RHEL 7 : Satellite 6.10 Release (Moderate) (RHSA-2021:4702)

critical Nessus Plugin ID 155377

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4702 advisory.

Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool.

Security Fix(es):
* python-ecdsa: Unexpected and undocumented exceptions during signature decoding (CVE-2019-14853)
* python-ecdsa: DER encoding is not being verified in signatures (CVE-2019-14859)
* rubygem-activerecord-session_store: hijack sessions by using timing attacks targeting the session id (CVE-2019-25025)
* rake: OS Command Injection via egrep in Rake::FileList (CVE-2020-8130)
* candlepin: guava - local information disclosure via temporary directory created with unsafe permissions (CVE-2020-8908)
* PyYAML: incomplete fix for CVE-2020-1747 (CVE-2020-14343)
* tfm-rubygem-nokogiri: XML external entity injection via Nokogiri::XML::Schema (CVE-2020-26247)
* tfm-rubygem-foreman_azure_rm: Azure compute resource secret_key leak to authenticated users (CVE-2021-3413)
* foreman: possible man-in-the-middle in smart_proxy realm_freeipa (CVE-2021-3494)
* foreman: BMC controller credential leak via API (CVE-2021-20256)
* python-aiohttp: Open redirect in aiohttp.web_middlewares.normalize_path_middleware (CVE-2021-21330)
* rubygem-actionpack: Possible Information Disclosure / Unintended Method Execution in Action Pack (CVE-2021-22885)
* tfm-rubygem-actionpack: rails: Possible Denial of Service vulnerability in Action Dispatch (CVE-2021-22902)
* tfm-rubygem-actionpack: Possible DoS Vulnerability in Action Controller Token Authentication (CVE-2021-22904)
* python-django: potential directory-traversal via uploaded files (CVE-2021-28658)
* tfm-rubygem-puma: incomplete fix for CVE-2019-16770 allows Denial of Service (DoS) (CVE-2021-29509)
* python-django: Potential directory-traversal via uploaded files (CVE-2021-31542)
* tfm-rubygem-addressable: ReDoS in templates (CVE-2021-32740)
* python-django: Potential directory traversal via ``admindocs`` (CVE-2021-33203)
* python-urllib3: ReDoS in the parsing of authority part of URL (CVE-2021-33503)
* python-django: Possible indeterminate SSRF, RFI, and LFI attacks since validators accepted leading zeros in IPv4 addresses (CVE-2021-33571)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

* Updated Content Management backend with Pulp 3 for increased performance, scale and reliability. MongoDB is also removed from Satellite
* Adds support for Azure GovCloud
* Provides Satellite 6.10 Server support for Satellite 6.9 Capsules
* Improves support for Satellite Air Gapped and Disconnected environments
* Adds Ansible Collections content type to support disconnected environments
* Foreman_webhooks introduced to replace foreman_hooks
* Introduces UI to manage Personal Access Tokens
* Adds ability to configure Pulp repository synchronization timeouts
* Support for Convert2RHEL
* Provides advanced options when registering a host
* Supports remediation playbook signatures from console.redhat.com
* Red Hat Insights Plugin replaced through new integration within Satellite
* Ability to visually represent systems registered and in sync with Insights
* Ability to verify if required packages are installed as part of pre-upgrade check
* Ability to unset environment variables when installer is running
* Ability to turn backups on and off when cleaning up tasks from database

The items above are not a complete list of changes. This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?c3875c4e

