The following advisory data is extracted from: https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8906.json Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. - Packet Storm Staff ==================================================================== Red Hat Security Advisory Synopsis: Critical: Satellite 6.16.0 release Advisory ID: RHSA-2024:8906-03 Product: Red Hat Satellite 6 Advisory URL: https://access.redhat.com/errata/RHSA-2024:8906 Issue date: 2024-11-06 Revision: 03 CVE Names: CVE-2024-4067 ==================================================================== Summary: A new release is now available for Red Hat Satellite 6.16 for RHEL 8 and 9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description: Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments. Security Fix(es): * mosquitto: sending specific sequences of packets may trigger memory leak (CVE-2024-8376) * micromatch: vulnerable to Regular Expression Denial of Service (CVE-2024-4067) urllib3: proxy-authorization request header is not stripped during cross-origin redirects (CVE-2024-37891) * node-tar: denial of service while parsing a tar file due to lack of folders depth validation (CVE-2024-28863) * python-django: Potential denial-of-service in django.utils.html.urlize() (CVE-2024-38875) * python-django: Username enumeration through timing difference for users with unusable passwords (CVE-2024-39329) * python-django: Potential directory-traversal in django.core.files.storage.Storage.save() (CVE-2024-39330) * python-django: Potential denial-of-service in django.utils.translation.get_supported_language_variant() (CVE-2024-39614) * github.com/jaraco/zipp: Denial of Service (infinite loop) via crafted zip file in jaraco/zipp (CVE-2024-5569) * puppet-foreman: An authentication bypass vulnerability exists in Foreman (CVE-2024-7012) * python-django: Potential SQL injection in QuerySet.values() and values_list() (CVE-2024-42005) * grpc: client communicating with a HTTP/2 proxy can poison the HPACK table between the proxy and the backend (CVE-2024-7246) * puppet-pulpcore: An authentication bypass vulnerability exists in pulpcore (CVE-2024-7923) * foreman: Read-only access to entire DB from templates (CVE-2024-8553) Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs. Solution: https://access.redhat.com/documentation/en-us/red_hat_satellite/6.16/html/updating_red_hat_satellite/index CVEs: CVE-2024-4067 References: https://access.redhat.com/security/updates/classification/#critical https://bugzilla.redhat.com/show_bug.cgi?id=2280601 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://bugzilla.redhat.com/show_bug.cgi?id=2293200 https://bugzilla.redhat.com/show_bug.cgi?id=2295935 https://bugzilla.redhat.com/show_bug.cgi?id=2295936 https://bugzilla.redhat.com/show_bug.cgi?id=2295937 https://bugzilla.redhat.com/show_bug.cgi?id=2295938 https://bugzilla.redhat.com/show_bug.cgi?id=2296413 https://bugzilla.redhat.com/show_bug.cgi?id=2299429 https://bugzilla.redhat.com/show_bug.cgi?id=2302436 https://bugzilla.redhat.com/show_bug.cgi?id=2305718 https://bugzilla.redhat.com/show_bug.cgi?id=2312524 https://bugzilla.redhat.com/show_bug.cgi?id=2318080 https://issues.redhat.com/browse/SAT-12847 https://issues.redhat.com/browse/SAT-15089 https://issues.redhat.com/browse/SAT-15466 https://issues.redhat.com/browse/SAT-15467 