exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2023-7851-03

Red Hat Security Advisory 2023-7851-03
Posted Dec 15, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7851-03 - Updated Satellite 6.14 packages that fixes Important security bugs and several regular bugs are now available for Red Hat Satellite. Issues addressed include cross site scripting and local file inclusion vulnerabilities.

tags | advisory, local, vulnerability, xss, file inclusion
systems | linux, redhat
advisories | CVE-2023-4886
SHA-256 | 5936a03da5b97212f5fb9b6747bf8731fbb23f1c33b0483d107dfa2b817abdfb

Red Hat Security Advisory 2023-7851-03

Change Mirror Download


The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7851.json

Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff




====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Satellite 6.14.1 Async Security Update
Advisory ID: RHSA-2023:7851-03
Product: Red Hat Satellite 6
Advisory URL: https://access.redhat.com/errata/RHSA-2023:7851
Issue date: 2023-12-14
Revision: 03
CVE Names: CVE-2023-4886
====================================================================

Summary:

Updated Satellite 6.14 packages that fixes Important security bugs and several
regular bugs are now available for Red Hat Satellite.




Description:

Red Hat Satellite is a system management solution that allows organizations
to configure and maintain their systems without the necessity to provide
public Internet access to their servers or other client systems. It
performs provisioning and configuration management of predefined standard
operating environments.

Security fix(es):

* rubygem-actionpack: actionpack: Possible XSS via User Supplied Values to redirect_to [rhn_satellite_6.14] (CVE-2023-28362)

* foreman: World readable file containing secrets [rhn_satellite_6.14] (CVE-2023-4886)

* python-urllib3: urllib3: Request body not stripped after redirect from 303 status changes request method to GET [rhn_satellite_6-default] (CVE-2023-45803 )

* python-gitpython: GitPython: Blind local file inclusion [rhn_satellite_6-default] (CVE-2023-41040)

This update fixes the following bugs:

2250342 - REX job finished with exit code 0 but the script failed on client side due to no space.
2250343 - Selinux denials are reported after following \"Chapter 13. Managing Custom File Type Content\" chapter step by step
2250344 - Long running postgres threads during content-export
2250345 - Upgrade django-import-export package to at least 3.1.0
2250349 - After upstream repo switched to zst compression, Satellite 6.12.5.1 unable to sync
2250350 - Slow generate applicability for Hosts with multiple modulestreams installed
2250352 - Recalculate button for Errata is not available on Satellite 6.13/ Satellite 6.14 if no errata is present
2250351 - Actions::ForemanLeapp::PreupgradeJob fails with null value in column \"preupgrade_report_id\" violates not-null constraint when run with non-admin user
2251799 - REX Template for 'convert2rhel analyze' command
2254085 - Getting '/usr/sbin/foreman-rake db:migrate' returned 1 instead of one of [0] ERROR while trying to upgrade Satellite 6.13 to 6.14
2254080 - satellite-convert2rhel-toolkit rpm v1.0.0 in 6.14.z

Users of Red Hat Satellite are advised to upgrade to these updated
packages, which fix these bugs.


Solution:

https://access.redhat.com/articles/11258



CVEs:

CVE-2023-4886

References:

https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_red_hat_satellite_to_6.14/index
https://bugzilla.redhat.com/show_bug.cgi?id=2217785
https://bugzilla.redhat.com/show_bug.cgi?id=2230135
https://bugzilla.redhat.com/show_bug.cgi?id=2246840
https://bugzilla.redhat.com/show_bug.cgi?id=2247040
https://bugzilla.redhat.com/show_bug.cgi?id=2250342
https://bugzilla.redhat.com/show_bug.cgi?id=2250343
https://bugzilla.redhat.com/show_bug.cgi?id=2250344
https://bugzilla.redhat.com/show_bug.cgi?id=2250345
https://bugzilla.redhat.com/show_bug.cgi?id=2250349
https://bugzilla.redhat.com/show_bug.cgi?id=2250350
https://bugzilla.redhat.com/show_bug.cgi?id=2250351
https://bugzilla.redhat.com/show_bug.cgi?id=2250352
https://bugzilla.redhat.com/show_bug.cgi?id=2251799
https://bugzilla.redhat.com/show_bug.cgi?id=2254080
https://bugzilla.redhat.com/show_bug.cgi?id=2254085

Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close