RHEL 8 : Satellite 6.15.0 (Important) (RHSA-2024:2010)

high Nessus Plugin ID 199805

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2010 advisory.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Security fixes:
* python-pygments: ReDoS in pygments (CVE-2022-40896)
* python-pycryptodomex: Side-channel leakage for OAEP decryption in PyCryptodome and pycryptodomex (CVE-2023-52323)
* satellite: Arithmetic overflow in satellite (CVE-2023-4320)
* automation-hub: Ansible Automation Hub: insecure galaxy-importer tarfile extraction (CVE-2023-5189)
* jetty: Improper addition of quotation marks to user inputs in CgiServlet (CVE-2023-36479)
* python-aiohttp: HTTP request smuggling via llhttp HTTP request parser (CVE-2023-37276)
* rubygem-activesupport: File Disclosure of Locally Encrypted Files (CVE-2023-38037)
* jetty: Improper validation of HTTP/1 content-length (CVE-2023-40167)
* python-django: Potential denial of service vulnerability in `django.utils.encoding.uri_to_iri()` (CVE-2023-41164)
* python-django: Denial-of-service possibility in django.utils.text.Truncator (CVE-2023-43665)
* python-aiohttp: Numerous issues in HTTP parser with header parsing (CVE-2023-47627)
* python-aiohttp: HTTP request modification (CVE-2023-49081)
* python-aiohttp: CRLF injection if user controls the HTTP method using aiohttp client (CVE-2023-49082)
* rubygem-puma: HTTP request smuggling when parsing chunked Transfer-Encoding Bodies (CVE-2024-21647)
* rubygem-audited: Race condition can lead to audit logs being incorrectly attributed to the wrong user (CVE-2024-22047)
* python-jinja2: HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-22195)
* python-aiohttp: Follow_symlinks directory traversal vulnerability (CVE-2024-23334)
* python-aiohttp: HTTP request smuggling (CVE-2024-23829)

Additional Changes:
This update also fixes several bugs and adds various enhancements.

Documentation for these changes is available from the Release Notes document linked to in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?3f168577