https://access.redhat.com/security/updates/classification/#moderate

https://access.redhat.com/errata/RHSA-2021:4702

https://bugzilla.redhat.com/show_bug.cgi?id=1299602

https://bugzilla.redhat.com/show_bug.cgi?id=1334989

https://bugzilla.redhat.com/show_bug.cgi?id=1392063

https://bugzilla.redhat.com/show_bug.cgi?id=1417752

https://bugzilla.redhat.com/show_bug.cgi?id=1437586

https://bugzilla.redhat.com/show_bug.cgi?id=1548966

https://bugzilla.redhat.com/show_bug.cgi?id=1566630

https://bugzilla.redhat.com/show_bug.cgi?id=1573241

https://bugzilla.redhat.com/show_bug.cgi?id=1583209

https://bugzilla.redhat.com/show_bug.cgi?id=1605147

https://bugzilla.redhat.com/show_bug.cgi?id=1611621

https://bugzilla.redhat.com/show_bug.cgi?id=1615015

https://bugzilla.redhat.com/show_bug.cgi?id=1632961

https://bugzilla.redhat.com/show_bug.cgi?id=1636403

https://bugzilla.redhat.com/show_bug.cgi?id=1636426

https://bugzilla.redhat.com/show_bug.cgi?id=1649011

https://bugzilla.redhat.com/show_bug.cgi?id=1654801

https://bugzilla.redhat.com/show_bug.cgi?id=1655245

https://bugzilla.redhat.com/show_bug.cgi?id=1656127

https://bugzilla.redhat.com/show_bug.cgi?id=1663340

https://bugzilla.redhat.com/show_bug.cgi?id=1664120

https://bugzilla.redhat.com/show_bug.cgi?id=1668374

https://bugzilla.redhat.com/show_bug.cgi?id=1685738

https://bugzilla.redhat.com/show_bug.cgi?id=1691490

https://bugzilla.redhat.com/show_bug.cgi?id=1701541

https://bugzilla.redhat.com/show_bug.cgi?id=1703951

https://bugzilla.redhat.com/show_bug.cgi?id=1716314

https://bugzilla.redhat.com/show_bug.cgi?id=1719661

https://bugzilla.redhat.com/show_bug.cgi?id=1720664

https://bugzilla.redhat.com/show_bug.cgi?id=1721320

https://bugzilla.redhat.com/show_bug.cgi?id=1729029

https://bugzilla.redhat.com/show_bug.cgi?id=1729843

https://bugzilla.redhat.com/show_bug.cgi?id=1731987

https://bugzilla.redhat.com/show_bug.cgi?id=1760843

https://bugzilla.redhat.com/show_bug.cgi?id=1767455

https://bugzilla.redhat.com/show_bug.cgi?id=1771231

https://bugzilla.redhat.com/show_bug.cgi?id=1775784

https://bugzilla.redhat.com/show_bug.cgi?id=1777420

https://bugzilla.redhat.com/show_bug.cgi?id=1784552

https://bugzilla.redhat.com/show_bug.cgi?id=1794753

https://bugzilla.redhat.com/show_bug.cgi?id=1796770

https://bugzilla.redhat.com/show_bug.cgi?id=1798686

https://bugzilla.redhat.com/show_bug.cgi?id=1804161

https://bugzilla.redhat.com/show_bug.cgi?id=1804620

https://bugzilla.redhat.com/show_bug.cgi?id=1807677

https://bugzilla.redhat.com/show_bug.cgi?id=1808368

https://bugzilla.redhat.com/show_bug.cgi?id=1732038

https://bugzilla.redhat.com/show_bug.cgi?id=1732505

https://bugzilla.redhat.com/show_bug.cgi?id=1732522

https://bugzilla.redhat.com/show_bug.cgi?id=1737536

https://bugzilla.redhat.com/show_bug.cgi?id=1744931

https://bugzilla.redhat.com/show_bug.cgi?id=1747748

https://bugzilla.redhat.com/show_bug.cgi?id=1747751

https://bugzilla.redhat.com/show_bug.cgi?id=1758704

https://bugzilla.redhat.com/show_bug.cgi?id=1759111

https://bugzilla.redhat.com/show_bug.cgi?id=1805654

https://bugzilla.redhat.com/show_bug.cgi?id=1806459

https://bugzilla.redhat.com/show_bug.cgi?id=1806461

https://bugzilla.redhat.com/show_bug.cgi?id=1806462

https://bugzilla.redhat.com/show_bug.cgi?id=1817176

https://bugzilla.redhat.com/show_bug.cgi?id=1810600

https://bugzilla.redhat.com/show_bug.cgi?id=1814226

https://bugzilla.redhat.com/show_bug.cgi?id=1816270

https://bugzilla.redhat.com/show_bug.cgi?id=1906919

https://bugzilla.redhat.com/show_bug.cgi?id=1908101

https://bugzilla.redhat.com/show_bug.cgi?id=1910314

https://bugzilla.redhat.com/show_bug.cgi?id=1912451

https://bugzilla.redhat.com/show_bug.cgi?id=1912487

https://bugzilla.redhat.com/show_bug.cgi?id=1912589

https://bugzilla.redhat.com/show_bug.cgi?id=1913311

https://bugzilla.redhat.com/show_bug.cgi?id=1914200

https://bugzilla.redhat.com/show_bug.cgi?id=1914902

https://bugzilla.redhat.com/show_bug.cgi?id=1919922

https://bugzilla.redhat.com/show_bug.cgi?id=1919976

https://bugzilla.redhat.com/show_bug.cgi?id=1920005

https://bugzilla.redhat.com/show_bug.cgi?id=1920036

