-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Satellite 6.9.10 Async Security Update Advisory ID: RHSA-2022:8532-01 Product: Red Hat Satellite 6 Advisory URL: https://access.redhat.com/errata/RHSA-2022:8532 Issue date: 2022-11-17 CVE Names: CVE-2022-24790 ==================================================================== 1. Summary: Updated Satellite 6.9 packages that fix several bugs are now available for Red Hat Satellite. 2. Relevant releases/architectures: Red Hat Satellite 6.9 - noarch, x86_64 Red Hat Satellite Capsule 6.9 - noarch 3. Description: Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments. Security Fix(es): * tfm-rubygem-puma: http request smuggling vulnerabilities (CVE-2022-24790) This update fixes the following bugs: * 2038995: When executing the content migration (pre-upgrade process), there is a PG query created by pulp that will be sitting forever * 2074099: The errata migration continues to fail with "pymongo.errors.DocumentTooLarge: BSON document too large" error even after upgrading to Satellite 6.9.8 * 2081560: ForeignKeyViolation Error with docker_meta_tags * 2091438: Use of content.count() in app/models/repository.py seems to hit an error * 2093829: 'foreman-maintain content migration-stats' command stucks and consume all memory * 2098221: Pulp 3 migration stats timing is too low for very large deployments * 2141348: It appears that the egg is downloaded every time Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For detailed instructions how to apply this update, refer to: https://access.redhat.com/documentation/en-us/red_hat_satellite/6.9/html/upgrading_and_updating_red_hat_satellite/updating_satellite_server_capsule_server_and_content_hosts 5. Bugs fixed (https://bugzilla.redhat.com/): 2038995 - When executing the content migration (pre-upgrade process), there is a PG query created by pulp that will be sitting forever 2071616 - CVE-2022-24790 puma-5.6.4: http request smuggling vulnerabilities 2074099 - The errata migration continues to fail with "pymongo.errors.DocumentTooLarge: BSON document too large" error even after upgrading to Satellite 6.9.8 2081560 - ForeignKeyViolation Error with docker_meta_tags 2091438 - Use of content.count() in app/models/repository.py seems to hit an error 2093829 - 'foreman-maintain content migration-stats' command stucks and consume all memory 2098221 - Pulp 3 migration stats timing is too low for very large deployments 2141348 - It appears that the egg is downloaded every time 6. Package List: Red Hat Satellite Capsule 6.9: Source: satellite-6.9.10-1.el7sat.src.rpm noarch: satellite-capsule-6.9.10-1.el7sat.noarch.rpm satellite-common-6.9.10-1.el7sat.noarch.rpm satellite-debug-tools-6.9.10-1.el7sat.noarch.rpm Red Hat Satellite 6.9: Source: python-pulp_2to3_migration-0.11.13-1.el7pc.src.rpm satellite-6.9.10-1.el7sat.src.rpm tfm-rubygem-foreman_rh_cloud-3.0.33-1.el7sat.src.rpm tfm-rubygem-katello-3.18.1.55-1.el7sat.src.rpm tfm-rubygem-puma-4.3.12-1.el7sat.src.rpm noarch: python3-pulp-2to3-migration-0.11.13-1.el7pc.noarch.rpm satellite-6.9.10-1.el7sat.noarch.rpm satellite-cli-6.9.10-1.el7sat.noarch.rpm satellite-common-6.9.10-1.el7sat.noarch.rpm satellite-debug-tools-6.9.10-1.el7sat.noarch.rpm tfm-rubygem-foreman_rh_cloud-3.0.33-1.el7sat.noarch.rpm tfm-rubygem-katello-3.18.1.55-1.el7sat.noarch.rpm x86_64: tfm-rubygem-puma-4.3.12-1.el7sat.x86_64.rpm tfm-rubygem-puma-debuginfo-4.3.12-1.el7sat.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-24790 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY3aDpNzjgjWX9erEAQh5qw//XyXQueL3qCJaA4h5P39/r0YSv2oUudA5 qaP2jY631WKiXnBzRJ5oCV90Jp29gLP24KZizSgrvAojMwbQaX2nyZHY/SUdw+bs 9KrPdRCS/nV4zii3n18QZ/XmNQKFh/opjiZf4MupNvH6cA4+4ejVzrX3q2+0JfER FDpT1rOQnQnnxB+2hCjtMlbbbY+wRwYLzRhcjKGGTl1S7RgorTPk0aFo+0yXcw8n /AQ7F1wxviEPwkMX1dEMXN7ZSFT1AaU9j9oSrJfSLToW5gj6/4+AEoQ7QSVUNSms pbtJLU80wi/NNgrRLFKPZw7ejOpwd2TIztN2ZVLprvozrg7JOE62vHa9tgzha01J UI8LwuUGtwGQb5ko1OATuodNolHryiCLZJKR1yU4FfuL5Xsva5HSkt9LhgTNa2FP ZL09nuXve0VpeEVHJ98g6CHCtJFl+R7p1Kqj42d8ppe57fc0Qqm0bFZrBQfby/sy fdOtnOit3L88D/Tzhd33T3xanUkWHBOc0INPcYPE3i8Qpc3OQ9skGpRmqDITAWle 7aiBFtP8bw+ga7Svd4wjJ+tZUyLkNEgNXgu8e0ixFXCpLPymhcLtk0fDLROdkKP1 YgENTiOXwf15SA9h/KK+gTXVn1GfHaxfTsUSqxncglRowXmN8boJiF4tjkK4n29F NNhbVvxrXcM=8/Hz -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce