Rocky Linux 8 : Satellite 6.14 (RLSA-2023:6818)

critical Nessus Plugin ID 185473

Synopsis

The remote Rocky Linux host is missing one or more security updates.

Description

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:6818 advisory.

- A flaw was found in all versions of kubeclient up to (but not including) v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not configure custom CA to verify certs, kubeclient ends up accepting any certificate (it wrongly returns VERIFY_NONE).
Ruby applications that leverage kubeclient to parse kubeconfig files are susceptible to Man-in-the-middle attacks (MITM). (CVE-2022-0759)

- The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.
Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n).
Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). (CVE-2022-1292)

- In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)

- The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only. (CVE-2022-3644)

- A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system.
(CVE-2022-3874)

- An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server. (CVE-2022-40899)

- A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server. (CVE-2022-4130)

- An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection. (CVE-2022-41717)

- A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Denial of Service. (CVE-2022-44566)

- A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted. (CVE-2022-44570)

- There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content- Disposition header parsing in Rackto take an unexpected amount of time, possibly resulting in a denial ofservice attack vector. This header is used typically used in multipartparsing. Any applications that parse multipart posts using Rack (virtuallyall Rails applications) are impacted. (CVE-2022-44571)

- A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted. (CVE-2022-44572)

- ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-47318. (CVE-2022-46648)

- ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648. (CVE-2022-47318)

- An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system. (CVE-2023-0118)

- A stored Cross-site scripting vulnerability was found in foreman. The Comment section in the Hosts tab has incorrect filtering of user input data. As a result of the attack, an attacker with an existing account on the system can steal another user's session, make requests on behalf of the user, and obtain user credentials. (CVE-2023-0119)

- A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations. (CVE-2023-1894)

- A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1.
Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. (CVE-2023-22792)

- A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments.
If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment. (CVE-2023-22794)

- A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If- None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. (CVE-2023-22795)

- A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability. (CVE-2023-22796)

- A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately.
(CVE-2023-22799)

- A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected. (CVE-2023-27530)

- The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value. (CVE-2023-29406)

- sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users are advised to upgrade. There are no known workarounds for this issue. (CVE-2023-30608)

- In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's Uploading multiple files documentation suggested otherwise. (CVE-2023-31047)

- Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.
(CVE-2023-32681)

- In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs. (CVE-2023-36053)

- A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function. (CVE-2023-39325)

- GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439. (CVE-2023-40267)

- The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. (CVE-2023-44487)

- The Ruby on Rails advisory describes this vulnerability as follows: (CVE-2023-27539)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://errata.rockylinux.org/RLSA-2023:6818