https://bugzilla.redhat.com/show_bug.cgi?id=1920072

https://bugzilla.redhat.com/show_bug.cgi?id=1921095

https://bugzilla.redhat.com/show_bug.cgi?id=1921453

https://bugzilla.redhat.com/show_bug.cgi?id=1921461

https://bugzilla.redhat.com/show_bug.cgi?id=1921522

https://bugzilla.redhat.com/show_bug.cgi?id=1923030

https://bugzilla.redhat.com/show_bug.cgi?id=1923320

https://bugzilla.redhat.com/show_bug.cgi?id=1924255

https://bugzilla.redhat.com/show_bug.cgi?id=1924599

https://bugzilla.redhat.com/show_bug.cgi?id=1928479

https://bugzilla.redhat.com/show_bug.cgi?id=1929217

https://bugzilla.redhat.com/show_bug.cgi?id=1929361

https://bugzilla.redhat.com/show_bug.cgi?id=1929694

https://bugzilla.redhat.com/show_bug.cgi?id=1929818

https://bugzilla.redhat.com/show_bug.cgi?id=1930352

https://bugzilla.redhat.com/show_bug.cgi?id=1930740

https://bugzilla.redhat.com/show_bug.cgi?id=1930926

https://bugzilla.redhat.com/show_bug.cgi?id=1931316

https://bugzilla.redhat.com/show_bug.cgi?id=1931392

https://bugzilla.redhat.com/show_bug.cgi?id=1931996

https://bugzilla.redhat.com/show_bug.cgi?id=1932369

https://bugzilla.redhat.com/show_bug.cgi?id=1940857

https://bugzilla.redhat.com/show_bug.cgi?id=1941096

https://bugzilla.redhat.com/show_bug.cgi?id=1941443

https://bugzilla.redhat.com/show_bug.cgi?id=1941640

https://bugzilla.redhat.com/show_bug.cgi?id=1941997

https://bugzilla.redhat.com/show_bug.cgi?id=1944322

https://bugzilla.redhat.com/show_bug.cgi?id=1944708

https://bugzilla.redhat.com/show_bug.cgi?id=1944733

https://bugzilla.redhat.com/show_bug.cgi?id=1944801

https://bugzilla.redhat.com/show_bug.cgi?id=1947867

https://bugzilla.redhat.com/show_bug.cgi?id=1948005

https://bugzilla.redhat.com/show_bug.cgi?id=1948258

https://bugzilla.redhat.com/show_bug.cgi?id=1950722

https://bugzilla.redhat.com/show_bug.cgi?id=1951102

https://bugzilla.redhat.com/show_bug.cgi?id=1951878

https://bugzilla.redhat.com/show_bug.cgi?id=1952346

https://bugzilla.redhat.com/show_bug.cgi?id=1952962

https://bugzilla.redhat.com/show_bug.cgi?id=1953279

https://bugzilla.redhat.com/show_bug.cgi?id=1953845

https://bugzilla.redhat.com/show_bug.cgi?id=1954021

https://bugzilla.redhat.com/show_bug.cgi?id=1957441

https://bugzilla.redhat.com/show_bug.cgi?id=1957588

https://bugzilla.redhat.com/show_bug.cgi?id=1958415

https://bugzilla.redhat.com/show_bug.cgi?id=1959393

https://bugzilla.redhat.com/show_bug.cgi?id=1959555

https://bugzilla.redhat.com/show_bug.cgi?id=1961379

https://bugzilla.redhat.com/show_bug.cgi?id=1962048

https://bugzilla.redhat.com/show_bug.cgi?id=1962119

https://bugzilla.redhat.com/show_bug.cgi?id=1962132

https://bugzilla.redhat.com/show_bug.cgi?id=1962834

https://bugzilla.redhat.com/show_bug.cgi?id=1962835

https://bugzilla.redhat.com/show_bug.cgi?id=1962863

https://bugzilla.redhat.com/show_bug.cgi?id=1962930

https://bugzilla.redhat.com/show_bug.cgi?id=1962931

https://bugzilla.redhat.com/show_bug.cgi?id=1962932

https://bugzilla.redhat.com/show_bug.cgi?id=1962947

https://bugzilla.redhat.com/show_bug.cgi?id=1962961

https://bugzilla.redhat.com/show_bug.cgi?id=1964234

https://bugzilla.redhat.com/show_bug.cgi?id=1964874

https://bugzilla.redhat.com/show_bug.cgi?id=1965942

https://bugzilla.redhat.com/show_bug.cgi?id=1966251

https://bugzilla.redhat.com/show_bug.cgi?id=1966253

https://bugzilla.redhat.com/show_bug.cgi?id=1966435

https://bugzilla.redhat.com/show_bug.cgi?id=1966527

https://bugzilla.redhat.com/show_bug.cgi?id=1966554

https://bugzilla.redhat.com/show_bug.cgi?id=1966626

https://bugzilla.redhat.com/show_bug.cgi?id=1966868

https://bugzilla.redhat.com/show_bug.cgi?id=1966897

https://bugzilla.redhat.com/show_bug.cgi?id=1966942

https://bugzilla.redhat.com/show_bug.cgi?id=1967939

https://bugzilla.redhat.com/show_bug.cgi?id=1967974

https://bugzilla.redhat.com/show_bug.cgi?id=1968117

https://bugzilla.redhat.com/show_bug.cgi?id=1968608

https://bugzilla.redhat.com/show_bug.cgi?id=1969592

https://bugzilla.redhat.com/show_bug.cgi?id=1969905

https://bugzilla.redhat.com/show_bug.cgi?id=1970074

https://bugzilla.redhat.com/show_bug.cgi?id=1970095