https://access.redhat.com/security/updates/classification/#important

https://bugzilla.redhat.com/show_bug.cgi?id=2253673

https://bugzilla.redhat.com/show_bug.cgi?id=2254074

https://bugzilla.redhat.com/show_bug.cgi?id=2254178

https://bugzilla.redhat.com/show_bug.cgi?id=2254230

https://bugzilla.redhat.com/show_bug.cgi?id=2254383

https://bugzilla.redhat.com/show_bug.cgi?id=2254408

https://bugzilla.redhat.com/show_bug.cgi?id=2254491

https://bugzilla.redhat.com/show_bug.cgi?id=2254492

https://bugzilla.redhat.com/show_bug.cgi?id=2254612

https://bugzilla.redhat.com/show_bug.cgi?id=2254690

https://bugzilla.redhat.com/show_bug.cgi?id=2254694

https://bugzilla.redhat.com/show_bug.cgi?id=1393613

https://bugzilla.redhat.com/show_bug.cgi?id=1792187

https://bugzilla.redhat.com/show_bug.cgi?id=1884395

https://bugzilla.redhat.com/show_bug.cgi?id=1937203

https://bugzilla.redhat.com/show_bug.cgi?id=1943306

https://bugzilla.redhat.com/show_bug.cgi?id=1964539

https://bugzilla.redhat.com/show_bug.cgi?id=1967073

https://bugzilla.redhat.com/show_bug.cgi?id=1976178

https://bugzilla.redhat.com/show_bug.cgi?id=1976213

https://bugzilla.redhat.com/show_bug.cgi?id=1992495

https://bugzilla.redhat.com/show_bug.cgi?id=1993917

https://bugzilla.redhat.com/show_bug.cgi?id=1994654

https://bugzilla.redhat.com/show_bug.cgi?id=2015344

https://bugzilla.redhat.com/show_bug.cgi?id=2026701

https://bugzilla.redhat.com/show_bug.cgi?id=2044527

https://bugzilla.redhat.com/show_bug.cgi?id=2048805

https://bugzilla.redhat.com/show_bug.cgi?id=2053416

https://bugzilla.redhat.com/show_bug.cgi?id=2063218

https://bugzilla.redhat.com/show_bug.cgi?id=2063717

https://bugzilla.redhat.com/show_bug.cgi?id=2068263

https://bugzilla.redhat.com/show_bug.cgi?id=2068527

https://bugzilla.redhat.com/show_bug.cgi?id=2070487

https://bugzilla.redhat.com/show_bug.cgi?id=2071097

https://bugzilla.redhat.com/show_bug.cgi?id=2254712

https://bugzilla.redhat.com/show_bug.cgi?id=2254827

https://bugzilla.redhat.com/show_bug.cgi?id=2255026

https://bugzilla.redhat.com/show_bug.cgi?id=2255329

https://bugzilla.redhat.com/show_bug.cgi?id=2255344

https://bugzilla.redhat.com/show_bug.cgi?id=2255346

https://bugzilla.redhat.com/show_bug.cgi?id=2255385

https://bugzilla.redhat.com/show_bug.cgi?id=2255421

https://bugzilla.redhat.com/show_bug.cgi?id=2255424

https://bugzilla.redhat.com/show_bug.cgi?id=2255426

https://bugzilla.redhat.com/show_bug.cgi?id=2255546

https://bugzilla.redhat.com/show_bug.cgi?id=2255658

https://bugzilla.redhat.com/show_bug.cgi?id=2255900

https://bugzilla.redhat.com/show_bug.cgi?id=2255949

https://bugzilla.redhat.com/show_bug.cgi?id=2255969

https://bugzilla.redhat.com/show_bug.cgi?id=2256024

https://bugzilla.redhat.com/show_bug.cgi?id=2256136

https://bugzilla.redhat.com/show_bug.cgi?id=2256154

https://bugzilla.redhat.com/show_bug.cgi?id=2256218

https://bugzilla.redhat.com/show_bug.cgi?id=2256411

https://bugzilla.redhat.com/show_bug.cgi?id=2256452

https://bugzilla.redhat.com/show_bug.cgi?id=2256473

https://bugzilla.redhat.com/show_bug.cgi?id=2256604

https://bugzilla.redhat.com/show_bug.cgi?id=2256683

https://bugzilla.redhat.com/show_bug.cgi?id=2256891

