Issued:: 2023-08-03
Updated:: 2023-09-18

RHSA-2023:4466 - Security Advisory

Overview
Updated Packages

Synopsis

Important: Satellite 6.13.3 Async Security Update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated Satellite 6.13 packages that fixes important security bugs and several
regular bugs are now available for Red Hat Satellite.

Description

Red Hat Satellite is a system management solution that allows organizations
to configure and maintain their systems without the necessity to provide
public Internet access to their servers or other client systems. It
performs provisioning and configuration management of predefined standard
operating environments.

Security fix(es):

foreman: Arbitrary code execution through templates. (CVE-2023-0118)
python-future: remote attackers can cause denial of service via crafted Set-Cookie header from malicious web server (CVE-2022-40899)

This update fixes the following bugs:

2159659 - CVE-2023-0118 foreman: Arbitrary code execution through templates [rhn_satellite_6.13]
2211954 - nalfassi@redhat.com Unable to enable callback plugin per-template
2218653 - Unable to enable any repository in network sync
2218659 - Can't rerun a failed content-import task if it was exported using chunks
2218660 - "Host-Registered Content Hosts" Report gives error while generating - undefined method `nvra' for nil:NilClass
2218661 - Yet another deadlock during Capsule sync, now when existing content changed
2218954 - satellite6-bugs@redhat.com [Regression] VMware Image-based and full host boot disk based Provisioning fails with error-: Could not find virtual machine network interface matching <IP>
2218955 - CVE-2022-40899 python-future: remote attackers can cause denial of service via crafted Set-Cookie header from malicious web server [rhn_satellite_6-default]
2218979 - Custom repo sync failed " Cannot open /var/lib/pulp/tmp/89726@satellite.example.com/tmpzmdau7qg/tmpy_kkhu3a: Cannot detect compression type"
2224023 - "undefined method `event' for nil:NilClass" in production.log when trying to remediate insights issues from CRC.
2218656 - satellite-maintain packages check-update fails when there are no packages to be updated.
2218657 - Should not be able to assign LE on the client profile which is not synced on the capsule server

Users of Red Hat Satellite are advised to upgrade to these updated
packages, which fix these bugs.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Satellite 6.13 x86_64
Red Hat Satellite Capsule 6.13 x86_64
Red Hat Enterprise Linux for x86_64 8 x86_64

Fixes

BZ - 2159291 - CVE-2023-0118 Foreman: Arbitrary code execution through templates
BZ - 2165866 - CVE-2022-40899 python-future: remote attackers can cause denial of service via crafted Set-Cookie header from malicious web server
BZ - 2211954 - Unable to enable callback plugin per-template
BZ - 2218653 - Unable to enable any repository in network sync
BZ - 2218656 - satellite-maintain packages check-update fails when there are no packages to be updated.
BZ - 2218657 - Should not be able to assign LE on the client profile which is not synced on the capsule server
BZ - 2218659 - Can't rerun a failed content-import task if it was exported using chunks
BZ - 2218660 - "Host-Registered Content Hosts" Report gives error while generating - undefined method `nvra' for nil:NilClass
BZ - 2218661 - Yet another deadlock during Capsule sync, now when existing content changed
BZ - 2218954 - [Regression] VMware Image-based and full host boot disk based Provisioning fails with error-: Could not find virtual machine network interface matching <IP>
BZ - 2218979 - Custom repo sync failed " Cannot open /var/lib/pulp/tmp/89726@satellite.example.com/tmpzmdau7qg/tmpy_kkhu3a: Cannot detect compression type"
BZ - 2224023 - "undefined method `event' for nil:NilClass" in production.log when trying to remediate insights issues from CRC.