https://bugzilla.redhat.com/show_bug.cgi?id=1970391

https://bugzilla.redhat.com/show_bug.cgi?id=1971072

https://bugzilla.redhat.com/show_bug.cgi?id=1971076

https://bugzilla.redhat.com/show_bug.cgi?id=1972066

https://bugzilla.redhat.com/show_bug.cgi?id=1972319

https://bugzilla.redhat.com/show_bug.cgi?id=1972360

https://bugzilla.redhat.com/show_bug.cgi?id=1972760

https://bugzilla.redhat.com/show_bug.cgi?id=1972771

https://bugzilla.redhat.com/show_bug.cgi?id=1974685

https://bugzilla.redhat.com/show_bug.cgi?id=1974687

https://bugzilla.redhat.com/show_bug.cgi?id=1974733

https://bugzilla.redhat.com/show_bug.cgi?id=1975095

https://bugzilla.redhat.com/show_bug.cgi?id=1975105

https://bugzilla.redhat.com/show_bug.cgi?id=1976872

https://bugzilla.redhat.com/show_bug.cgi?id=1976930

https://bugzilla.redhat.com/show_bug.cgi?id=1977282

https://bugzilla.redhat.com/show_bug.cgi?id=1977693

https://bugzilla.redhat.com/show_bug.cgi?id=1977745

https://bugzilla.redhat.com/show_bug.cgi?id=1977788

https://bugzilla.redhat.com/show_bug.cgi?id=1978697

https://bugzilla.redhat.com/show_bug.cgi?id=1978709

https://bugzilla.redhat.com/show_bug.cgi?id=1978789

https://bugzilla.redhat.com/show_bug.cgi?id=1979292

https://bugzilla.redhat.com/show_bug.cgi?id=1979314

https://bugzilla.redhat.com/show_bug.cgi?id=1979319

https://bugzilla.redhat.com/show_bug.cgi?id=1979681

https://bugzilla.redhat.com/show_bug.cgi?id=1980274

https://bugzilla.redhat.com/show_bug.cgi?id=1829107

https://bugzilla.redhat.com/show_bug.cgi?id=1829115

https://bugzilla.redhat.com/show_bug.cgi?id=1829239

https://bugzilla.redhat.com/show_bug.cgi?id=1830026

https://bugzilla.redhat.com/show_bug.cgi?id=1830247

https://bugzilla.redhat.com/show_bug.cgi?id=1836868

https://bugzilla.redhat.com/show_bug.cgi?id=1837556

https://bugzilla.redhat.com/show_bug.cgi?id=1838800

https://bugzilla.redhat.com/show_bug.cgi?id=1844972

https://bugzilla.redhat.com/show_bug.cgi?id=1845498

https://bugzilla.redhat.com/show_bug.cgi?id=1845657

https://bugzilla.redhat.com/show_bug.cgi?id=1848111

https://bugzilla.redhat.com/show_bug.cgi?id=1848981

https://bugzilla.redhat.com/show_bug.cgi?id=1851415

https://bugzilla.redhat.com/show_bug.cgi?id=1853710

https://bugzilla.redhat.com/show_bug.cgi?id=1856730

https://bugzilla.redhat.com/show_bug.cgi?id=1860466

https://bugzilla.redhat.com/show_bug.cgi?id=1861493

https://bugzilla.redhat.com/show_bug.cgi?id=1862372

https://bugzilla.redhat.com/show_bug.cgi?id=1863597

https://bugzilla.redhat.com/show_bug.cgi?id=1868310

https://bugzilla.redhat.com/show_bug.cgi?id=1868357

https://bugzilla.redhat.com/show_bug.cgi?id=1872534

https://bugzilla.redhat.com/show_bug.cgi?id=1874587

https://bugzilla.redhat.com/show_bug.cgi?id=1879020

https://bugzilla.redhat.com/show_bug.cgi?id=1882123

https://bugzilla.redhat.com/show_bug.cgi?id=1883503

https://bugzilla.redhat.com/show_bug.cgi?id=1884212

https://bugzilla.redhat.com/show_bug.cgi?id=1885240

https://bugzilla.redhat.com/show_bug.cgi?id=1888332

https://bugzilla.redhat.com/show_bug.cgi?id=1893617

https://bugzilla.redhat.com/show_bug.cgi?id=1899873

https://bugzilla.redhat.com/show_bug.cgi?id=1900664

https://bugzilla.redhat.com/show_bug.cgi?id=1901504

https://bugzilla.redhat.com/show_bug.cgi?id=1904369

https://bugzilla.redhat.com/show_bug.cgi?id=1905560

https://bugzilla.redhat.com/show_bug.cgi?id=1905561

https://bugzilla.redhat.com/show_bug.cgi?id=1905814

https://bugzilla.redhat.com/show_bug.cgi?id=1910412

https://bugzilla.redhat.com/show_bug.cgi?id=1911338

https://bugzilla.redhat.com/show_bug.cgi?id=1911670

https://bugzilla.redhat.com/show_bug.cgi?id=1915705

https://bugzilla.redhat.com/show_bug.cgi?id=1915748

https://bugzilla.redhat.com/show_bug.cgi?id=1917509

https://bugzilla.redhat.com/show_bug.cgi?id=1918353

https://bugzilla.redhat.com/show_bug.cgi?id=1920405

https://bugzilla.redhat.com/show_bug.cgi?id=1920443

https://bugzilla.redhat.com/show_bug.cgi?id=1921055

https://bugzilla.redhat.com/show_bug.cgi?id=1924821

https://bugzilla.redhat.com/show_bug.cgi?id=1924844

https://bugzilla.redhat.com/show_bug.cgi?id=1924867

