Detections
Analytics
RHEL 8 : Satellite 6.12 Release (Important) (RHSA-2022:8506)
critical Nessus Plugin ID 194188
Language:
Synopsis
The remote Red Hat host is missing one or more security updates.Description
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8506 advisory.Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool.
Security Fix(es):
* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)
* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)
* python3-django: Possible XSS via template tag (CVE-2022-22818)
* tfm-rubygem-nokogiri: ReDoS in HTML encoding detection (CVE-2022-24836)
* tfm-rubygem-sinatra: Path traversal possible outside of public_dir when serving static files (CVE-2022-29970)
* tfm-rubygem-git: Package vulnerable to Command Injection via git argument injection (CVE-2022-25648)
* rubygem-rails-html-sanitizer: Possible XSS with certain configurations (CVE-2022-32209)
* python3-django: Potential SQL injection via Trunc and Extract arguments (CVE-2022-34265)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
The items above are not a complete list of changes. This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
http://www.nessus.org/u?8195edd1
https://access.redhat.com/security/updates/classification/#important
https://bugzilla.redhat.com/show_bug.cgi?id=1309740
https://bugzilla.redhat.com/show_bug.cgi?id=1703496
https://bugzilla.redhat.com/show_bug.cgi?id=1732590
https://bugzilla.redhat.com/show_bug.cgi?id=1775813
https://bugzilla.redhat.com/show_bug.cgi?id=1829468
https://bugzilla.redhat.com/show_bug.cgi?id=1830968
https://bugzilla.redhat.com/show_bug.cgi?id=1834897
https://bugzilla.redhat.com/show_bug.cgi?id=1850393
https://bugzilla.redhat.com/show_bug.cgi?id=1868175
https://bugzilla.redhat.com/show_bug.cgi?id=1868323
https://bugzilla.redhat.com/show_bug.cgi?id=1870816
https://bugzilla.redhat.com/show_bug.cgi?id=1879811
https://bugzilla.redhat.com/show_bug.cgi?id=1884148
https://bugzilla.redhat.com/show_bug.cgi?id=1892218
https://bugzilla.redhat.com/show_bug.cgi?id=1892752
https://bugzilla.redhat.com/show_bug.cgi?id=1894033
https://bugzilla.redhat.com/show_bug.cgi?id=1908841
https://bugzilla.redhat.com/show_bug.cgi?id=1912941
https://bugzilla.redhat.com/show_bug.cgi?id=1925165
https://bugzilla.redhat.com/show_bug.cgi?id=1930577
https://bugzilla.redhat.com/show_bug.cgi?id=1931532
https://bugzilla.redhat.com/show_bug.cgi?id=1931665
https://bugzilla.redhat.com/show_bug.cgi?id=1934210
https://bugzilla.redhat.com/show_bug.cgi?id=1938092
https://bugzilla.redhat.com/show_bug.cgi?id=1940396
https://bugzilla.redhat.com/show_bug.cgi?id=1951542
https://bugzilla.redhat.com/show_bug.cgi?id=1952939
https://bugzilla.redhat.com/show_bug.cgi?id=1959136
https://bugzilla.redhat.com/show_bug.cgi?id=1962253
https://bugzilla.redhat.com/show_bug.cgi?id=1964080
https://bugzilla.redhat.com/show_bug.cgi?id=1970132
https://bugzilla.redhat.com/show_bug.cgi?id=1970623