https://issues.redhat.com/browse/SAT-15549 https://issues.redhat.com/browse/SAT-16224 https://issues.redhat.com/browse/SAT-16247 https://issues.redhat.com/browse/SAT-16381 https://issues.redhat.com/browse/SAT-16537 https://issues.redhat.com/browse/SAT-16593 https://issues.redhat.com/browse/SAT-17442 https://issues.redhat.com/browse/SAT-17443 https://issues.redhat.com/browse/SAT-17785 https://issues.redhat.com/browse/SAT-18093 https://issues.redhat.com/browse/SAT-18270 https://issues.redhat.com/browse/SAT-18327 https://issues.redhat.com/browse/SAT-18410 https://issues.redhat.com/browse/SAT-18461 https://issues.redhat.com/browse/SAT-18568 https://issues.redhat.com/browse/SAT-18610 https://issues.redhat.com/browse/SAT-18705 https://issues.redhat.com/browse/SAT-18721 https://issues.redhat.com/browse/SAT-18859 https://issues.redhat.com/browse/SAT-18993 https://issues.redhat.com/browse/SAT-19018 https://issues.redhat.com/browse/SAT-19269 https://issues.redhat.com/browse/SAT-19342 https://issues.redhat.com/browse/SAT-19389 https://issues.redhat.com/browse/SAT-19394 https://issues.redhat.com/browse/SAT-19501 https://issues.redhat.com/browse/SAT-19502 https://issues.redhat.com/browse/SAT-19504 https://issues.redhat.com/browse/SAT-19511 https://issues.redhat.com/browse/SAT-19592 https://issues.redhat.com/browse/SAT-19614 https://issues.redhat.com/browse/SAT-19621 https://issues.redhat.com/browse/SAT-19748 https://issues.redhat.com/browse/SAT-19789 https://issues.redhat.com/browse/SAT-19922 https://issues.redhat.com/browse/SAT-19993 https://issues.redhat.com/browse/SAT-19999 https://issues.redhat.com/browse/SAT-20099 https://issues.redhat.com/browse/SAT-20361 https://issues.redhat.com/browse/SAT-20445 https://issues.redhat.com/browse/SAT-20553 https://issues.redhat.com/browse/SAT-21261 https://issues.redhat.com/browse/SAT-21266 https://issues.redhat.com/browse/SAT-21268 https://issues.redhat.com/browse/SAT-21273 https://issues.redhat.com/browse/SAT-21353 https://issues.redhat.com/browse/SAT-21374 https://issues.redhat.com/browse/SAT-21375 https://issues.redhat.com/browse/SAT-21395 https://issues.redhat.com/browse/SAT-21396 https://issues.redhat.com/browse/SAT-21421 https://issues.redhat.com/browse/SAT-21463 https://issues.redhat.com/browse/SAT-21682 https://issues.redhat.com/browse/SAT-21757 https://issues.redhat.com/browse/SAT-21920 https://issues.redhat.com/browse/SAT-21994 https://issues.redhat.com/browse/SAT-22047 https://issues.redhat.com/browse/SAT-22048 https://issues.redhat.com/browse/SAT-22156 https://issues.redhat.com/browse/SAT-22172 https://issues.redhat.com/browse/SAT-22358 https://issues.redhat.com/browse/SAT-22442 https://issues.redhat.com/browse/SAT-22491 https://issues.redhat.com/browse/SAT-22554 https://issues.redhat.com/browse/SAT-22579 https://issues.redhat.com/browse/SAT-22626 https://issues.redhat.com/browse/SAT-22849 https://issues.redhat.com/browse/SAT-22872 https://issues.redhat.com/browse/SAT-22889 https://issues.redhat.com/browse/SAT-22900 https://issues.redhat.com/browse/SAT-23047 https://issues.redhat.com/browse/SAT-23077 https://issues.redhat.com/browse/SAT-23093 https://issues.redhat.com/browse/SAT-23096 https://issues.redhat.com/browse/SAT-23109 https://issues.redhat.com/browse/SAT-23124 https://issues.redhat.com/browse/SAT-23167 