https://bugzilla.redhat.com/show_bug.cgi?id=2256927

https://bugzilla.redhat.com/show_bug.cgi?id=2257028

https://bugzilla.redhat.com/show_bug.cgi?id=2257340

https://bugzilla.redhat.com/show_bug.cgi?id=2257854

https://bugzilla.redhat.com/show_bug.cgi?id=2257957

https://bugzilla.redhat.com/show_bug.cgi?id=2258016

https://bugzilla.redhat.com/show_bug.cgi?id=2258109

https://bugzilla.redhat.com/show_bug.cgi?id=2258876

https://bugzilla.redhat.com/show_bug.cgi?id=2259163

https://bugzilla.redhat.com/show_bug.cgi?id=2261887

https://bugzilla.redhat.com/show_bug.cgi?id=2261909

https://bugzilla.redhat.com/show_bug.cgi?id=2263243

https://bugzilla.redhat.com/show_bug.cgi?id=2263815

https://bugzilla.redhat.com/show_bug.cgi?id=2264342

https://bugzilla.redhat.com/show_bug.cgi?id=2267949

https://bugzilla.redhat.com/show_bug.cgi?id=2269363

https://bugzilla.redhat.com/show_bug.cgi?id=2270295

https://access.redhat.com/errata/RHSA-2024:2010

https://bugzilla.redhat.com/show_bug.cgi?id=2081244

https://bugzilla.redhat.com/show_bug.cgi?id=2087537

https://bugzilla.redhat.com/show_bug.cgi?id=2091900

https://bugzilla.redhat.com/show_bug.cgi?id=2096930

https://bugzilla.redhat.com/show_bug.cgi?id=2097084

https://bugzilla.redhat.com/show_bug.cgi?id=2103757

https://bugzilla.redhat.com/show_bug.cgi?id=2104582

https://bugzilla.redhat.com/show_bug.cgi?id=2106256

https://bugzilla.redhat.com/show_bug.cgi?id=2108725

https://bugzilla.redhat.com/show_bug.cgi?id=2109740

https://bugzilla.redhat.com/show_bug.cgi?id=2121957

https://bugzilla.redhat.com/show_bug.cgi?id=2124275

https://bugzilla.redhat.com/show_bug.cgi?id=2125367

https://bugzilla.redhat.com/show_bug.cgi?id=2125728

https://bugzilla.redhat.com/show_bug.cgi?id=2125809

https://bugzilla.redhat.com/show_bug.cgi?id=2126357

https://bugzilla.redhat.com/show_bug.cgi?id=2126420

https://bugzilla.redhat.com/show_bug.cgi?id=2129296

https://bugzilla.redhat.com/show_bug.cgi?id=2131798

https://bugzilla.redhat.com/show_bug.cgi?id=2138905

https://bugzilla.redhat.com/show_bug.cgi?id=2139834

https://bugzilla.redhat.com/show_bug.cgi?id=2141421

https://bugzilla.redhat.com/show_bug.cgi?id=2143980

https://bugzilla.redhat.com/show_bug.cgi?id=2144615

https://bugzilla.redhat.com/show_bug.cgi?id=2148439

https://bugzilla.redhat.com/show_bug.cgi?id=2148534

https://bugzilla.redhat.com/show_bug.cgi?id=2149288

https://bugzilla.redhat.com/show_bug.cgi?id=2152709

https://bugzilla.redhat.com/show_bug.cgi?id=2153523

https://bugzilla.redhat.com/show_bug.cgi?id=2153548

https://bugzilla.redhat.com/show_bug.cgi?id=2155083

https://bugzilla.redhat.com/show_bug.cgi?id=2155218

https://bugzilla.redhat.com/show_bug.cgi?id=2155444

https://bugzilla.redhat.com/show_bug.cgi?id=2158524

https://bugzilla.redhat.com/show_bug.cgi?id=2158959

https://bugzilla.redhat.com/show_bug.cgi?id=2159706

https://bugzilla.redhat.com/show_bug.cgi?id=2160160

https://bugzilla.redhat.com/show_bug.cgi?id=2162637

https://bugzilla.redhat.com/show_bug.cgi?id=2162882

https://bugzilla.redhat.com/show_bug.cgi?id=2164844

https://bugzilla.redhat.com/show_bug.cgi?id=2164856

https://bugzilla.redhat.com/show_bug.cgi?id=2164997

https://bugzilla.redhat.com/show_bug.cgi?id=2165012