https://bugzilla.redhat.com/show_bug.cgi?id=1925172

https://bugzilla.redhat.com/show_bug.cgi?id=1925429

https://bugzilla.redhat.com/show_bug.cgi?id=1926840

https://bugzilla.redhat.com/show_bug.cgi?id=1927272

https://bugzilla.redhat.com/show_bug.cgi?id=1927679

https://bugzilla.redhat.com/show_bug.cgi?id=1927771

https://bugzilla.redhat.com/show_bug.cgi?id=1927775

https://bugzilla.redhat.com/show_bug.cgi?id=1932486

https://bugzilla.redhat.com/show_bug.cgi?id=1932700

https://bugzilla.redhat.com/show_bug.cgi?id=1933364

https://bugzilla.redhat.com/show_bug.cgi?id=1934086

https://bugzilla.redhat.com/show_bug.cgi?id=1934110

https://bugzilla.redhat.com/show_bug.cgi?id=1934115

https://bugzilla.redhat.com/show_bug.cgi?id=1934427

https://bugzilla.redhat.com/show_bug.cgi?id=1934795

https://bugzilla.redhat.com/show_bug.cgi?id=1935724

https://bugzilla.redhat.com/show_bug.cgi?id=1936462

https://bugzilla.redhat.com/show_bug.cgi?id=1936946

https://bugzilla.redhat.com/show_bug.cgi?id=1937824

https://bugzilla.redhat.com/show_bug.cgi?id=1939450

https://bugzilla.redhat.com/show_bug.cgi?id=1940084

https://bugzilla.redhat.com/show_bug.cgi?id=1940562

https://bugzilla.redhat.com/show_bug.cgi?id=1940798

https://bugzilla.redhat.com/show_bug.cgi?id=1940832

https://bugzilla.redhat.com/show_bug.cgi?id=1945534

https://bugzilla.redhat.com/show_bug.cgi?id=1945601

https://bugzilla.redhat.com/show_bug.cgi?id=1945661

https://bugzilla.redhat.com/show_bug.cgi?id=1947628

https://bugzilla.redhat.com/show_bug.cgi?id=1954043

https://bugzilla.redhat.com/show_bug.cgi?id=1954294

https://bugzilla.redhat.com/show_bug.cgi?id=1954996

https://bugzilla.redhat.com/show_bug.cgi?id=1955861

https://bugzilla.redhat.com/show_bug.cgi?id=1956124

https://bugzilla.redhat.com/show_bug.cgi?id=1956158

https://bugzilla.redhat.com/show_bug.cgi?id=1956190

https://bugzilla.redhat.com/show_bug.cgi?id=1956461

https://bugzilla.redhat.com/show_bug.cgi?id=1956494

https://bugzilla.redhat.com/show_bug.cgi?id=1956774

https://bugzilla.redhat.com/show_bug.cgi?id=1956951

https://bugzilla.redhat.com/show_bug.cgi?id=1957035

https://bugzilla.redhat.com/show_bug.cgi?id=1957186

https://bugzilla.redhat.com/show_bug.cgi?id=1961382

https://bugzilla.redhat.com/show_bug.cgi?id=1961885

https://bugzilla.redhat.com/show_bug.cgi?id=1961886

https://bugzilla.redhat.com/show_bug.cgi?id=1962140

https://bugzilla.redhat.com/show_bug.cgi?id=1962189

https://bugzilla.redhat.com/show_bug.cgi?id=1962624

https://bugzilla.redhat.com/show_bug.cgi?id=1962694

https://bugzilla.redhat.com/show_bug.cgi?id=1962695

https://bugzilla.redhat.com/show_bug.cgi?id=1962757

https://bugzilla.redhat.com/show_bug.cgi?id=1962820

https://bugzilla.redhat.com/show_bug.cgi?id=1962840

https://bugzilla.redhat.com/show_bug.cgi?id=1962867

https://bugzilla.redhat.com/show_bug.cgi?id=1962870

https://bugzilla.redhat.com/show_bug.cgi?id=1962873

https://bugzilla.redhat.com/show_bug.cgi?id=1962875

https://bugzilla.redhat.com/show_bug.cgi?id=1962925

https://bugzilla.redhat.com/show_bug.cgi?id=1962928

https://bugzilla.redhat.com/show_bug.cgi?id=1962933

https://bugzilla.redhat.com/show_bug.cgi?id=1964041

https://bugzilla.redhat.com/show_bug.cgi?id=1964103

https://bugzilla.redhat.com/show_bug.cgi?id=1964920

https://bugzilla.redhat.com/show_bug.cgi?id=1965239

https://bugzilla.redhat.com/show_bug.cgi?id=1965570

https://bugzilla.redhat.com/show_bug.cgi?id=1965901

https://bugzilla.redhat.com/show_bug.cgi?id=1967066

https://bugzilla.redhat.com/show_bug.cgi?id=1967138

https://bugzilla.redhat.com/show_bug.cgi?id=1967593

https://bugzilla.redhat.com/show_bug.cgi?id=1967604

https://bugzilla.redhat.com/show_bug.cgi?id=1967649

https://bugzilla.redhat.com/show_bug.cgi?id=1967856

https://bugzilla.redhat.com/show_bug.cgi?id=1967904

https://bugzilla.redhat.com/show_bug.cgi?id=1968074

https://bugzilla.redhat.com/show_bug.cgi?id=1968344

https://bugzilla.redhat.com/show_bug.cgi?id=1969263

https://bugzilla.redhat.com/show_bug.cgi?id=1970547

https://bugzilla.redhat.com/show_bug.cgi?id=1970963

https://bugzilla.redhat.com/show_bug.cgi?id=1970964

https://bugzilla.redhat.com/show_bug.cgi?id=1970965