https://bugzilla.redhat.com/show_bug.cgi?id=1265120

https://bugzilla.redhat.com/show_bug.cgi?id=1726504

https://bugzilla.redhat.com/show_bug.cgi?id=1735722

https://bugzilla.redhat.com/show_bug.cgi?id=1813953

https://bugzilla.redhat.com/show_bug.cgi?id=1859112

https://bugzilla.redhat.com/show_bug.cgi?id=1872414

https://bugzilla.redhat.com/show_bug.cgi?id=1885552

https://bugzilla.redhat.com/show_bug.cgi?id=1904201

https://bugzilla.redhat.com/show_bug.cgi?id=1922972

https://bugzilla.redhat.com/show_bug.cgi?id=1925532

https://bugzilla.redhat.com/show_bug.cgi?id=1944710

https://bugzilla.redhat.com/show_bug.cgi?id=1947095

https://bugzilla.redhat.com/show_bug.cgi?id=1949960

https://bugzilla.redhat.com/show_bug.cgi?id=1950836

https://bugzilla.redhat.com/show_bug.cgi?id=1955046

https://bugzilla.redhat.com/show_bug.cgi?id=1967030

https://bugzilla.redhat.com/show_bug.cgi?id=1972308

https://bugzilla.redhat.com/show_bug.cgi?id=1980277

https://bugzilla.redhat.com/show_bug.cgi?id=1992283

https://bugzilla.redhat.com/show_bug.cgi?id=1995783

https://bugzilla.redhat.com/show_bug.cgi?id=2000215

https://bugzilla.redhat.com/show_bug.cgi?id=2002202

https://bugzilla.redhat.com/show_bug.cgi?id=2009069

https://bugzilla.redhat.com/show_bug.cgi?id=2013759

https://bugzilla.redhat.com/show_bug.cgi?id=2043089

https://bugzilla.redhat.com/show_bug.cgi?id=2044537

https://bugzilla.redhat.com/show_bug.cgi?id=2053421

https://bugzilla.redhat.com/show_bug.cgi?id=2055790

https://bugzilla.redhat.com/show_bug.cgi?id=2058404

https://bugzilla.redhat.com/show_bug.cgi?id=2060613

https://bugzilla.redhat.com/show_bug.cgi?id=2069324

https://bugzilla.redhat.com/show_bug.cgi?id=2069666

https://bugzilla.redhat.com/show_bug.cgi?id=2073535

https://bugzilla.redhat.com/show_bug.cgi?id=2077081

https://bugzilla.redhat.com/show_bug.cgi?id=2077633

https://bugzilla.redhat.com/show_bug.cgi?id=2080386

https://bugzilla.redhat.com/show_bug.cgi?id=2081494

https://bugzilla.redhat.com/show_bug.cgi?id=2081777

https://bugzilla.redhat.com/show_bug.cgi?id=2082001

https://bugzilla.redhat.com/show_bug.cgi?id=2088559

https://bugzilla.redhat.com/show_bug.cgi?id=2090620

https://bugzilla.redhat.com/show_bug.cgi?id=2094301

https://bugzilla.redhat.com/show_bug.cgi?id=2096942

https://bugzilla.redhat.com/show_bug.cgi?id=2097310

https://bugzilla.redhat.com/show_bug.cgi?id=2103424

https://bugzilla.redhat.com/show_bug.cgi?id=2105676

https://bugzilla.redhat.com/show_bug.cgi?id=2106473

https://bugzilla.redhat.com/show_bug.cgi?id=2116369

https://bugzilla.redhat.com/show_bug.cgi?id=2117760

https://bugzilla.redhat.com/show_bug.cgi?id=2122872

https://bugzilla.redhat.com/show_bug.cgi?id=2123306

https://bugzilla.redhat.com/show_bug.cgi?id=2124658

https://bugzilla.redhat.com/show_bug.cgi?id=2125366

https://bugzilla.redhat.com/show_bug.cgi?id=2127134

https://bugzilla.redhat.com/show_bug.cgi?id=2129432

https://bugzilla.redhat.com/show_bug.cgi?id=2130173

https://bugzilla.redhat.com/show_bug.cgi?id=2130871

https://bugzilla.redhat.com/show_bug.cgi?id=2131990

https://bugzilla.redhat.com/show_bug.cgi?id=2134436

https://bugzilla.redhat.com/show_bug.cgi?id=2135215

https://bugzilla.redhat.com/show_bug.cgi?id=2135498

https://bugzilla.redhat.com/show_bug.cgi?id=2135722

https://bugzilla.redhat.com/show_bug.cgi?id=2138172