https://bugzilla.redhat.com/show_bug.cgi?id=2165092

https://bugzilla.redhat.com/show_bug.cgi?id=2166428

https://bugzilla.redhat.com/show_bug.cgi?id=2167493

https://bugzilla.redhat.com/show_bug.cgi?id=2168013

https://bugzilla.redhat.com/show_bug.cgi?id=2168152

https://bugzilla.redhat.com/show_bug.cgi?id=2168173

https://bugzilla.redhat.com/show_bug.cgi?id=2168202

https://bugzilla.redhat.com/show_bug.cgi?id=2168503

https://bugzilla.redhat.com/show_bug.cgi?id=2168728

https://bugzilla.redhat.com/show_bug.cgi?id=2168866

https://bugzilla.redhat.com/show_bug.cgi?id=2170016

https://bugzilla.redhat.com/show_bug.cgi?id=2170448

https://bugzilla.redhat.com/show_bug.cgi?id=2170727

https://bugzilla.redhat.com/show_bug.cgi?id=2172083

https://bugzilla.redhat.com/show_bug.cgi?id=2172094

https://bugzilla.redhat.com/show_bug.cgi?id=2172379

https://bugzilla.redhat.com/show_bug.cgi?id=2172384

https://bugzilla.redhat.com/show_bug.cgi?id=2172393

https://bugzilla.redhat.com/show_bug.cgi?id=2172394

https://bugzilla.redhat.com/show_bug.cgi?id=2172756

https://bugzilla.redhat.com/show_bug.cgi?id=2173870

https://bugzilla.redhat.com/show_bug.cgi?id=2175132

https://bugzilla.redhat.com/show_bug.cgi?id=2179974

https://bugzilla.redhat.com/show_bug.cgi?id=2180568

https://bugzilla.redhat.com/show_bug.cgi?id=2180761

https://bugzilla.redhat.com/show_bug.cgi?id=2181595

https://bugzilla.redhat.com/show_bug.cgi?id=2181991

https://bugzilla.redhat.com/show_bug.cgi?id=2184151

https://bugzilla.redhat.com/show_bug.cgi?id=2188287

https://bugzilla.redhat.com/show_bug.cgi?id=2189318

https://bugzilla.redhat.com/show_bug.cgi?id=2189687

https://bugzilla.redhat.com/show_bug.cgi?id=2192939

https://bugzilla.redhat.com/show_bug.cgi?id=2193010

https://bugzilla.redhat.com/show_bug.cgi?id=2203077

https://bugzilla.redhat.com/show_bug.cgi?id=2208310

https://bugzilla.redhat.com/show_bug.cgi?id=2208557

https://bugzilla.redhat.com/show_bug.cgi?id=2208588

https://bugzilla.redhat.com/show_bug.cgi?id=2209968

https://bugzilla.redhat.com/show_bug.cgi?id=2212499

https://bugzilla.redhat.com/show_bug.cgi?id=2213163

https://bugzilla.redhat.com/show_bug.cgi?id=2214285

https://bugzilla.redhat.com/show_bug.cgi?id=2214331

https://bugzilla.redhat.com/show_bug.cgi?id=2215050

https://bugzilla.redhat.com/show_bug.cgi?id=2215310

https://bugzilla.redhat.com/show_bug.cgi?id=2216006

https://bugzilla.redhat.com/show_bug.cgi?id=2216017

https://bugzilla.redhat.com/show_bug.cgi?id=2216158

https://bugzilla.redhat.com/show_bug.cgi?id=2216533

https://bugzilla.redhat.com/show_bug.cgi?id=2217397

https://bugzilla.redhat.com/show_bug.cgi?id=2218179

https://bugzilla.redhat.com/show_bug.cgi?id=2218278

https://bugzilla.redhat.com/show_bug.cgi?id=2218821

https://bugzilla.redhat.com/show_bug.cgi?id=2221673

https://bugzilla.redhat.com/show_bug.cgi?id=2222725

https://bugzilla.redhat.com/show_bug.cgi?id=2222816

https://bugzilla.redhat.com/show_bug.cgi?id=2222968

https://bugzilla.redhat.com/show_bug.cgi?id=2223567

https://bugzilla.redhat.com/show_bug.cgi?id=2224122

https://bugzilla.redhat.com/show_bug.cgi?id=2224170

https://bugzilla.redhat.com/show_bug.cgi?id=2224185