https://issues.redhat.com/browse/SAT-23211 https://issues.redhat.com/browse/SAT-23228 https://issues.redhat.com/browse/SAT-23279 https://issues.redhat.com/browse/SAT-23288 https://issues.redhat.com/browse/SAT-23302 https://issues.redhat.com/browse/SAT-23335 https://issues.redhat.com/browse/SAT-23405 https://issues.redhat.com/browse/SAT-23407 https://issues.redhat.com/browse/SAT-23424 https://issues.redhat.com/browse/SAT-23426 https://issues.redhat.com/browse/SAT-23487 https://issues.redhat.com/browse/SAT-23505 https://issues.redhat.com/browse/SAT-23544 https://issues.redhat.com/browse/SAT-23573 https://issues.redhat.com/browse/SAT-23592 https://issues.redhat.com/browse/SAT-23610 https://issues.redhat.com/browse/SAT-23752 https://issues.redhat.com/browse/SAT-23841 https://issues.redhat.com/browse/SAT-23894 https://issues.redhat.com/browse/SAT-23943 https://issues.redhat.com/browse/SAT-23947 https://issues.redhat.com/browse/SAT-23951 https://issues.redhat.com/browse/SAT-23954 https://issues.redhat.com/browse/SAT-23957 https://issues.redhat.com/browse/SAT-23990 https://issues.redhat.com/browse/SAT-23992 https://issues.redhat.com/browse/SAT-24050 https://issues.redhat.com/browse/SAT-24064 https://issues.redhat.com/browse/SAT-24073 https://issues.redhat.com/browse/SAT-24111 https://issues.redhat.com/browse/SAT-24132 https://issues.redhat.com/browse/SAT-24197 https://issues.redhat.com/browse/SAT-24470 https://issues.redhat.com/browse/SAT-24478 https://issues.redhat.com/browse/SAT-24479 https://issues.redhat.com/browse/SAT-24489 https://issues.redhat.com/browse/SAT-24521 https://issues.redhat.com/browse/SAT-24526 https://issues.redhat.com/browse/SAT-24531 https://issues.redhat.com/browse/SAT-24545 https://issues.redhat.com/browse/SAT-24548 https://issues.redhat.com/browse/SAT-24577 https://issues.redhat.com/browse/SAT-24600 https://issues.redhat.com/browse/SAT-24769 https://issues.redhat.com/browse/SAT-24771 https://issues.redhat.com/browse/SAT-24774 https://issues.redhat.com/browse/SAT-24779 https://issues.redhat.com/browse/SAT-24781 https://issues.redhat.com/browse/SAT-24786 https://issues.redhat.com/browse/SAT-24787 https://issues.redhat.com/browse/SAT-24801 https://issues.redhat.com/browse/SAT-24805 https://issues.redhat.com/browse/SAT-24837 https://issues.redhat.com/browse/SAT-24854 https://issues.redhat.com/browse/SAT-24878 https://issues.redhat.com/browse/SAT-24884 https://issues.redhat.com/browse/SAT-24893 https://issues.redhat.com/browse/SAT-24917 https://issues.redhat.com/browse/SAT-24918 https://issues.redhat.com/browse/SAT-24919 https://issues.redhat.com/browse/SAT-24920 https://issues.redhat.com/browse/SAT-24932 https://issues.redhat.com/browse/SAT-24936 https://issues.redhat.com/browse/SAT-24943 https://issues.redhat.com/browse/SAT-24988 https://issues.redhat.com/browse/SAT-25032 https://issues.redhat.com/browse/SAT-25129 https://issues.redhat.com/browse/SAT-25152 https://issues.redhat.com/browse/SAT-25155 https://issues.redhat.com/browse/SAT-25159 https://issues.redhat.com/browse/SAT-25160 https://issues.redhat.com/browse/SAT-25194 https://issues.redhat.com/browse/SAT-25213 https://issues.redhat.com/browse/SAT-25217 https://issues.redhat.com/browse/SAT-25243 https://issues.redhat.com/browse/SAT-25250 https://issues.redhat.com/browse/SAT-25328 