https://bugzilla.redhat.com/show_bug.cgi?id=2140577

https://bugzilla.redhat.com/show_bug.cgi?id=2140636

https://bugzilla.redhat.com/show_bug.cgi?id=2143051

https://bugzilla.redhat.com/show_bug.cgi?id=2143290

https://bugzilla.redhat.com/show_bug.cgi?id=2145254

https://bugzilla.redhat.com/show_bug.cgi?id=2152951

https://bugzilla.redhat.com/show_bug.cgi?id=2154917

https://bugzilla.redhat.com/show_bug.cgi?id=2156522

https://bugzilla.redhat.com/show_bug.cgi?id=2158510

https://bugzilla.redhat.com/show_bug.cgi?id=2158526

https://bugzilla.redhat.com/show_bug.cgi?id=2158702

https://bugzilla.redhat.com/show_bug.cgi?id=2158780

https://bugzilla.redhat.com/show_bug.cgi?id=2159104

https://bugzilla.redhat.com/show_bug.cgi?id=2159105

https://bugzilla.redhat.com/show_bug.cgi?id=2159291

https://bugzilla.redhat.com/show_bug.cgi?id=2159672

https://bugzilla.redhat.com/show_bug.cgi?id=2159839

https://bugzilla.redhat.com/show_bug.cgi?id=2161209

https://bugzilla.redhat.com/show_bug.cgi?id=2161274

https://bugzilla.redhat.com/show_bug.cgi?id=2161993

https://bugzilla.redhat.com/show_bug.cgi?id=2164359

https://bugzilla.redhat.com/show_bug.cgi?id=2164400

https://bugzilla.redhat.com/show_bug.cgi?id=2164714

https://bugzilla.redhat.com/show_bug.cgi?id=2164719

https://bugzilla.redhat.com/show_bug.cgi?id=2164722

https://bugzilla.redhat.com/show_bug.cgi?id=2164730

https://bugzilla.redhat.com/show_bug.cgi?id=2164736

https://bugzilla.redhat.com/show_bug.cgi?id=2164785

https://bugzilla.redhat.com/show_bug.cgi?id=2164789

https://bugzilla.redhat.com/show_bug.cgi?id=2164799

https://bugzilla.redhat.com/show_bug.cgi?id=2164800

https://bugzilla.redhat.com/show_bug.cgi?id=2165107

https://bugzilla.redhat.com/show_bug.cgi?id=2165866

https://bugzilla.redhat.com/show_bug.cgi?id=2165906

https://bugzilla.redhat.com/show_bug.cgi?id=2166404

https://bugzilla.redhat.com/show_bug.cgi?id=2166435

https://bugzilla.redhat.com/show_bug.cgi?id=2166466

https://bugzilla.redhat.com/show_bug.cgi?id=2166640

https://bugzilla.redhat.com/show_bug.cgi?id=2167097

https://bugzilla.redhat.com/show_bug.cgi?id=2167146

https://bugzilla.redhat.com/show_bug.cgi?id=2167371

https://bugzilla.redhat.com/show_bug.cgi?id=2167396

https://bugzilla.redhat.com/show_bug.cgi?id=2168414

https://bugzilla.redhat.com/show_bug.cgi?id=2169322

https://bugzilla.redhat.com/show_bug.cgi?id=2169385

https://bugzilla.redhat.com/show_bug.cgi?id=2169682

https://bugzilla.redhat.com/show_bug.cgi?id=2169847

https://bugzilla.redhat.com/show_bug.cgi?id=2170125

https://bugzilla.redhat.com/show_bug.cgi?id=2170127

https://bugzilla.redhat.com/show_bug.cgi?id=2170485

https://bugzilla.redhat.com/show_bug.cgi?id=2170535

https://bugzilla.redhat.com/show_bug.cgi?id=2170917

https://bugzilla.redhat.com/show_bug.cgi?id=2171180

https://bugzilla.redhat.com/show_bug.cgi?id=2172355

https://bugzilla.redhat.com/show_bug.cgi?id=2172564

https://bugzilla.redhat.com/show_bug.cgi?id=2173159

https://bugzilla.redhat.com/show_bug.cgi?id=2173199

https://bugzilla.redhat.com/show_bug.cgi?id=2173535

https://bugzilla.redhat.com/show_bug.cgi?id=2173671

https://bugzilla.redhat.com/show_bug.cgi?id=2173692

https://bugzilla.redhat.com/show_bug.cgi?id=2173757

https://bugzilla.redhat.com/show_bug.cgi?id=2174367

https://bugzilla.redhat.com/show_bug.cgi?id=2174912

