RLSA-2023:6818

Rocky Enterprise Software Foundation Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool.

Security Fix(es):

• golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)

• HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

• GitPython: Insecure non-multi options in clone and clone_from is not blocked (CVE-2023-40267)

• kubeclient: kubeconfig parsing error can lead to MITM attacks (CVE-2022-0759)

• foreman: OS command injection via ctcommand and fcctcommand (CVE-2022-3874)

• ruby-git: code injection vulnerability (CVE-2022-46648)

• ruby-git: code injection vulnerability (CVE-2022-47318)

• Foreman: Arbitrary code execution through templates (CVE-2023-0118)

• rubygem-activerecord: SQL Injection (CVE-2023-22794)

• openssl: c_rehash script allows command injection (CVE-2022-1292)

• openssl: the c_rehash script allows command injection (CVE-2022-2068)

• Pulp:Tokens stored in plaintext (CVE-2022-3644)

• satellite: Blind SSRF via Referer header (CVE-2022-4130)

• python-future: remote attackers can cause denial of service via crafted Set-Cookie header from malicious web server (CVE-2022-40899)

• golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)

• rubygem-activerecord: Denial of Service (CVE-2022-44566)

• rubygem-rack: denial of service in Content-Disposition parsing (CVE-2022-44570)

• rubygem-rack: denial of service in Content-Disposition parsing (CVE-2022-44571)

• rubygem-rack: denial of service in Content-Disposition parsing (CVE-2022-44572)

• Foreman: Stored cross-site scripting in host tab (CVE-2023-0119)

• puppet: Puppet Server ReDoS (CVE-2023-1894)

• rubygem-actionpack: Denial of Service in Action Dispatch (CVE-2023-22792)

• rubygem-actionpack: Denial of Service in Action Dispatch (CVE-2023-22795)

• rubygem-activesupport: Regular Expression Denial of Service (CVE-2023-22796)

• rubygem-globalid: ReDoS vulnerability (CVE-2023-22799)

• rubygem-rack: Denial of service in Multipart MIME parsing (CVE-2023-27530)

• rubygem-rack: denial of service in header parsing (CVE-2023-27539)

• golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)

• sqlparse: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) (CVE-2023-30608)

• python-django: Potential bypass of validation when uploading multiple files using one form field (CVE-2023-31047)

• python-requests: Unintended leak of Proxy-Authorization header (CVE-2023-32681)

• python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator (CVE-2023-36053)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.