RHEL 7 / 8 : Satellite 6.11 Release (Moderate) (RHSA-2022:5498)

critical Nessus Plugin ID 194275

Language:

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5498 advisory.

- libsolv: heap-based buffer overflow in testcase_read() in src/testcase.c (CVE-2021-3200)

- foreman: Authenticate remote code execution through Sendmail configuration (CVE-2021-3584)

- Satellite: Allow unintended SCA certificate to authenticate Candlepin (CVE-2021-4142)

- netty: Information disclosure via the local system temporary directory (CVE-2021-21290)

- netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295)

- netty: Request smuggling via content-length header (CVE-2021-21409)

- sidekiq: XSS via the queue name of the live-poll feature (CVE-2021-30151)

- python-sqlparse: ReDoS via regular expression in StripComments filter (CVE-2021-32839)

- libsolv: heap-based buffer overflow in pool_installable() in src/repo.h (CVE-2021-33928)

- libsolv: heap-based buffer overflow in pool_disabled_solvable() in src/repo.h (CVE-2021-33929)

- libsolv: heap-based buffer overflow in pool_installable_whatprovides() in src/repo.h (CVE-2021-33930)

- libsolv: heap-based buffer overflow in prune_to_recommended() in src/policy.c (CVE-2021-33938)

- rubygem-puma: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma (CVE-2021-41136)

- logback: remote code execution through JNDI call from within its configuration file (CVE-2021-42550)

- netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)

- python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through (CVE-2021-43818)

- django: potential bypass of an upstream access control based on URL paths (CVE-2021-44420)

- libsolv: heap-overflows in resolve_dependencies function (CVE-2021-44568)

- django: Denial-of-service possibility in UserAttributeSimilarityValidator (CVE-2021-45115)

- django: Potential information disclosure in dictsort template filter (CVE-2021-45116)

- django: Potential directory-traversal via Storage.save() (CVE-2021-45452)

- django: Possible XSS via '{% debug %}' template tag (CVE-2022-22818)

- rubygem-actionpack: information leak between requests (CVE-2022-23633)

- rubygem-puma: rubygem-rails: information leak between requests (CVE-2022-23634)

- django: Denial-of-service possibility in file uploads (CVE-2022-23833)

- sidekiq: WebUI Denial of Service caused by number of days on graph (CVE-2022-23837)

- Django: SQL injection in QuerySet.annotate(),aggregate() and extra() (CVE-2022-28346)

- Django: SQL injection via QuerySet.explain(options) on PostgreSQL (CVE-2022-28347)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Plugin Details

Severity: Critical

ID: 194275

File Name: redhat-RHSA-2022-5498.nasl

Version: 1.0

Type: local

Agent: unix

Family: Red Hat Local Security Checks

Published: 4/28/2024

Updated: 4/28/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2021-3584

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2022-28347

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux:7, cpe:/o:redhat:enterprise_linux:8, p-cpe:/a:redhat:enterprise_linux:candlepin, p-cpe:/a:redhat:enterprise_linux:foreman, p-cpe:/a:redhat:enterprise_linux:libsolv, p-cpe:/a:redhat:enterprise_linux:python-django, p-cpe:/a:redhat:enterprise_linux:python-lxml, p-cpe:/a:redhat:enterprise_linux:python-sqlparse, p-cpe:/a:redhat:enterprise_linux:python38-django, p-cpe:/a:redhat:enterprise_linux:rubygem-actionpack, p-cpe:/a:redhat:enterprise_linux:rubygem-puma, p-cpe:/a:redhat:enterprise_linux:rubygem-sidekiq, p-cpe:/a:redhat:enterprise_linux:satellite, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-actionpack, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-puma, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sidekiq

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/5/2022

Vulnerability Publication Date: 2/8/2021

Reference Information

CVE: CVE-2021-21290, CVE-2021-21295, CVE-2021-21409, CVE-2021-30151, CVE-2021-3200, CVE-2021-32839, CVE-2021-33928, CVE-2021-33929, CVE-2021-33930, CVE-2021-33938, CVE-2021-3584, CVE-2021-41136, CVE-2021-4142, CVE-2021-42550, CVE-2021-43797, CVE-2021-43818, CVE-2021-44420, CVE-2021-44568, CVE-2021-45115, CVE-2021-45116, CVE-2021-45452, CVE-2022-22818, CVE-2022-23633, CVE-2022-23634, CVE-2022-23833, CVE-2022-23837, CVE-2022-28346, CVE-2022-28347

CWE: 119, 125, 200, 212, 22, 287, 290, 359, 400, 444, 502, 770, 78, 79, 835, 89

RHSA: 2022:5498

Detections

Analytics