https://bugzilla.redhat.com/show_bug.cgi?id=2176214

https://bugzilla.redhat.com/show_bug.cgi?id=2176368

https://bugzilla.redhat.com/show_bug.cgi?id=2176477

https://bugzilla.redhat.com/show_bug.cgi?id=2176870

https://bugzilla.redhat.com/show_bug.cgi?id=2178133

https://bugzilla.redhat.com/show_bug.cgi?id=2178176

https://bugzilla.redhat.com/show_bug.cgi?id=2178307

https://bugzilla.redhat.com/show_bug.cgi?id=2178645

https://bugzilla.redhat.com/show_bug.cgi?id=2178734

https://bugzilla.redhat.com/show_bug.cgi?id=2178775

https://bugzilla.redhat.com/show_bug.cgi?id=2179574

https://bugzilla.redhat.com/show_bug.cgi?id=2179649

https://bugzilla.redhat.com/show_bug.cgi?id=2179721

https://bugzilla.redhat.com/show_bug.cgi?id=2179725

https://bugzilla.redhat.com/show_bug.cgi?id=2180490

https://bugzilla.redhat.com/show_bug.cgi?id=2180760

https://bugzilla.redhat.com/show_bug.cgi?id=2180865

https://bugzilla.redhat.com/show_bug.cgi?id=2180954

https://bugzilla.redhat.com/show_bug.cgi?id=2181226

https://bugzilla.redhat.com/show_bug.cgi?id=2181254

https://bugzilla.redhat.com/show_bug.cgi?id=2181602

https://bugzilla.redhat.com/show_bug.cgi?id=2182353

https://bugzilla.redhat.com/show_bug.cgi?id=2183172

https://bugzilla.redhat.com/show_bug.cgi?id=2183357

https://bugzilla.redhat.com/show_bug.cgi?id=2184278

https://bugzilla.redhat.com/show_bug.cgi?id=2186713

https://bugzilla.redhat.com/show_bug.cgi?id=2186765

https://bugzilla.redhat.com/show_bug.cgi?id=2187599

https://bugzilla.redhat.com/show_bug.cgi?id=2187613

https://bugzilla.redhat.com/show_bug.cgi?id=2187903

https://bugzilla.redhat.com/show_bug.cgi?id=2187967

https://bugzilla.redhat.com/show_bug.cgi?id=2188504

https://bugzilla.redhat.com/show_bug.cgi?id=2188721

https://bugzilla.redhat.com/show_bug.cgi?id=2192565

https://bugzilla.redhat.com/show_bug.cgi?id=2192583

https://bugzilla.redhat.com/show_bug.cgi?id=2192841

https://bugzilla.redhat.com/show_bug.cgi?id=2193088

https://bugzilla.redhat.com/show_bug.cgi?id=2193451

https://bugzilla.redhat.com/show_bug.cgi?id=2196076

https://bugzilla.redhat.com/show_bug.cgi?id=2196085

https://bugzilla.redhat.com/show_bug.cgi?id=2196436

https://bugzilla.redhat.com/show_bug.cgi?id=2196540

https://bugzilla.redhat.com/show_bug.cgi?id=2196775

https://bugzilla.redhat.com/show_bug.cgi?id=2203093

https://bugzilla.redhat.com/show_bug.cgi?id=2203183

https://bugzilla.redhat.com/show_bug.cgi?id=2207782

https://bugzilla.redhat.com/show_bug.cgi?id=2208161

https://bugzilla.redhat.com/show_bug.cgi?id=2208535

https://bugzilla.redhat.com/show_bug.cgi?id=2209037

https://bugzilla.redhat.com/show_bug.cgi?id=2209469

https://bugzilla.redhat.com/show_bug.cgi?id=2209938

https://bugzilla.redhat.com/show_bug.cgi?id=2210284

https://bugzilla.redhat.com/show_bug.cgi?id=2210297

https://bugzilla.redhat.com/show_bug.cgi?id=2211210

https://bugzilla.redhat.com/show_bug.cgi?id=2211394

https://bugzilla.redhat.com/show_bug.cgi?id=2211437

https://bugzilla.redhat.com/show_bug.cgi?id=2211484

https://bugzilla.redhat.com/show_bug.cgi?id=2211502

https://bugzilla.redhat.com/show_bug.cgi?id=2211711

https://bugzilla.redhat.com/show_bug.cgi?id=2211966

https://bugzilla.redhat.com/show_bug.cgi?id=2212148

https://bugzilla.redhat.com/show_bug.cgi?id=2212523