https://bugzilla.redhat.com/show_bug.cgi?id=1971747
https://bugzilla.redhat.com/show_bug.cgi?id=1973329
https://bugzilla.redhat.com/show_bug.cgi?id=1974180
https://bugzilla.redhat.com/show_bug.cgi?id=1981444
https://bugzilla.redhat.com/show_bug.cgi?id=1982698
https://bugzilla.redhat.com/show_bug.cgi?id=1982745
https://bugzilla.redhat.com/show_bug.cgi?id=1984400
https://bugzilla.redhat.com/show_bug.cgi?id=1989631
https://bugzilla.redhat.com/show_bug.cgi?id=1990119
https://bugzilla.redhat.com/show_bug.cgi?id=1991557
https://bugzilla.redhat.com/show_bug.cgi?id=1994877
https://bugzilla.redhat.com/show_bug.cgi?id=1994945
https://bugzilla.redhat.com/show_bug.cgi?id=1998477
https://bugzilla.redhat.com/show_bug.cgi?id=2000613
https://bugzilla.redhat.com/show_bug.cgi?id=2001517
https://bugzilla.redhat.com/show_bug.cgi?id=2001552
https://bugzilla.redhat.com/show_bug.cgi?id=2004133
https://bugzilla.redhat.com/show_bug.cgi?id=2004135
https://bugzilla.redhat.com/show_bug.cgi?id=2006974
https://bugzilla.redhat.com/show_bug.cgi?id=2007117
https://bugzilla.redhat.com/show_bug.cgi?id=2011312
https://bugzilla.redhat.com/show_bug.cgi?id=2013611
https://bugzilla.redhat.com/show_bug.cgi?id=2015062
https://bugzilla.redhat.com/show_bug.cgi?id=2015757
https://bugzilla.redhat.com/show_bug.cgi?id=2016924
https://bugzilla.redhat.com/show_bug.cgi?id=2022065
https://bugzilla.redhat.com/show_bug.cgi?id=2022649
https://bugzilla.redhat.com/show_bug.cgi?id=2024175
https://bugzilla.redhat.com/show_bug.cgi?id=2024576
https://bugzilla.redhat.com/show_bug.cgi?id=2024968
https://bugzilla.redhat.com/show_bug.cgi?id=2025892
https://bugzilla.redhat.com/show_bug.cgi?id=2025926
https://bugzilla.redhat.com/show_bug.cgi?id=2027947
https://bugzilla.redhat.com/show_bug.cgi?id=2028112
https://bugzilla.redhat.com/show_bug.cgi?id=2033321
https://bugzilla.redhat.com/show_bug.cgi?id=2033381
https://bugzilla.redhat.com/show_bug.cgi?id=2035287
https://bugzilla.redhat.com/show_bug.cgi?id=2036151
https://bugzilla.redhat.com/show_bug.cgi?id=2038989
https://bugzilla.redhat.com/show_bug.cgi?id=2043126
https://bugzilla.redhat.com/show_bug.cgi?id=2043242
https://bugzilla.redhat.com/show_bug.cgi?id=2048547
https://bugzilla.redhat.com/show_bug.cgi?id=2048775
https://bugzilla.redhat.com/show_bug.cgi?id=2049595
https://bugzilla.redhat.com/show_bug.cgi?id=2051648
https://bugzilla.redhat.com/show_bug.cgi?id=2051891
https://bugzilla.redhat.com/show_bug.cgi?id=2052076
https://bugzilla.redhat.com/show_bug.cgi?id=2053842
https://bugzilla.redhat.com/show_bug.cgi?id=2054011
https://bugzilla.redhat.com/show_bug.cgi?id=2054042
https://bugzilla.redhat.com/show_bug.cgi?id=2054786
https://bugzilla.redhat.com/show_bug.cgi?id=2054969
https://bugzilla.redhat.com/show_bug.cgi?id=2055391
https://bugzilla.redhat.com/show_bug.cgi?id=2055416
https://bugzilla.redhat.com/show_bug.cgi?id=2055979