https://bugzilla.redhat.com/show_bug.cgi?id=1971015

https://bugzilla.redhat.com/show_bug.cgi?id=1971395

https://bugzilla.redhat.com/show_bug.cgi?id=1972381

https://bugzilla.redhat.com/show_bug.cgi?id=1972447

https://bugzilla.redhat.com/show_bug.cgi?id=1972596

https://bugzilla.redhat.com/show_bug.cgi?id=1972770

https://bugzilla.redhat.com/show_bug.cgi?id=1972773

https://bugzilla.redhat.com/show_bug.cgi?id=1972995

https://bugzilla.redhat.com/show_bug.cgi?id=1973285

https://bugzilla.redhat.com/show_bug.cgi?id=1973342

https://bugzilla.redhat.com/show_bug.cgi?id=1973365

https://bugzilla.redhat.com/show_bug.cgi?id=1973546

https://bugzilla.redhat.com/show_bug.cgi?id=1974314

https://bugzilla.redhat.com/show_bug.cgi?id=1974410

https://bugzilla.redhat.com/show_bug.cgi?id=1975276

https://bugzilla.redhat.com/show_bug.cgi?id=1975501

https://bugzilla.redhat.com/show_bug.cgi?id=1975801

https://bugzilla.redhat.com/show_bug.cgi?id=1975933

https://bugzilla.redhat.com/show_bug.cgi?id=1976047

https://bugzilla.redhat.com/show_bug.cgi?id=1976051

https://bugzilla.redhat.com/show_bug.cgi?id=1976116

https://bugzilla.redhat.com/show_bug.cgi?id=1976226

https://bugzilla.redhat.com/show_bug.cgi?id=1976227

https://bugzilla.redhat.com/show_bug.cgi?id=1976231

https://bugzilla.redhat.com/show_bug.cgi?id=1976754

https://bugzilla.redhat.com/show_bug.cgi?id=1976783

https://bugzilla.redhat.com/show_bug.cgi?id=1976853

https://bugzilla.redhat.com/show_bug.cgi?id=1977840

https://bugzilla.redhat.com/show_bug.cgi?id=1978023

https://bugzilla.redhat.com/show_bug.cgi?id=1978026

https://bugzilla.redhat.com/show_bug.cgi?id=1978182

https://bugzilla.redhat.com/show_bug.cgi?id=1978265

https://bugzilla.redhat.com/show_bug.cgi?id=1978380

https://bugzilla.redhat.com/show_bug.cgi?id=1978457

https://bugzilla.redhat.com/show_bug.cgi?id=1978571

https://bugzilla.redhat.com/show_bug.cgi?id=1979210

https://bugzilla.redhat.com/show_bug.cgi?id=1979215

https://bugzilla.redhat.com/show_bug.cgi?id=1979239

https://bugzilla.redhat.com/show_bug.cgi?id=1979702

https://bugzilla.redhat.com/show_bug.cgi?id=1979810

https://bugzilla.redhat.com/show_bug.cgi?id=1979929

https://bugzilla.redhat.com/show_bug.cgi?id=1980418

https://bugzilla.redhat.com/show_bug.cgi?id=1983043

https://bugzilla.redhat.com/show_bug.cgi?id=1983143

https://bugzilla.redhat.com/show_bug.cgi?id=1983195

https://bugzilla.redhat.com/show_bug.cgi?id=1985286

https://bugzilla.redhat.com/show_bug.cgi?id=1985287

https://bugzilla.redhat.com/show_bug.cgi?id=1985291

https://bugzilla.redhat.com/show_bug.cgi?id=1985303

https://bugzilla.redhat.com/show_bug.cgi?id=1985344

https://bugzilla.redhat.com/show_bug.cgi?id=1985893

https://bugzilla.redhat.com/show_bug.cgi?id=1985910

https://bugzilla.redhat.com/show_bug.cgi?id=1985958

https://bugzilla.redhat.com/show_bug.cgi?id=1986002

https://bugzilla.redhat.com/show_bug.cgi?id=1986292

https://bugzilla.redhat.com/show_bug.cgi?id=1991530

https://bugzilla.redhat.com/show_bug.cgi?id=1991545

https://bugzilla.redhat.com/show_bug.cgi?id=1991992

https://bugzilla.redhat.com/show_bug.cgi?id=1992053

https://bugzilla.redhat.com/show_bug.cgi?id=1992329

https://bugzilla.redhat.com/show_bug.cgi?id=1992967

https://bugzilla.redhat.com/show_bug.cgi?id=1993216

https://bugzilla.redhat.com/show_bug.cgi?id=1993288

https://bugzilla.redhat.com/show_bug.cgi?id=1993679

https://bugzilla.redhat.com/show_bug.cgi?id=1993773

https://bugzilla.redhat.com/show_bug.cgi?id=1993951

https://bugzilla.redhat.com/show_bug.cgi?id=1993982

https://bugzilla.redhat.com/show_bug.cgi?id=1994022

https://bugzilla.redhat.com/show_bug.cgi?id=1994036

https://bugzilla.redhat.com/show_bug.cgi?id=1994215

https://bugzilla.redhat.com/show_bug.cgi?id=1994256

https://bugzilla.redhat.com/show_bug.cgi?id=1994275

https://bugzilla.redhat.com/show_bug.cgi?id=1994490

https://bugzilla.redhat.com/show_bug.cgi?id=1994669

https://bugzilla.redhat.com/show_bug.cgi?id=1994674

https://bugzilla.redhat.com/show_bug.cgi?id=1994896

https://bugzilla.redhat.com/show_bug.cgi?id=1994923

https://bugzilla.redhat.com/show_bug.cgi?id=1995091