https://bugzilla.redhat.com/show_bug.cgi?id=2212630

https://bugzilla.redhat.com/show_bug.cgi?id=2212740

https://bugzilla.redhat.com/show_bug.cgi?id=2212756

https://bugzilla.redhat.com/show_bug.cgi?id=2212812

https://bugzilla.redhat.com/show_bug.cgi?id=2212996

https://bugzilla.redhat.com/show_bug.cgi?id=2213088

https://bugzilla.redhat.com/show_bug.cgi?id=2213128

https://bugzilla.redhat.com/show_bug.cgi?id=2213190

https://bugzilla.redhat.com/show_bug.cgi?id=2213246

https://bugzilla.redhat.com/show_bug.cgi?id=2213281

https://bugzilla.redhat.com/show_bug.cgi?id=2213486

https://bugzilla.redhat.com/show_bug.cgi?id=2213515

https://bugzilla.redhat.com/show_bug.cgi?id=2213579

https://bugzilla.redhat.com/show_bug.cgi?id=2213582

https://bugzilla.redhat.com/show_bug.cgi?id=2213768

https://bugzilla.redhat.com/show_bug.cgi?id=2213777

https://bugzilla.redhat.com/show_bug.cgi?id=2213804

https://bugzilla.redhat.com/show_bug.cgi?id=2214261

https://bugzilla.redhat.com/show_bug.cgi?id=2214272

https://bugzilla.redhat.com/show_bug.cgi?id=2214274

https://bugzilla.redhat.com/show_bug.cgi?id=2214290

https://bugzilla.redhat.com/show_bug.cgi?id=2214578

https://bugzilla.redhat.com/show_bug.cgi?id=2215081

https://bugzilla.redhat.com/show_bug.cgi?id=2215093

https://bugzilla.redhat.com/show_bug.cgi?id=2215238

https://bugzilla.redhat.com/show_bug.cgi?id=2215294

https://bugzilla.redhat.com/show_bug.cgi?id=2215426

https://bugzilla.redhat.com/show_bug.cgi?id=2215954

https://bugzilla.redhat.com/show_bug.cgi?id=2215986

https://bugzilla.redhat.com/show_bug.cgi?id=2216194

https://bugzilla.redhat.com/show_bug.cgi?id=2216461

https://bugzilla.redhat.com/show_bug.cgi?id=2216564

https://bugzilla.redhat.com/show_bug.cgi?id=2216757

https://bugzilla.redhat.com/show_bug.cgi?id=2216907

https://bugzilla.redhat.com/show_bug.cgi?id=2217942

https://bugzilla.redhat.com/show_bug.cgi?id=2218004

https://bugzilla.redhat.com/show_bug.cgi?id=2218307

https://bugzilla.redhat.com/show_bug.cgi?id=2218625

https://bugzilla.redhat.com/show_bug.cgi?id=2218878

https://bugzilla.redhat.com/show_bug.cgi?id=2218930

https://bugzilla.redhat.com/show_bug.cgi?id=2218932

https://bugzilla.redhat.com/show_bug.cgi?id=2219648

https://bugzilla.redhat.com/show_bug.cgi?id=2220965

https://bugzilla.redhat.com/show_bug.cgi?id=2220969

https://bugzilla.redhat.com/show_bug.cgi?id=2220978

https://bugzilla.redhat.com/show_bug.cgi?id=2221291

https://bugzilla.redhat.com/show_bug.cgi?id=2221407

https://bugzilla.redhat.com/show_bug.cgi?id=2221621

https://bugzilla.redhat.com/show_bug.cgi?id=2221983

https://bugzilla.redhat.com/show_bug.cgi?id=2222167

https://bugzilla.redhat.com/show_bug.cgi?id=2222444

https://bugzilla.redhat.com/show_bug.cgi?id=2222446

https://bugzilla.redhat.com/show_bug.cgi?id=2222447

https://bugzilla.redhat.com/show_bug.cgi?id=2222705

https://bugzilla.redhat.com/show_bug.cgi?id=2222839

https://bugzilla.redhat.com/show_bug.cgi?id=2222890

https://bugzilla.redhat.com/show_bug.cgi?id=2222907

https://bugzilla.redhat.com/show_bug.cgi?id=2222979

https://bugzilla.redhat.com/show_bug.cgi?id=2223048

https://bugzilla.redhat.com/show_bug.cgi?id=2223050

https://bugzilla.redhat.com/show_bug.cgi?id=2223618

https://bugzilla.redhat.com/show_bug.cgi?id=2223707

https://bugzilla.redhat.com/show_bug.cgi?id=2223891

