Advisory Published

RHSA-2023:1630: Important: Satellite 6.12.3 Async Security Update

First published: Tue Apr 04 2023(Updated: )

Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.<br>Security fix(es):<br><li> Candlepin: PreparedStatement.setText(int, InputStream) will create a temporary file if the InputStream is larger than 2k (CVE-2022-41946) </li> This update fixes the following bugs:<br>2163538 - Pages Blank<br>2174984 - Getting 'null value in column \"image_manifest_id\" violates not-null constraint' when syncing openstack container repos<br>2174987 - (Regression of 2033940) Error: AttributeError: 'NoneType' object has no attribute 'cast' thrown while listing repository versions<br>2174994 - VMware Image based Provisioning fails with error- : Could not find virtual machine network interface matching &lt;IP&gt;<br>2174997 - Package and Errata actions on content hosts selected using the "select all hosts" option fails.<br>2174998 - Subscription can't be blank, A Pool and its Subscription cannot belong to different organizations<br>2175002 - Getting "undefined method `schema_version' for nil:NilClass" while syncing from quay.io<br>2175005 - New kickstart_kernel_options snippet breaks UEFI (Grub2) PXE provisioning when boot_mode is static<br>2175008 - RHEL 9 as Guest OS is not available on Satellite 6.11 <br>2174995 - Health check should use hostname -f<br>2175007 - [regression] data.yml is referring to old sync plain id which does not exist in katello_sync_plans<br>2176272 - new wait task introduced by rh_cloud 6.0.44 is not recognized by maintain as OK to interrupt <br>2175010 - Some custom repositories are failing to synchorize with error "This field may not be blank" after upgrading to Red Hat Satellite 6.11<br>2176922 - [RFE] Need syncable yum-format repository imports <br>2175003 - Can't perform incremental content exports in syncable format <br>Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.

Affected SoftwareAffected VersionHow to fix
redhat/candlepin<4.1.20-1.el8
4.1.20-1.el8
redhat/foreman<3.3.0.21-2.el8
3.3.0.21-2.el8
redhat/python-django<3.2.16-1.el8
3.2.16-1.el8
redhat/python-pulp-container<2.10.12-1.el8
2.10.12-1.el8
redhat/python-pulpcore<3.18.16-1.el8
3.18.16-1.el8
redhat/rubygem-fog-vsphere<3.6.0-1.el8
3.6.0-1.el8
redhat/rubygem-katello<4.5.0.32-1.el8
4.5.0.32-1.el8
redhat/rubygem-optimist<3.0.1-1.el8
3.0.1-1.el8
redhat/rubygem-rbvmomi2<3.6.0-2.el8
3.6.0-2.el8
redhat/satellite<6.12.3-1.el8
6.12.3-1.el8
redhat/candlepin-selinux<4.1.20-1.el8
4.1.20-1.el8
redhat/foreman-cli<3.3.0.21-2.el8
3.3.0.21-2.el8
redhat/foreman-debug<3.3.0.21-2.el8
3.3.0.21-2.el8
redhat/foreman-dynflow-sidekiq<3.3.0.21-2.el8
3.3.0.21-2.el8
redhat/foreman-ec2<3.3.0.21-2.el8
3.3.0.21-2.el8
redhat/foreman-gce<3.3.0.21-2.el8
3.3.0.21-2.el8
redhat/foreman-journald<3.3.0.21-2.el8
3.3.0.21-2.el8
redhat/foreman-libvirt<3.3.0.21-2.el8
3.3.0.21-2.el8
redhat/foreman-openstack<3.3.0.21-2.el8
3.3.0.21-2.el8
redhat/foreman-ovirt<3.3.0.21-2.el8
3.3.0.21-2.el8
redhat/foreman-postgresql<3.3.0.21-2.el8
3.3.0.21-2.el8
redhat/foreman-service<3.3.0.21-2.el8
3.3.0.21-2.el8
redhat/foreman-telemetry<3.3.0.21-2.el8
3.3.0.21-2.el8
redhat/foreman-vmware<3.3.0.21-2.el8
3.3.0.21-2.el8
redhat/python39-django<3.2.16-1.el8
3.2.16-1.el8
redhat/python39-pulp-container<2.10.12-1.el8
2.10.12-1.el8
redhat/python39-pulpcore<3.18.16-1.el8
3.18.16-1.el8
redhat/satellite-cli<6.12.3-1.el8
6.12.3-1.el8
redhat/satellite-common<6.12.3-1.el8
6.12.3-1.el8
redhat/satellite-capsule<6.12.3-1.el8
6.12.3-1.el8

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of RHSA-2023:1630?

    The severity of RHSA-2023:1630 is classified as important.

  • How do I fix RHSA-2023:1630?

    To fix RHSA-2023:1630, update the affected packages to their recommended versions provided in the advisory.

  • Which packages are affected by RHSA-2023:1630?

    RHSA-2023:1630 affects several packages including candlepin, foreman, python-django, and satellite among others.

  • Is RHSA-2023:1630 a critical vulnerability?

    No, RHSA-2023:1630 is categorized as important but not critical.

  • When was the RHSA-2023:1630 advisory released?

    The RHSA-2023:1630 advisory was released in 2023, specifically the details can be found in Red Hat's official advisory.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203