https://bugzilla.redhat.com/show_bug.cgi?id=2224719

https://bugzilla.redhat.com/show_bug.cgi?id=2225534

https://bugzilla.redhat.com/show_bug.cgi?id=2226714

https://bugzilla.redhat.com/show_bug.cgi?id=2227753

https://bugzilla.redhat.com/show_bug.cgi?id=2229095

https://bugzilla.redhat.com/show_bug.cgi?id=2229810

https://bugzilla.redhat.com/show_bug.cgi?id=2230237

https://bugzilla.redhat.com/show_bug.cgi?id=2230459

https://bugzilla.redhat.com/show_bug.cgi?id=2231814

https://bugzilla.redhat.com/show_bug.cgi?id=2232500

https://bugzilla.redhat.com/show_bug.cgi?id=2232625

https://bugzilla.redhat.com/show_bug.cgi?id=2233162

https://bugzilla.redhat.com/show_bug.cgi?id=2233490

https://bugzilla.redhat.com/show_bug.cgi?id=2234387

https://bugzilla.redhat.com/show_bug.cgi?id=2234467

https://bugzilla.redhat.com/show_bug.cgi?id=2236261

https://bugzilla.redhat.com/show_bug.cgi?id=2236418

https://bugzilla.redhat.com/show_bug.cgi?id=2236502

https://bugzilla.redhat.com/show_bug.cgi?id=2236693

https://bugzilla.redhat.com/show_bug.cgi?id=2236806

https://bugzilla.redhat.com/show_bug.cgi?id=2237258

https://bugzilla.redhat.com/show_bug.cgi?id=2238325

https://bugzilla.redhat.com/show_bug.cgi?id=2238906

https://bugzilla.redhat.com/show_bug.cgi?id=2238952

https://bugzilla.redhat.com/show_bug.cgi?id=2239549

https://bugzilla.redhat.com/show_bug.cgi?id=2239630

https://bugzilla.redhat.com/show_bug.cgi?id=2239634

https://bugzilla.redhat.com/show_bug.cgi?id=2239767

https://bugzilla.redhat.com/show_bug.cgi?id=2240243

https://bugzilla.redhat.com/show_bug.cgi?id=2240956

https://bugzilla.redhat.com/show_bug.cgi?id=2241017

https://bugzilla.redhat.com/show_bug.cgi?id=2241046

https://bugzilla.redhat.com/show_bug.cgi?id=2241934

https://bugzilla.redhat.com/show_bug.cgi?id=2242214

https://bugzilla.redhat.com/show_bug.cgi?id=2242515

https://bugzilla.redhat.com/show_bug.cgi?id=2242812

https://bugzilla.redhat.com/show_bug.cgi?id=2243256

https://bugzilla.redhat.com/show_bug.cgi?id=2243344

https://bugzilla.redhat.com/show_bug.cgi?id=2243679

https://bugzilla.redhat.com/show_bug.cgi?id=2244122

https://bugzilla.redhat.com/show_bug.cgi?id=2244370

https://bugzilla.redhat.com/show_bug.cgi?id=2244629

https://bugzilla.redhat.com/show_bug.cgi?id=2244811

https://bugzilla.redhat.com/show_bug.cgi?id=2245050

https://bugzilla.redhat.com/show_bug.cgi?id=2245081

https://bugzilla.redhat.com/show_bug.cgi?id=2245455

https://bugzilla.redhat.com/show_bug.cgi?id=2246121

https://bugzilla.redhat.com/show_bug.cgi?id=2246546

https://bugzilla.redhat.com/show_bug.cgi?id=2247081

https://bugzilla.redhat.com/show_bug.cgi?id=2248864

https://bugzilla.redhat.com/show_bug.cgi?id=2248865

https://bugzilla.redhat.com/show_bug.cgi?id=2249540

https://bugzilla.redhat.com/show_bug.cgi?id=2249736

https://bugzilla.redhat.com/show_bug.cgi?id=2249825

https://bugzilla.redhat.com/show_bug.cgi?id=2249847

https://bugzilla.redhat.com/show_bug.cgi?id=2249904

https://bugzilla.redhat.com/show_bug.cgi?id=2249913

https://bugzilla.redhat.com/show_bug.cgi?id=2249970

https://bugzilla.redhat.com/show_bug.cgi?id=2250397

https://bugzilla.redhat.com/show_bug.cgi?id=2251014

https://bugzilla.redhat.com/show_bug.cgi?id=2251019

