm | SHA-256: c2827b228f4d3375e90815a60e29c5845a397c17da8d7e49762cfd11334d3f25 |
| foreman-debug-3.3.0.21-2.el8sat.noarch.rpm | SHA-256: c12ff146996ad3c77a4f358c4de39646ed5ce0ecfaff2a20429f1b136d7f277a |
| foreman-dynflow-sidekiq-3.3.0.21-2.el8sat.noarch.rpm | SHA-256: c918d6d92d807c7656db823d6a541e336f865e35af251c8dfd63496250fab570 |
| foreman-ec2-3.3.0.21-2.el8sat.noarch.rpm | SHA-256: 5a88d481dbea5be0d7e962cdf6c07bc80af1be3c6f34d9db095d83f7e7ed30b6 |
| foreman-gce-3.3.0.21-2.el8sat.noarch.rpm | SHA-256: 4128972a65e69dacd8d531937a7f82678fd80e7c5040a1b272eb25041dd218fa |
| foreman-journald-3.3.0.21-2.el8sat.noarch.rpm | SHA-256: c608ed0033b2b41d44ba0fd34093f29e391b49e74770a70bcca3db2f536cd8f0 |
| foreman-libvirt-3.3.0.21-2.el8sat.noarch.rpm | SHA-256: 08fdd54b81c925119a5fa5e487ae4e2269b2b969ea3f580733fa922491eab757 |
| foreman-openstack-3.3.0.21-2.el8sat.noarch.rpm | SHA-256: bd746df415a61eb9fc67345a8bb9f04443465995b040a270b1e6a3397600098c |
| foreman-ovirt-3.3.0.21-2.el8sat.noarch.rpm | SHA-256: 79ff5697671109bafb9df7cc00668031bfb9db3b4db956c3b4087817d4204ef6 |
| foreman-postgresql-3.3.0.21-2.el8sat.noarch.rpm | SHA-256: 4f0f0eff13d0b026b501325e5a2c3b1fffefad74fd5902490bc48b0f78bd222f |
| foreman-service-3.3.0.21-2.el8sat.noarch.rpm | SHA-256: 463d6ade4bcc36329737f091999680bd4e6e4536a1905121d6056c48afb59f4a |
| foreman-telemetry-3.3.0.21-2.el8sat.noarch.rpm | SHA-256: ebaa35df47c9a3df8dc24812b6e2306427d5b31c3c8a942a14f884c69bbe11eb |
| foreman-vmware-3.3.0.21-2.el8sat.noarch.rpm | SHA-256: 56b5e3351b4e6d3a50f0693f99c510531d03b99b2c178d7dbc4e2dffbec63c25 |
| python39-django-3.2.16-1.el8pc.noarch.rpm | SHA-256: 9c7924cd8936834939e8310b99bc76e378bdd5a0a6a2f4056722e320dd83cdab |
| python39-pulp-container-2.10.12-1.el8pc.noarch.rpm | SHA-256: dc424db94f97169493bf4f2e103ef1893556e5d5266e0104d9ce41957795019e |
| python39-pulpcore-3.18.16-1.el8pc.noarch.rpm | SHA-256: 9da831af382222aff43f7c775e0ae8046889db2387256f99d80910c9e93a3289 |
| rubygem-fog-vsphere-3.6.0-1.el8sat.noarch.rpm | SHA-256: 835ea0ef40bf1c14e96ec60d198229f10c87a1f5dd6e96d92a458127245d7c29 |
| rubygem-foreman_maintain-1.1.12-1.el8sat.noarch.rpm | SHA-256: 083d754e6d15eea7edaab8860d9fa92d0263e06c091858ef7d33d0dbd871e8d3 |
| rubygem-hammer_cli_katello-1.6.0.2-1.el8sat.noarch.rpm | SHA-256: eacaa1c9db05481b06057815d41e3c478372545c2e13f3f6531e83dd0b524870 |
| rubygem-katello-4.5.0.32-1.el8sat.noarch.rpm | SHA-256: 3d751404ab52f30bbb3a4daf3ade1ea53b79ece842972bce56a4b0752461ffe8 |
| rubygem-optimist-3.0.1-1.el8sat.noarch.rpm | SHA-256: 86b074fa0d85d682ee363305aba3c9cb8718731e2eedf029ebeb57bc114fa3cb |
| rubygem-rbvmomi2-3.6.0-2.el8sat.noarch.rpm | SHA-256: 0ba4ce5c54a92422bf11fd0e6b00e19f19d06e568f19ef03a8323019c2ea4a8c |
| satellite-6.12.3-1.el8sat.noarch.rpm | SHA-256: f4871f88055d2a83f72ec1cce0bbf1f99abdd16d6efbce0b51e0f4b510755b43 |
| satellite-cli-6.12.3-1.el8sat.noarch.rpm | SHA-256: a38562ac2f1cd9ac188d08076fac181a77ad2bc79a1690e2af82442ae8b2f0aa |