https://bugzilla.redhat.com/show_bug.cgi?id=1995171

https://bugzilla.redhat.com/show_bug.cgi?id=1995175

https://bugzilla.redhat.com/show_bug.cgi?id=1995228

https://bugzilla.redhat.com/show_bug.cgi?id=1995272

https://bugzilla.redhat.com/show_bug.cgi?id=1995276

https://bugzilla.redhat.com/show_bug.cgi?id=1995279

https://bugzilla.redhat.com/show_bug.cgi?id=1995424

https://bugzilla.redhat.com/show_bug.cgi?id=1995540

https://bugzilla.redhat.com/show_bug.cgi?id=1995546

https://bugzilla.redhat.com/show_bug.cgi?id=1995650

https://bugzilla.redhat.com/show_bug.cgi?id=1995661

https://bugzilla.redhat.com/show_bug.cgi?id=1995729

https://bugzilla.redhat.com/show_bug.cgi?id=1995827

https://bugzilla.redhat.com/show_bug.cgi?id=1996048

https://bugzilla.redhat.com/show_bug.cgi?id=1996075

https://bugzilla.redhat.com/show_bug.cgi?id=1996077

https://bugzilla.redhat.com/show_bug.cgi?id=1996136

https://bugzilla.redhat.com/show_bug.cgi?id=1996208

https://bugzilla.redhat.com/show_bug.cgi?id=1996371

https://bugzilla.redhat.com/show_bug.cgi?id=1996490

https://bugzilla.redhat.com/show_bug.cgi?id=1996650

https://bugzilla.redhat.com/show_bug.cgi?id=1996747

https://bugzilla.redhat.com/show_bug.cgi?id=1996952

https://bugzilla.redhat.com/show_bug.cgi?id=1997005

https://bugzilla.redhat.com/show_bug.cgi?id=1997065

https://bugzilla.redhat.com/show_bug.cgi?id=1997070

https://bugzilla.redhat.com/show_bug.cgi?id=1997225

https://bugzilla.redhat.com/show_bug.cgi?id=1997425

https://bugzilla.redhat.com/show_bug.cgi?id=1997623

https://bugzilla.redhat.com/show_bug.cgi?id=1997724

https://bugzilla.redhat.com/show_bug.cgi?id=1997921

https://bugzilla.redhat.com/show_bug.cgi?id=1998167

https://bugzilla.redhat.com/show_bug.cgi?id=1998199

https://bugzilla.redhat.com/show_bug.cgi?id=1998250

https://bugzilla.redhat.com/show_bug.cgi?id=1998290

https://bugzilla.redhat.com/show_bug.cgi?id=1998291

https://bugzilla.redhat.com/show_bug.cgi?id=1998404

https://bugzilla.redhat.com/show_bug.cgi?id=1998409

https://bugzilla.redhat.com/show_bug.cgi?id=1998487

https://bugzilla.redhat.com/show_bug.cgi?id=1998566

https://bugzilla.redhat.com/show_bug.cgi?id=1999116

https://bugzilla.redhat.com/show_bug.cgi?id=1999541

https://bugzilla.redhat.com/show_bug.cgi?id=1999679

https://bugzilla.redhat.com/show_bug.cgi?id=2000008

https://bugzilla.redhat.com/show_bug.cgi?id=2000036

https://bugzilla.redhat.com/show_bug.cgi?id=2000063

https://bugzilla.redhat.com/show_bug.cgi?id=2000237

https://bugzilla.redhat.com/show_bug.cgi?id=2000286

https://bugzilla.redhat.com/show_bug.cgi?id=2000424

https://bugzilla.redhat.com/show_bug.cgi?id=2000534

https://bugzilla.redhat.com/show_bug.cgi?id=2001052

https://bugzilla.redhat.com/show_bug.cgi?id=2001088

https://bugzilla.redhat.com/show_bug.cgi?id=2001091

https://bugzilla.redhat.com/show_bug.cgi?id=2001476

https://bugzilla.redhat.com/show_bug.cgi?id=2001674

https://bugzilla.redhat.com/show_bug.cgi?id=2002693

https://bugzilla.redhat.com/show_bug.cgi?id=2003264

https://bugzilla.redhat.com/show_bug.cgi?id=2003705

https://bugzilla.redhat.com/show_bug.cgi?id=2003764

https://bugzilla.redhat.com/show_bug.cgi?id=2004397

https://bugzilla.redhat.com/show_bug.cgi?id=2005137

https://bugzilla.redhat.com/show_bug.cgi?id=2005754

https://bugzilla.redhat.com/show_bug.cgi?id=2006827

https://bugzilla.redhat.com/show_bug.cgi?id=2006959

https://bugzilla.redhat.com/show_bug.cgi?id=2008015

https://bugzilla.redhat.com/show_bug.cgi?id=2009630

https://bugzilla.redhat.com/show_bug.cgi?id=2010207

https://bugzilla.redhat.com/show_bug.cgi?id=2010230

https://bugzilla.redhat.com/show_bug.cgi?id=2010411

https://bugzilla.redhat.com/show_bug.cgi?id=2010863

https://bugzilla.redhat.com/show_bug.cgi?id=2011303

https://bugzilla.redhat.com/show_bug.cgi?id=2011696

https://bugzilla.redhat.com/show_bug.cgi?id=2012460

https://bugzilla.redhat.com/show_bug.cgi?id=2012808

https://bugzilla.redhat.com/show_bug.cgi?id=2012826

https://bugzilla.redhat.com/show_bug.cgi?id=2019177

https://bugzilla.redhat.com/show_bug.cgi?id=1980509

https://bugzilla.redhat.com/show_bug.cgi?id=1980709