https://bugzilla.redhat.com/show_bug.cgi?id=2223996

https://bugzilla.redhat.com/show_bug.cgi?id=2224031

https://bugzilla.redhat.com/show_bug.cgi?id=2224113

https://bugzilla.redhat.com/show_bug.cgi?id=2224334

https://bugzilla.redhat.com/show_bug.cgi?id=2224494

https://bugzilla.redhat.com/show_bug.cgi?id=2224498

https://bugzilla.redhat.com/show_bug.cgi?id=2225090

https://bugzilla.redhat.com/show_bug.cgi?id=2225141

https://bugzilla.redhat.com/show_bug.cgi?id=2225333

https://bugzilla.redhat.com/show_bug.cgi?id=2225383

https://bugzilla.redhat.com/show_bug.cgi?id=2225402

https://bugzilla.redhat.com/show_bug.cgi?id=2225406

https://bugzilla.redhat.com/show_bug.cgi?id=2225409

https://bugzilla.redhat.com/show_bug.cgi?id=2226950

https://bugzilla.redhat.com/show_bug.cgi?id=2227028

https://bugzilla.redhat.com/show_bug.cgi?id=2227093

https://bugzilla.redhat.com/show_bug.cgi?id=2227271

https://bugzilla.redhat.com/show_bug.cgi?id=2227338

https://bugzilla.redhat.com/show_bug.cgi?id=2228287

https://bugzilla.redhat.com/show_bug.cgi?id=2229788

https://bugzilla.redhat.com/show_bug.cgi?id=2229897

https://bugzilla.redhat.com/show_bug.cgi?id=2230584

https://bugzilla.redhat.com/show_bug.cgi?id=2230934

https://bugzilla.redhat.com/show_bug.cgi?id=2231363

https://bugzilla.redhat.com/show_bug.cgi?id=2231474

https://bugzilla.redhat.com/show_bug.cgi?id=2232370

https://bugzilla.redhat.com/show_bug.cgi?id=2232775

https://bugzilla.redhat.com/show_bug.cgi?id=2234444

https://bugzilla.redhat.com/show_bug.cgi?id=2235231

https://bugzilla.redhat.com/show_bug.cgi?id=2236685

https://bugzilla.redhat.com/show_bug.cgi?id=2239115

https://bugzilla.redhat.com/show_bug.cgi?id=2242803

https://bugzilla.redhat.com/show_bug.cgi?id=2243296

https://bugzilla.redhat.com/show_bug.cgi?id=2245056

https://bugzilla.redhat.com/show_bug.cgi?id=2245930

Plugin Details

Severity: Critical

ID: 185473

File Name: rocky_linux_RLSA-2023-6818.nasl

Version: 1.2

Type: local

Published: 11/11/2023

Updated: 2/9/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-2068

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

CVSS Score Source: CVE-2023-40267

Vulnerability Information

CPE: p-cpe:/a:rocky:linux:libdb-debuginfo, p-cpe:/a:rocky:linux:libdb-debugsource, p-cpe:/a:rocky:linux:libdb-sql-debuginfo, p-cpe:/a:rocky:linux:libdb-sql-devel-debuginfo, p-cpe:/a:rocky:linux:libdb-utils-debuginfo, cpe:/o:rocky:linux:8, p-cpe:/a:rocky:linux:libdb-cxx, p-cpe:/a:rocky:linux:libdb-cxx-debuginfo

Required KB Items: Host/local_checks_enabled, Host/RockyLinux/release, Host/RockyLinux/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/11/2023

Vulnerability Publication Date: 3/25/2022

CISA Known Exploited Vulnerability Due Dates: 10/31/2023

Reference Information

CVE: CVE-2022-0759, CVE-2022-1292, CVE-2022-2068, CVE-2022-3644, CVE-2022-3874, CVE-2022-40899, CVE-2022-4130, CVE-2022-41717, CVE-2022-44566, CVE-2022-44570, CVE-2022-44571, CVE-2022-44572, CVE-2022-46648, CVE-2022-47318, CVE-2023-0118, CVE-2023-0119, CVE-2023-1894, CVE-2023-22792, CVE-2023-22794, CVE-2023-22795, CVE-2023-22796, CVE-2023-22799, CVE-2023-27530, CVE-2023-27539, CVE-2023-29406, CVE-2023-30608, CVE-2023-31047, CVE-2023-32681, CVE-2023-36053, CVE-2023-39325, CVE-2023-40267, CVE-2023-44487

IAVB: 2022-B-0059-S, 2023-B-0052-S, 2023-B-0080-S