CVEs

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Satellite 6.13

SRPM
foreman-3.5.1.19-1.el8sat.src.rpm	SHA-256: a5c024297bfc5dc0ff26a32a0b37b94b1ce99c5d045d6cf8eac2e57b4637f615
python-future-0.18.3-1.el8pc.src.rpm	SHA-256: 4446f118efd8daf7503bfdd5041c2b7c58226e05478d7520679adf0a20e10bcb
python-pulp-rpm-3.18.17-1.el8pc.src.rpm	SHA-256: 647f853d0107f0510ad53196d6f66a7a769f42a1ae2e960042510750540dfab0
python-pulpcore-3.21.9-1.el8pc.src.rpm	SHA-256: d4375f879fbc1696e70399b759b3fb7d0eb4d515ff3013dfaaf704dec2081e6c
rubygem-fog-vsphere-3.6.2-1.el8sat.src.rpm	SHA-256: e9a3d9bd619ca21c5d36d13221260a7caa221b9169da7dc2fc47fe4ad5ce2195
rubygem-foreman_ansible-10.4.3-1.el8sat.src.rpm	SHA-256: 4ad7354dc75bf49273a7bb9e7380b82a9174e44f9b6cf5b746124ff409a28430
rubygem-foreman_maintain-1.2.11-1.el8sat.src.rpm	SHA-256: 8dc4eb741e94ee8ba132e59425cf82809de4bdfd7b5c704682b682b70457a5dc
rubygem-hammer_cli_foreman_ansible-0.5.0-1.el8sat.src.rpm	SHA-256: 3e69003275f72ea090baa49c17bc8e112c69450d1f2371519cd2ffac6772508b
rubygem-katello-4.7.0.31-1.el8sat.src.rpm	SHA-256: 8096f5b0b5c5d5d01b8d53964e7cf99e31692d7a8fb5a8eb17c1408bdbccc223
rubygem-safemode-1.3.8-1.el8sat.src.rpm	SHA-256: 8848d88ff12c1122a7a2b63d95048f6252ce686f9431bbe9931a7a8c4771ebf5
satellite-6.13.3-1.el8sat.src.rpm	SHA-256: dd913ae94429cb7b3bb3f87c594e8984a18567ca4b15fd2f57adf07721b8b843
x86_64
foreman-3.5.1.19-1.el8sat.noarch.rpm	SHA-256: bf7cad08326baaefe9d57f2074a44c0988af602cea32ba2cfcacc64d4f13456f
foreman-cli-3.5.1.19-1.el8sat.noarch.rpm	SHA-256: 7fb8e7b68a455653e8688ddc0e9d9eb7fda9f2d1a9e96df2306b2e1d51fdade9
foreman-debug-3.5.1.19-1.el8sat.noarch.rpm	SHA-256: d4ea94de0145eac8b1de8fae92114b2e49d641653c8ba9d09205b1af2cc5f5ee
foreman-dynflow-sidekiq-3.5.1.19-1.el8sat.noarch.rpm	SHA-256: 2caa9d45e79bf9bacd31b71fde86b51fdcbbc7f4eeeb1b322e8868c307ecf1dd
foreman-ec2-3.5.1.19-1.el8sat.noarch.rpm	SHA-256: 188e4ea3dde44f169d7439d805628ee40b86c4913d092dcbc1049fa44c2bb836
foreman-journald-3.5.1.19-1.el8sat.noarch.rpm	SHA-256: 3dbe2edad0e16f353e2ee0fadef68d49da6a8f3576aa68b8efed8998795f8f8f
foreman-libvirt-3.5.1.19-1.el8sat.noarch.rpm	SHA-256: acea3c4957ccae83fedf08b5b89dbda6c18b132ae1af52eae01aec17c1f9fd6f