https://bugzilla.redhat.com/show_bug.cgi?id=1980754

https://bugzilla.redhat.com/show_bug.cgi?id=1980791

https://bugzilla.redhat.com/show_bug.cgi?id=1980798

https://bugzilla.redhat.com/show_bug.cgi?id=1981225

https://bugzilla.redhat.com/show_bug.cgi?id=1981248

https://bugzilla.redhat.com/show_bug.cgi?id=1981401

https://bugzilla.redhat.com/show_bug.cgi?id=1981434

https://bugzilla.redhat.com/show_bug.cgi?id=1981517

https://bugzilla.redhat.com/show_bug.cgi?id=1981619

https://bugzilla.redhat.com/show_bug.cgi?id=1981869

https://bugzilla.redhat.com/show_bug.cgi?id=1982343

https://bugzilla.redhat.com/show_bug.cgi?id=1982344

https://bugzilla.redhat.com/show_bug.cgi?id=1982695

https://bugzilla.redhat.com/show_bug.cgi?id=1982753

https://bugzilla.redhat.com/show_bug.cgi?id=1982759

https://bugzilla.redhat.com/show_bug.cgi?id=1983575

https://bugzilla.redhat.com/show_bug.cgi?id=1983760

https://bugzilla.redhat.com/show_bug.cgi?id=1983768

https://bugzilla.redhat.com/show_bug.cgi?id=1984025

https://bugzilla.redhat.com/show_bug.cgi?id=1984125

https://bugzilla.redhat.com/show_bug.cgi?id=1984890

https://bugzilla.redhat.com/show_bug.cgi?id=1984896

https://bugzilla.redhat.com/show_bug.cgi?id=1984899

https://bugzilla.redhat.com/show_bug.cgi?id=1984965

https://bugzilla.redhat.com/show_bug.cgi?id=1985122

https://bugzilla.redhat.com/show_bug.cgi?id=1986356

https://bugzilla.redhat.com/show_bug.cgi?id=1986903

https://bugzilla.redhat.com/show_bug.cgi?id=1986948

https://bugzilla.redhat.com/show_bug.cgi?id=1986996

https://bugzilla.redhat.com/show_bug.cgi?id=1987205

https://bugzilla.redhat.com/show_bug.cgi?id=1988299

https://bugzilla.redhat.com/show_bug.cgi?id=1988460

https://bugzilla.redhat.com/show_bug.cgi?id=1989078

https://bugzilla.redhat.com/show_bug.cgi?id=1989182

https://bugzilla.redhat.com/show_bug.cgi?id=1989721

https://bugzilla.redhat.com/show_bug.cgi?id=1990004

https://bugzilla.redhat.com/show_bug.cgi?id=1990828

https://bugzilla.redhat.com/show_bug.cgi?id=1990857

https://bugzilla.redhat.com/show_bug.cgi?id=1990864

https://bugzilla.redhat.com/show_bug.cgi?id=1990897

https://bugzilla.redhat.com/show_bug.cgi?id=1991030

https://bugzilla.redhat.com/show_bug.cgi?id=1991347

Plugin Details

Severity: Critical

ID: 155377

File Name: redhat-RHSA-2021-4702.nasl

Version: 1.10

Type: local

Agent: unix

Published: 11/17/2021

Updated: 11/7/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2020-14343

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS v4

Risk Factor: Critical

Base Score: 9.3

Threat Score: 8.9

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:python3-django, p-cpe:/a:redhat:enterprise_linux:satellite, p-cpe:/a:redhat:enterprise_linux:satellite-capsule, p-cpe:/a:redhat:enterprise_linux:foreman, p-cpe:/a:redhat:enterprise_linux:python-ecdsa, p-cpe:/a:redhat:enterprise_linux:python-pyyaml, p-cpe:/a:redhat:enterprise_linux:python3-ecdsa, p-cpe:/a:redhat:enterprise_linux:python3-urllib3, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-nokogiri, p-cpe:/a:redhat:enterprise_linux:python3-pyyaml, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-actionpack, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-puma, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:python-urllib3, p-cpe:/a:redhat:enterprise_linux:python-aiohttp, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activerecord-session_store, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-addressable, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rails, p-cpe:/a:redhat:enterprise_linux:candlepin

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/16/2021

Vulnerability Publication Date: 10/8/2019

Reference Information

CVE: CVE-2019-14853, CVE-2019-14859, CVE-2019-25025, CVE-2020-14343, CVE-2020-26247, CVE-2020-8130, CVE-2020-8908, CVE-2021-20256, CVE-2021-21330, CVE-2021-22885, CVE-2021-22902, CVE-2021-22904, CVE-2021-28658, CVE-2021-29509, CVE-2021-31542, CVE-2021-32740, CVE-2021-33203, CVE-2021-33503, CVE-2021-33571, CVE-2021-3413, CVE-2021-3494

CWE: 20, 200, 22, 319, 347, 391, 400, 601, 611, 78, 835, 918

IAVA: 2021-A-0463

RHSA: 2021:4702