https://bugzilla.redhat.com/show_bug.cgi?id=2056188
https://bugzilla.redhat.com/show_bug.cgi?id=2056702
https://bugzilla.redhat.com/show_bug.cgi?id=2058037
https://bugzilla.redhat.com/show_bug.cgi?id=2059179
https://bugzilla.redhat.com/show_bug.cgi?id=2060651
https://bugzilla.redhat.com/show_bug.cgi?id=2062800
https://bugzilla.redhat.com/show_bug.cgi?id=2064979
https://bugzilla.redhat.com/show_bug.cgi?id=2068454
https://bugzilla.redhat.com/show_bug.cgi?id=2069306
https://bugzilla.redhat.com/show_bug.cgi?id=2069440
https://bugzilla.redhat.com/show_bug.cgi?id=2069634
https://bugzilla.redhat.com/show_bug.cgi?id=2070001
https://bugzilla.redhat.com/show_bug.cgi?id=2070535
https://bugzilla.redhat.com/show_bug.cgi?id=2070732
https://bugzilla.redhat.com/show_bug.cgi?id=2070972
https://bugzilla.redhat.com/show_bug.cgi?id=2072696
https://bugzilla.redhat.com/show_bug.cgi?id=2073305
https://bugzilla.redhat.com/show_bug.cgi?id=2074346
https://bugzilla.redhat.com/show_bug.cgi?id=2075056
https://bugzilla.redhat.com/show_bug.cgi?id=2076843
https://bugzilla.redhat.com/show_bug.cgi?id=2077811
https://bugzilla.redhat.com/show_bug.cgi?id=2077822
https://bugzilla.redhat.com/show_bug.cgi?id=2077824
https://bugzilla.redhat.com/show_bug.cgi?id=2080324
https://bugzilla.redhat.com/show_bug.cgi?id=2080423
https://bugzilla.redhat.com/show_bug.cgi?id=2081096
https://bugzilla.redhat.com/show_bug.cgi?id=2084130
https://bugzilla.redhat.com/show_bug.cgi?id=2085490
https://bugzilla.redhat.com/show_bug.cgi?id=2088303
https://bugzilla.redhat.com/show_bug.cgi?id=2089445
https://bugzilla.redhat.com/show_bug.cgi?id=2089828
https://bugzilla.redhat.com/show_bug.cgi?id=2091044
https://bugzilla.redhat.com/show_bug.cgi?id=2092039
https://bugzilla.redhat.com/show_bug.cgi?id=2093884
https://bugzilla.redhat.com/show_bug.cgi?id=2094019
https://bugzilla.redhat.com/show_bug.cgi?id=2095187
https://bugzilla.redhat.com/show_bug.cgi?id=2095820
https://bugzilla.redhat.com/show_bug.cgi?id=2096429
https://bugzilla.redhat.com/show_bug.cgi?id=2098240
https://bugzilla.redhat.com/show_bug.cgi?id=2099620
https://bugzilla.redhat.com/show_bug.cgi?id=2100578
https://bugzilla.redhat.com/show_bug.cgi?id=2100887
https://bugzilla.redhat.com/show_bug.cgi?id=2101579
https://bugzilla.redhat.com/show_bug.cgi?id=2101882
https://bugzilla.redhat.com/show_bug.cgi?id=2101986
https://bugzilla.redhat.com/show_bug.cgi?id=2102145
https://bugzilla.redhat.com/show_bug.cgi?id=2102456
https://bugzilla.redhat.com/show_bug.cgi?id=2102825
https://bugzilla.redhat.com/show_bug.cgi?id=2102867
https://bugzilla.redhat.com/show_bug.cgi?id=2102896
https://bugzilla.redhat.com/show_bug.cgi?id=2103096
https://bugzilla.redhat.com/show_bug.cgi?id=2103099
https://bugzilla.redhat.com/show_bug.cgi?id=2103102
https://bugzilla.redhat.com/show_bug.cgi?id=2103106
https://bugzilla.redhat.com/show_bug.cgi?id=2103110
https://bugzilla.redhat.com/show_bug.cgi?id=2103129