foreman-openstack-3.5.1.19-1.el8sat.noarch.rpm	SHA-256: f75352df2499a25ccc594429d19b71286636b6eb6148f32ef28ea2d9a0d9a744
foreman-ovirt-3.5.1.19-1.el8sat.noarch.rpm	SHA-256: 70173277eee54b09fb1b446340ed8e2bfe07e1ba0312a07e059b19ba9620d454
foreman-postgresql-3.5.1.19-1.el8sat.noarch.rpm	SHA-256: 0c6d867d45f2d77002fbee3f07e915818b889b69a3c2b693a6f8700639c5ba15
foreman-service-3.5.1.19-1.el8sat.noarch.rpm	SHA-256: ce0d2623caf69794d417910b8fdd4997081a79fdbfe308d2d3aa832920f4d350
foreman-telemetry-3.5.1.19-1.el8sat.noarch.rpm	SHA-256: 8475b99d8432188d3067a14c2436c06c34382247fa499d5af813e2e9a67b316c
foreman-vmware-3.5.1.19-1.el8sat.noarch.rpm	SHA-256: eaf545c1f1a99920df24a0d31f4eb9a6185abfe67ebf2483f12306ca37f505dd
python39-future-0.18.3-1.el8pc.noarch.rpm	SHA-256: f66fe6fa9545f5b4b1b7c7f456f812e942fdb621c1c9c61f12cbfbed16baecdb
python39-pulp-rpm-3.18.17-1.el8pc.noarch.rpm	SHA-256: a195c83c7d74b5b90c9b1792e5709f4ced8cee5da899af2cfe2d10eec4d5c9fa
python39-pulpcore-3.21.9-1.el8pc.noarch.rpm	SHA-256: fa7c51f31ecd3529c0bf79b01a7e3c0dc139986a6ceb3066b5b0b4e574df6d3d
rubygem-fog-vsphere-3.6.2-1.el8sat.noarch.rpm	SHA-256: 502b08443706bce4e30f44b8d642f4762cf08ff5c8ce2380d1b3277c1db2d08f
rubygem-foreman_ansible-10.4.3-1.el8sat.noarch.rpm	SHA-256: 27a50896de50ef72ef0ea029c0d8dee0e0e7debc91ccb0bd0ec7543dc4301703
rubygem-foreman_maintain-1.2.11-1.el8sat.noarch.rpm	SHA-256: 5173b2edaec1bd7ed9e6e131000b650f36bf3ba93681b036a0c4484c5826e84d
rubygem-hammer_cli_foreman_ansible-0.5.0-1.el8sat.noarch.rpm	SHA-256: b0cc4467fcca4f6e389289e3fa562d970603febc0bda98e2ed2c031460f1c22e
rubygem-katello-4.7.0.31-1.el8sat.noarch.rpm	SHA-256: 905da473bed31af7099d14b7d3679da7e6e7cbdbec68f52d78afb8e111111f8f
rubygem-safemode-1.3.8-1.el8sat.noarch.rpm	SHA-256: 423aed44c3ada5fa14161306afef1891a255576bd73f68122cbbd47f14cddfd5
satellite-6.13.3-1.el8sat.noarch.rpm	SHA-256: 29938dec6329ad0b9c9e55cab1e537007d88e1810efb149b8f1b5eee42e8dbad
satellite-cli-6.13.3-1.el8sat.noarch.rpm	SHA-256: 52856719fb6b3fdcf50c241b95f10acf4f4034cae623a0d2d05c77aa088b5eff
satellite-common-6.13.3-1.el8sat.noarch.rpm	SHA-256: be12ffd34513b533c1c418402ba1f1e34397e99f15da048932bb5b2e10953014

Red Hat Satellite Capsule 6.13

SRPM
foreman-3.5.1.19-1.el8sat.src.rpm	SHA-256: a5c024297bfc5dc0ff26a32a0b37b94b1ce99c5d045d6cf8eac2e57b4637f615
python-future-0.18.3-1.el8pc.src.rpm	SHA-256: 4446f118efd8daf7503bfdd5041c2b7c58226e05478d7520679adf0a20e10bcb
python-pulp-rpm-3.18.17-1.el8pc.src.rpm	SHA-256: 647f853d0107f0510ad53196d6f66a7a769f42a1ae2e960042510750540dfab0
python-pulpcore-3.21.9-1.el8pc.src.rpm	SHA-256: d4375f879fbc1696e70399b759b3fb7d0eb4d515ff3013dfaaf704dec2081e6c
rubygem-foreman_maintain-1.2.11-1.el8sat.src.rpm	SHA-256: 8dc4eb741e94ee8ba132e59425cf82809de4bdfd7b5c704682b682b70457a5dc
satellite-6.13.3-1.el8sat.src.rpm	SHA-256: dd913ae94429cb7b3bb3f87c594e8984a18567ca4b15fd2f57adf07721b8b843
x86_64
foreman-debug-3.5.1.19-1.el8sat.noarch.rpm	SHA-256: d4ea94de0145eac8b1de8fae92114b2e49d641653c8ba9d09205b1af2cc5f5ee
python39-future-0.18.3-1.el8pc.noarch.rpm	SHA-256: f66fe6fa9545f5b4b1b7c7f456f812e942fdb621c1c9c61f12cbfbed16baecdb
python39-pulp-rpm-3.18.17-1.el8pc.noarch.rpm	SHA-256: a195c83c7d74b5b90c9b1792e5709f4ced8cee5da899af2cfe2d10eec4d5c9fa
python39-pulpcore-3.21.9-1.el8pc.noarch.rpm	SHA-256: fa7c51f31ecd3529c0bf79b01a7e3c0dc139986a6ceb3066b5b0b4e574df6d3d
rubygem-foreman_maintain-1.2.11-1.el8sat.noarch.rpm	SHA-256: 5173b2edaec1bd7ed9e6e131000b650f36bf3ba93681b036a0c4484c5826e84d
satellite-capsule-6.13.3-1.el8sat.noarch.rpm	SHA-256: 48297538c94364149bd94a91a4ff909f528c58077d30963e5287fb0209fe08db
satellite-common-6.13.3-1.el8sat.noarch.rpm	SHA-256: be12ffd34513b533c1c418402ba1f1e34397e99f15da048932bb5b2e10953014

Red Hat Enterprise Linux for x86_64 8

SRPM
foreman-3.5.1.19-1.el8sat.src.rpm	SHA-256: a5c024297bfc5dc0ff26a32a0b37b94b1ce99c5d045d6cf8eac2e57b4637f615
rubygem-foreman_maintain-1.2.11-1.el8sat.src.rpm	SHA-256: 8dc4eb741e94ee8ba132e59425cf82809de4bdfd7b5c704682b682b70457a5dc
rubygem-hammer_cli_foreman_ansible-0.5.0-1.el8sat.src.rpm	SHA-256: 3e69003275f72ea090baa49c17bc8e112c69450d1f2371519cd2ffac6772508b
satellite-6.13.3-1.el8sat.src.rpm	SHA-256: dd913ae94429cb7b3bb3f87c594e8984a18567ca4b15fd2f57adf07721b8b843
x86_64
foreman-cli-3.5.1.19-1.el8sat.noarch.rpm	SHA-256: 7fb8e7b68a455653e8688ddc0e9d9eb7fda9f2d1a9e96df2306b2e1d51fdade9
rubygem-foreman_maintain-1.2.11-1.el8sat.noarch.rpm	SHA-256: 5173b2edaec1bd7ed9e6e131000b650f36bf3ba93681b036a0c4484c5826e84d
rubygem-hammer_cli_foreman_ansible-0.5.0-1.el8sat.noarch.rpm	SHA-256: b0cc4467fcca4f6e389289e3fa562d970603febc0bda98e2ed2c031460f1c22e
satellite-cli-6.13.3-1.el8sat.noarch.rpm	SHA-256: 52856719fb6b3fdcf50c241b95f10acf4f4034cae623a0d2d05c77aa088b5eff

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation