- Vulnerability/
- RHSA-2023:0261
RHSA-2023:0261: Critical: Satellite 6.12.1 Async Security Update
First published: Wed Jan 18 2023(Updated: )
Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.<br>Security fix(es):<br>tfm-rubygem-activerecord: activerecord: Possible RCE escalation bug with Serialized Columns in Active Record (CVE-2022-32224)<br>candlepin: apache-commons-text: variable interpolation RCE (CVE-2022-42889)<br>This update fixes the following bugs:<br>2082209 - Another deadlock issue when syncing repos with high concurrency<br>2141308 - It appears that the egg is downloaded every time<br>2150069 - With every edit of an exising webhook, the value in password field disappears in Satellite 6.10/6.11/6.12<br>2150108 - Satellite-clone not working if ansible-core 2.13 is installed<br>2150111 - Insights recommendation sync failing in Satelliite<br>2150112 - Random failure of Inventory Sync<br>2150114 - Insights-client --register --verbose throwing error UnicodeEncodeError: 'ascii' codec can't encode character '\ufffd' in position 94: ordinal not in range(128)<br>2150118 - Error "no certificate or crl found" when using a http proxy as "Default Http Proxy" for content syncing or manifest operations in Satellite 6.12<br>2150119 - Content view publish fails when the content view and repository both have a large name with : Error message: the server returns an error HTTP status code: 500<br>2150123 = Inspecting an image with skopeo no longer works on Capsules<br>2150125 - Syncable exports across partitions causes ' Invalid cross-device link' error <br>2150120 - Upgrade to Satellite 6.12 may fail to apply RemoveDrpmFromIgnorableContent migration if erratum is also a ignorable content type for any repo <br>Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/candlepin | <4.1.18-1.el8 | 4.1.18-1.el8 |
| redhat/foreman | <3.3.0.18-1.el8 | 3.3.0.18-1.el8 |
| redhat/python-pulp-container | <2.10.10-1.el8 | 2.10.10-1.el8 |
| redhat/python-pulp-rpm | <3.18.9-1.el8 | 3.18.9-1.el8 |
| redhat/python-pulpcore | <3.18.11-1.el8 | 3.18.11-1.el8 |
| redhat/rubygem-actioncable | <6.0.6-2.el8 | 6.0.6-2.el8 |
| redhat/rubygem-actionmailbox | <6.0.6-2.el8 | 6.0.6-2.el8 |
| redhat/rubygem-actionmailer | <6.0.6-2.el8 | 6.0.6-2.el8 |
| redhat/rubygem-actionpack | <6.0.6-2.el8 | 6.0.6-2.el8 |
| redhat/rubygem-actiontext | <6.0.6-2.el8 | 6.0.6-2.el8 |
| redhat/rubygem-actionview | <6.0.6-2.el8 | 6.0.6-2.el8 |
| redhat/rubygem-activejob | <6.0.6-2.el8 | 6.0.6-2.el8 |
| redhat/rubygem-activemodel | <6.0.6-2.el8 | 6.0.6-2.el8 |
| redhat/rubygem-activerecord | <6.0.6-2.el8 | 6.0.6-2.el8 |
| redhat/rubygem-activestorage | <6.0.6-2.el8 | 6.0.6-2.el8 |
| redhat/rubygem-activesupport | <6.0.6-1.el8 | 6.0.6-1.el8 |
| redhat/rubygem-katello | <4.5.0.22-1.el8 | 4.5.0.22-1.el8 |
| redhat/rubygem-rails | <6.0.6-2.el8 | 6.0.6-2.el8 |
| redhat/rubygem-railties | <6.0.6-2.el8 | 6.0.6-2.el8 |
| redhat/satellite | <6.12.1-1.el8 | 6.12.1-1.el8 |
| redhat/candlepin-selinux | <4.1.18-1.el8 | 4.1.18-1.el8 |
| redhat/foreman-cli | <3.3.0.18-1.el8 | 3.3.0.18-1.el8 |
| redhat/foreman-debug | <3.3.0.18-1.el8 | 3.3.0.18-1.el8 |
| redhat/foreman-dynflow-sidekiq | <3.3.0.18-1.el8 | 3.3.0.18-1.el8 |
| redhat/foreman-ec2 | <3.3.0.18-1.el8 | 3.3.0.18-1.el8 |
| redhat/foreman-gce | <3.3.0.18-1.el8 | 3.3.0.18-1.el8 |
| redhat/foreman-journald | <3.3.0.18-1.el8 | 3.3.0.18-1.el8 |
| redhat/foreman-libvirt | <3.3.0.18-1.el8 | 3.3.0.18-1.el8 |
| redhat/foreman-openstack | <3.3.0.18-1.el8 | 3.3.0.18-1.el8 |
| redhat/foreman-ovirt | <3.3.0.18-1.el8 | 3.3.0.18-1.el8 |
| redhat/foreman-postgresql | <3.3.0.18-1.el8 | 3.3.0.18-1.el8 |
| redhat/foreman-service | <3.3.0.18-1.el8 | 3.3.0.18-1.el8 |
| redhat/foreman-telemetry | <3.3.0.18-1.el8 | 3.3.0.18-1.el8 |
| redhat/foreman-vmware | <3.3.0.18-1.el8 | 3.3.0.18-1.el8 |
| redhat/python39-pulp-container | <2.10.10-1.el8 | 2.10.10-1.el8 |
| redhat/python39-pulp-rpm | <3.18.9-1.el8 | 3.18.9-1.el8 |
| redhat/python39-pulpcore | <3.18.11-1.el8 | 3.18.11-1.el8 |
| redhat/satellite-cli | <6.12.1-1.el8 | 6.12.1-1.el8 |
| redhat/satellite-common | <6.12.1-1.el8 | 6.12.1-1.el8 |
| redhat/satellite-capsule | <6.12.1-1.el8 | 6.12.1-1.el8 |
| redhat/satellite-clone | <3.2.0-2.el8 | 3.2.0-2.el8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=2082209
- https://bugzilla.redhat.com/show_bug.cgi?id=2108997
- https://bugzilla.redhat.com/show_bug.cgi?id=2135435
- https://bugzilla.redhat.com/show_bug.cgi?id=2141308
- https://bugzilla.redhat.com/show_bug.cgi?id=2150069
- https://bugzilla.redhat.com/show_bug.cgi?id=2150108
- https://bugzilla.redhat.com/show_bug.cgi?id=2150111
- https://bugzilla.redhat.com/show_bug.cgi?id=2150112
- https://bugzilla.redhat.com/show_bug.cgi?id=2150114
- https://bugzilla.redhat.com/show_bug.cgi?id=2150118
- https://bugzilla.redhat.com/show_bug.cgi?id=2150119
- https://bugzilla.redhat.com/show_bug.cgi?id=2150120
- https://bugzilla.redhat.com/show_bug.cgi?id=2150123
- https://bugzilla.redhat.com/show_bug.cgi?id=2150125
- https://access.redhat.com/security/updates/classification/#critical
- https://access.redhat.com/errata/RHSA-2023:0261 (Advisory)
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2023:0261
- agent/software-canonical-lookup
- package-manager/redhat