https://bugzilla.redhat.com/show_bug.cgi?id=2103522
https://bugzilla.redhat.com/show_bug.cgi?id=2104401
https://bugzilla.redhat.com/show_bug.cgi?id=2104498
https://bugzilla.redhat.com/show_bug.cgi?id=2105048
https://bugzilla.redhat.com/show_bug.cgi?id=2105107
https://bugzilla.redhat.com/show_bug.cgi?id=2105144
https://bugzilla.redhat.com/show_bug.cgi?id=2105299
https://bugzilla.redhat.com/show_bug.cgi?id=2105941
https://bugzilla.redhat.com/show_bug.cgi?id=2106000
https://bugzilla.redhat.com/show_bug.cgi?id=2106090
https://bugzilla.redhat.com/show_bug.cgi?id=2106091
https://bugzilla.redhat.com/show_bug.cgi?id=2106092
https://bugzilla.redhat.com/show_bug.cgi?id=2106093
https://bugzilla.redhat.com/show_bug.cgi?id=2106333
https://bugzilla.redhat.com/show_bug.cgi?id=2106659
https://bugzilla.redhat.com/show_bug.cgi?id=2106691
https://bugzilla.redhat.com/show_bug.cgi?id=2106700
https://bugzilla.redhat.com/show_bug.cgi?id=2106885
https://bugzilla.redhat.com/show_bug.cgi?id=2107252
https://bugzilla.redhat.com/show_bug.cgi?id=2107572
https://bugzilla.redhat.com/show_bug.cgi?id=2107577
https://bugzilla.redhat.com/show_bug.cgi?id=2107701
https://bugzilla.redhat.com/show_bug.cgi?id=2108169
https://bugzilla.redhat.com/show_bug.cgi?id=2108611
https://bugzilla.redhat.com/show_bug.cgi?id=2108637
https://bugzilla.redhat.com/show_bug.cgi?id=2108719
https://bugzilla.redhat.com/show_bug.cgi?id=2109254
https://bugzilla.redhat.com/show_bug.cgi?id=2109260
https://bugzilla.redhat.com/show_bug.cgi?id=2109298
https://bugzilla.redhat.com/show_bug.cgi?id=2109421
https://bugzilla.redhat.com/show_bug.cgi?id=2109594
https://bugzilla.redhat.com/show_bug.cgi?id=2109606
https://bugzilla.redhat.com/show_bug.cgi?id=2109810
https://bugzilla.redhat.com/show_bug.cgi?id=2110003
https://bugzilla.redhat.com/show_bug.cgi?id=2110163
https://bugzilla.redhat.com/show_bug.cgi?id=2110222
https://bugzilla.redhat.com/show_bug.cgi?id=2110731
https://bugzilla.redhat.com/show_bug.cgi?id=2110872
https://bugzilla.redhat.com/show_bug.cgi?id=2111038
https://bugzilla.redhat.com/show_bug.cgi?id=2111074
https://bugzilla.redhat.com/show_bug.cgi?id=2111222
https://bugzilla.redhat.com/show_bug.cgi?id=2111373
https://bugzilla.redhat.com/show_bug.cgi?id=2111469
https://bugzilla.redhat.com/show_bug.cgi?id=2111570
https://bugzilla.redhat.com/show_bug.cgi?id=2111571
https://bugzilla.redhat.com/show_bug.cgi?id=2111578
https://bugzilla.redhat.com/show_bug.cgi?id=2111921
https://bugzilla.redhat.com/show_bug.cgi?id=2112015
https://bugzilla.redhat.com/show_bug.cgi?id=2112093
https://bugzilla.redhat.com/show_bug.cgi?id=2112098
https://bugzilla.redhat.com/show_bug.cgi?id=2112436
https://bugzilla.redhat.com/show_bug.cgi?id=2112979
https://bugzilla.redhat.com/show_bug.cgi?id=2113013
https://bugzilla.redhat.com/show_bug.cgi?id=2113905
https://bugzilla.redhat.com/show_bug.cgi?id=2113946
https://bugzilla.redhat.com/show_bug.cgi?id=2113996
https://bugzilla.redhat.com/show_bug.cgi?id=2115229
https://bugzilla.redhat.com/show_bug.cgi?id=2115686
https://bugzilla.redhat.com/show_bug.cgi?id=2115767
https://bugzilla.redhat.com/show_bug.cgi?id=2115775
https://bugzilla.redhat.com/show_bug.cgi?id=2115822
https://bugzilla.redhat.com/show_bug.cgi?id=2115832
https://bugzilla.redhat.com/show_bug.cgi?id=2116123
https://bugzilla.redhat.com/show_bug.cgi?id=2116276
https://bugzilla.redhat.com/show_bug.cgi?id=2116385
https://bugzilla.redhat.com/show_bug.cgi?id=2116871
https://bugzilla.redhat.com/show_bug.cgi?id=2117382
https://bugzilla.redhat.com/show_bug.cgi?id=2117489
https://bugzilla.redhat.com/show_bug.cgi?id=2117522
https://bugzilla.redhat.com/show_bug.cgi?id=2118055
https://bugzilla.redhat.com/show_bug.cgi?id=2118252
https://bugzilla.redhat.com/show_bug.cgi?id=2118356
https://bugzilla.redhat.com/show_bug.cgi?id=2118431
https://bugzilla.redhat.com/show_bug.cgi?id=2118689
https://bugzilla.redhat.com/show_bug.cgi?id=2118694
https://bugzilla.redhat.com/show_bug.cgi?id=2118772
https://bugzilla.redhat.com/show_bug.cgi?id=2118790
https://bugzilla.redhat.com/show_bug.cgi?id=2118950
https://bugzilla.redhat.com/show_bug.cgi?id=2118966
https://bugzilla.redhat.com/show_bug.cgi?id=2119112
https://bugzilla.redhat.com/show_bug.cgi?id=2119117
https://bugzilla.redhat.com/show_bug.cgi?id=2119120
https://bugzilla.redhat.com/show_bug.cgi?id=2119124
https://bugzilla.redhat.com/show_bug.cgi?id=2119190
https://bugzilla.redhat.com/show_bug.cgi?id=2119234
https://bugzilla.redhat.com/show_bug.cgi?id=2119688
https://bugzilla.redhat.com/show_bug.cgi?id=2120148
https://bugzilla.redhat.com/show_bug.cgi?id=2120224
https://bugzilla.redhat.com/show_bug.cgi?id=2120299
https://bugzilla.redhat.com/show_bug.cgi?id=2120327
https://bugzilla.redhat.com/show_bug.cgi?id=2120414
https://bugzilla.redhat.com/show_bug.cgi?id=2120579
https://bugzilla.redhat.com/show_bug.cgi?id=2120632
https://bugzilla.redhat.com/show_bug.cgi?id=2120715
https://bugzilla.redhat.com/show_bug.cgi?id=2120992
https://bugzilla.redhat.com/show_bug.cgi?id=2121238
https://bugzilla.redhat.com/show_bug.cgi?id=2121249
https://bugzilla.redhat.com/show_bug.cgi?id=2121583
https://bugzilla.redhat.com/show_bug.cgi?id=2121689
https://bugzilla.redhat.com/show_bug.cgi?id=2121738
https://bugzilla.redhat.com/show_bug.cgi?id=2121739
https://bugzilla.redhat.com/show_bug.cgi?id=2121954
https://bugzilla.redhat.com/show_bug.cgi?id=2122090
https://bugzilla.redhat.com/show_bug.cgi?id=2122214
https://bugzilla.redhat.com/show_bug.cgi?id=2122764
https://bugzilla.redhat.com/show_bug.cgi?id=2122780
https://bugzilla.redhat.com/show_bug.cgi?id=2122945
https://bugzilla.redhat.com/show_bug.cgi?id=2123352
https://bugzilla.redhat.com/show_bug.cgi?id=2123405
https://bugzilla.redhat.com/show_bug.cgi?id=2124047
https://bugzilla.redhat.com/show_bug.cgi?id=2124051
https://bugzilla.redhat.com/show_bug.cgi?id=2124087
https://bugzilla.redhat.com/show_bug.cgi?id=2124271
https://bugzilla.redhat.com/show_bug.cgi?id=2124568
https://bugzilla.redhat.com/show_bug.cgi?id=2124663
https://bugzilla.redhat.com/show_bug.cgi?id=2124850
https://bugzilla.redhat.com/show_bug.cgi?id=2124851
https://bugzilla.redhat.com/show_bug.cgi?id=2124928
https://bugzilla.redhat.com/show_bug.cgi?id=2125022
https://bugzilla.redhat.com/show_bug.cgi?id=2125244
https://bugzilla.redhat.com/show_bug.cgi?id=2125317
https://bugzilla.redhat.com/show_bug.cgi?id=2125585
https://bugzilla.redhat.com/show_bug.cgi?id=2125669
https://bugzilla.redhat.com/show_bug.cgi?id=2127099
https://bugzilla.redhat.com/show_bug.cgi?id=2127318
https://bugzilla.redhat.com/show_bug.cgi?id=2127934
https://bugzilla.redhat.com/show_bug.cgi?id=2127940
https://bugzilla.redhat.com/show_bug.cgi?id=2128209
https://bugzilla.redhat.com/show_bug.cgi?id=2128422
https://bugzilla.redhat.com/show_bug.cgi?id=2129002
https://bugzilla.redhat.com/show_bug.cgi?id=2131729
https://bugzilla.redhat.com/show_bug.cgi?id=2133468
https://bugzilla.redhat.com/show_bug.cgi?id=2139368
https://bugzilla.redhat.com/show_bug.cgi?id=2139369
Plugin Details
Severity: Critical
ID: 194188
File Name: redhat-RHSA-2022-8506.nasl
Version: 1.2
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 4/28/2024
Updated: 11/7/2024
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
Vendor
Vendor Severity: Important
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2022-34265
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:foreman-service, p-cpe:/a:redhat:enterprise_linux:foreman-vmware, p-cpe:/a:redhat:enterprise_linux:foreman, p-cpe:/a:redhat:enterprise_linux:rubygem-sinatra, p-cpe:/a:redhat:enterprise_linux:rubygem-rails-html-sanitizer, p-cpe:/a:redhat:enterprise_linux:foreman-telemetry, p-cpe:/a:redhat:enterprise_linux:python39-django, p-cpe:/a:redhat:enterprise_linux:foreman-postgresql, p-cpe:/a:redhat:enterprise_linux:foreman-dynflow-sidekiq, p-cpe:/a:redhat:enterprise_linux:rubygem-git, p-cpe:/a:redhat:enterprise_linux:rubygem-nokogiri, p-cpe:/a:redhat:enterprise_linux:foreman-ec2, p-cpe:/a:redhat:enterprise_linux:foreman-openstack, p-cpe:/a:redhat:enterprise_linux:foreman-cli, cpe:/o:redhat:enterprise_linux:8, p-cpe:/a:redhat:enterprise_linux:foreman-journald, p-cpe:/a:redhat:enterprise_linux:foreman-ovirt, p-cpe:/a:redhat:enterprise_linux:foreman-gce, p-cpe:/a:redhat:enterprise_linux:candlepin-selinux, p-cpe:/a:redhat:enterprise_linux:python-django, p-cpe:/a:redhat:enterprise_linux:candlepin, p-cpe:/a:redhat:enterprise_linux:foreman-libvirt, p-cpe:/a:redhat:enterprise_linux:foreman-debug
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 11/16/2022
Vulnerability Publication Date: 9/9/2021
Reference Information
CVE: CVE-2021-37136, CVE-2021-37137, CVE-2022-22818, CVE-2022-24836, CVE-2022-25648, CVE-2022-29181, CVE-2022-29970, CVE-2022-32209, CVE-2022-34265, CVE-2024-6861