https://bugzilla.redhat.com/show_bug.cgi?id=2251200

https://bugzilla.redhat.com/show_bug.cgi?id=2251643

https://bugzilla.redhat.com/show_bug.cgi?id=2252064

https://bugzilla.redhat.com/show_bug.cgi?id=2252235

https://bugzilla.redhat.com/show_bug.cgi?id=2252248

https://bugzilla.redhat.com/show_bug.cgi?id=2252450

https://bugzilla.redhat.com/show_bug.cgi?id=2252945

https://bugzilla.redhat.com/show_bug.cgi?id=2252968

https://bugzilla.redhat.com/show_bug.cgi?id=2253191

https://bugzilla.redhat.com/show_bug.cgi?id=2253212

https://bugzilla.redhat.com/show_bug.cgi?id=2253381

https://bugzilla.redhat.com/show_bug.cgi?id=2253519

https://bugzilla.redhat.com/show_bug.cgi?id=2253618

https://bugzilla.redhat.com/show_bug.cgi?id=2253621

Plugin Details

Severity: High

ID: 199805

File Name: redhat-RHSA-2024-2010.nasl

Version: 1.2

Type: local

Agent: unix

Published: 6/3/2024

Updated: 11/7/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

Vendor

Vendor Severity: Important

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2024-23334

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:foreman-service, p-cpe:/a:redhat:enterprise_linux:foreman-vmware, p-cpe:/a:redhat:enterprise_linux:python-galaxy-importer, p-cpe:/a:redhat:enterprise_linux:foreman, p-cpe:/a:redhat:enterprise_linux:python3.11-galaxy-importer, p-cpe:/a:redhat:enterprise_linux:rubygem-puma, p-cpe:/a:redhat:enterprise_linux:foreman-telemetry, p-cpe:/a:redhat:enterprise_linux:python3.11-jinja2, p-cpe:/a:redhat:enterprise_linux:python-pycryptodomex, p-cpe:/a:redhat:enterprise_linux:foreman-postgresql, p-cpe:/a:redhat:enterprise_linux:foreman-dynflow-sidekiq, p-cpe:/a:redhat:enterprise_linux:foreman-pcp, p-cpe:/a:redhat:enterprise_linux:foreman-ec2, p-cpe:/a:redhat:enterprise_linux:rubygem-activesupport, p-cpe:/a:redhat:enterprise_linux:python-pygments, p-cpe:/a:redhat:enterprise_linux:foreman-openstack, p-cpe:/a:redhat:enterprise_linux:foreman-cli, p-cpe:/a:redhat:enterprise_linux:python-jinja2, cpe:/o:redhat:enterprise_linux:8, p-cpe:/a:redhat:enterprise_linux:python3.11-aiohttp, p-cpe:/a:redhat:enterprise_linux:foreman-journald, p-cpe:/a:redhat:enterprise_linux:foreman-redis, p-cpe:/a:redhat:enterprise_linux:foreman-ovirt, p-cpe:/a:redhat:enterprise_linux:puppetserver, p-cpe:/a:redhat:enterprise_linux:rubygem-audited, p-cpe:/a:redhat:enterprise_linux:python3.11-pycryptodomex, p-cpe:/a:redhat:enterprise_linux:python-aiohttp, p-cpe:/a:redhat:enterprise_linux:python3.11-django, p-cpe:/a:redhat:enterprise_linux:python-django, p-cpe:/a:redhat:enterprise_linux:foreman-libvirt, p-cpe:/a:redhat:enterprise_linux:python3.11-pygments, p-cpe:/a:redhat:enterprise_linux:foreman-debug

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/23/2024

Vulnerability Publication Date: 7/19/2023

Reference Information

CVE: CVE-2022-40896, CVE-2023-36479, CVE-2023-37276, CVE-2023-38037, CVE-2023-40167, CVE-2023-41164, CVE-2023-4320, CVE-2023-43665, CVE-2023-47627, CVE-2023-49081, CVE-2023-49082, CVE-2023-5189, CVE-2023-52323, CVE-2024-21647, CVE-2024-22047, CVE-2024-22195, CVE-2024-23334, CVE-2024-23829

CWE: 130, 1333, 149, 20, 203, 22, 362, 377, 400, 434, 444, 613, 79, 93

RHSA: 2024:2010