| satellite-common-6.12.3-1.el8sat.noarch.rpm | SHA-256: b5e86c99c39949e1bb9ae210246aea65b3b0b09f7600cf11ed46ec2fe5561015 |
Red Hat Satellite Capsule 6.12
| SRPM | |
|---|---|
| foreman-3.3.0.21-2.el8sat.src.rpm | SHA-256: 3f0834a984705c55daebe4168023bfc040eedb4a7a1123fbab9c8acc11984f49 |
| python-django-3.2.16-1.el8pc.src.rpm | SHA-256: f516eac58d9354c32d84d9f15396e942543fba4dbf389fcb0bacdd91f7520345 |
| python-pulp-container-2.10.12-1.el8pc.src.rpm | SHA-256: 9b70d268759ff149f697e0a3b819bbb0bbcd294deeca9903fb9aaaf17d8d707f |
| python-pulpcore-3.18.16-1.el8pc.src.rpm | SHA-256: 8a1be5f6f590196c1b6bc9c95334ccf9a68e94ec9debecdf61fb1eea00b2c0cb |
| rubygem-foreman_maintain-1.1.12-1.el8sat.src.rpm | SHA-256: 331ad894085a8d7feb30dec40a7e2d87ddaf9bfe247dbf2137ae82666012d71e |
| satellite-6.12.3-1.el8sat.src.rpm | SHA-256: b7e2fbaa5f82ce1cd824960060a7363e691a5c4de41f716b15b46a17a67ebfa2 |
| x86_64 | |
| foreman-debug-3.3.0.21-2.el8sat.noarch.rpm | SHA-256: c12ff146996ad3c77a4f358c4de39646ed5ce0ecfaff2a20429f1b136d7f277a |
| python39-django-3.2.16-1.el8pc.noarch.rpm | SHA-256: 9c7924cd8936834939e8310b99bc76e378bdd5a0a6a2f4056722e320dd83cdab |
| python39-pulp-container-2.10.12-1.el8pc.noarch.rpm | SHA-256: dc424db94f97169493bf4f2e103ef1893556e5d5266e0104d9ce41957795019e |
| python39-pulpcore-3.18.16-1.el8pc.noarch.rpm | SHA-256: 9da831af382222aff43f7c775e0ae8046889db2387256f99d80910c9e93a3289 |
| rubygem-foreman_maintain-1.1.12-1.el8sat.noarch.rpm | SHA-256: 083d754e6d15eea7edaab8860d9fa92d0263e06c091858ef7d33d0dbd871e8d3 |
| satellite-capsule-6.12.3-1.el8sat.noarch.rpm | SHA-256: 8de3c3d399222bdf6b56fc4af2b5bb78f7bc258d6ef008efe9887e831a743edf |
| satellite-common-6.12.3-1.el8sat.noarch.rpm | SHA-256: b5e86c99c39949e1bb9ae210246aea65b3b0b09f7600cf11ed46ec2fe5561015 |
Red Hat Enterprise Linux for x86_64 8
| SRPM | |
|---|---|
| foreman-3.3.0.21-2.el8sat.src.rpm | SHA-256: 3f0834a984705c55daebe4168023bfc040eedb4a7a1123fbab9c8acc11984f49 |
| rubygem-foreman_maintain-1.1.12-1.el8sat.src.rpm | SHA-256: 331ad894085a8d7feb30dec40a7e2d87ddaf9bfe247dbf2137ae82666012d71e |
| rubygem-hammer_cli_katello-1.6.0.2-1.el8sat.src.rpm | SHA-256: 1ec9a4b7c068a5b9b6be73b45648cab76d194df243f23832b27a3ac06b83aa70 |
| satellite-6.12.3-1.el8sat.src.rpm | SHA-256: b7e2fbaa5f82ce1cd824960060a7363e691a5c4de41f716b15b46a17a67ebfa2 |
| x86_64 | |
| foreman-cli-3.3.0.21-2.el8sat.noarch.rpm | SHA-256: c2827b228f4d3375e90815a60e29c5845a397c17da8d7e49762cfd11334d3f25 |
| rubygem-foreman_maintain-1.1.12-1.el8sat.noarch.rpm | SHA-256: 083d754e6d15eea7edaab8860d9fa92d0263e06c091858ef7d33d0dbd871e8d3 |
| rubygem-hammer_cli_katello-1.6.0.2-1.el8sat.noarch.rpm | SHA-256: eacaa1c9db05481b06057815d41e3c478372545c2e13f3f6531e83dd0b524870 |
| satellite-cli-6.12.3-1.el8sat.noarch.rpm | SHA-256: a38562ac2f1cd9ac188d08076fac181a77ad2bc79a1690e2af82442ae8b2f0aa |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.