https://issues.redhat.com/browse/SAT-25368 https://issues.redhat.com/browse/SAT-25429 https://issues.redhat.com/browse/SAT-25437 https://issues.redhat.com/browse/SAT-25455 https://issues.redhat.com/browse/SAT-25467 https://issues.redhat.com/browse/SAT-25503 https://issues.redhat.com/browse/SAT-25569 https://issues.redhat.com/browse/SAT-25583 https://issues.redhat.com/browse/SAT-25655 https://issues.redhat.com/browse/SAT-25658 https://issues.redhat.com/browse/SAT-25678 https://issues.redhat.com/browse/SAT-25713 https://issues.redhat.com/browse/SAT-25774 https://issues.redhat.com/browse/SAT-25789 https://issues.redhat.com/browse/SAT-25795 https://issues.redhat.com/browse/SAT-25813 https://issues.redhat.com/browse/SAT-25869 https://issues.redhat.com/browse/SAT-25936 https://issues.redhat.com/browse/SAT-25946 https://issues.redhat.com/browse/SAT-26012 https://issues.redhat.com/browse/SAT-26031 https://issues.redhat.com/browse/SAT-26040 https://issues.redhat.com/browse/SAT-26064 https://issues.redhat.com/browse/SAT-26078 https://issues.redhat.com/browse/SAT-26084 https://issues.redhat.com/browse/SAT-26105 https://issues.redhat.com/browse/SAT-26202 https://issues.redhat.com/browse/SAT-26242 https://issues.redhat.com/browse/SAT-26269 https://issues.redhat.com/browse/SAT-26397 https://issues.redhat.com/browse/SAT-26417 https://issues.redhat.com/browse/SAT-26493 https://issues.redhat.com/browse/SAT-26563 https://issues.redhat.com/browse/SAT-26588 https://issues.redhat.com/browse/SAT-26758 https://issues.redhat.com/browse/SAT-26762 https://issues.redhat.com/browse/SAT-26767 https://issues.redhat.com/browse/SAT-26834 https://issues.redhat.com/browse/SAT-26835 https://issues.redhat.com/browse/SAT-26837 https://issues.redhat.com/browse/SAT-26901 https://issues.redhat.com/browse/SAT-26967 https://issues.redhat.com/browse/SAT-27144 https://issues.redhat.com/browse/SAT-27182 https://issues.redhat.com/browse/SAT-27211 https://issues.redhat.com/browse/SAT-27276 https://issues.redhat.com/browse/SAT-27384 https://issues.redhat.com/browse/SAT-27401 https://issues.redhat.com/browse/SAT-27411 https://issues.redhat.com/browse/SAT-27485 https://issues.redhat.com/browse/SAT-27506 https://issues.redhat.com/browse/SAT-27512 https://issues.redhat.com/browse/SAT-27569 https://issues.redhat.com/browse/SAT-27593 https://issues.redhat.com/browse/SAT-27595 https://issues.redhat.com/browse/SAT-27604 https://issues.redhat.com/browse/SAT-27622 https://issues.redhat.com/browse/SAT-27676 https://issues.redhat.com/browse/SAT-27677 https://issues.redhat.com/browse/SAT-27702 https://issues.redhat.com/browse/SAT-27752 https://issues.redhat.com/browse/SAT-27778 https://issues.redhat.com/browse/SAT-27779 https://issues.redhat.com/browse/SAT-27814 https://issues.redhat.com/browse/SAT-27830 https://issues.redhat.com/browse/SAT-27834 https://issues.redhat.com/browse/SAT-27836 https://issues.redhat.com/browse/SAT-27891 https://issues.redhat.com/browse/SAT-27900 https://issues.redhat.com/browse/SAT-27901 https://issues.redhat.com/browse/SAT-27940 https://issues.redhat.com/browse/SAT-27943 https://issues.redhat.com/browse/SAT-27981 https://issues.redhat.com/browse/SAT-28012 https://issues.redhat.com/browse/SAT-28046 https://issues.redhat.com/browse/SAT-28048 https://issues.redhat.com/browse/SAT-28162 https://issues.redhat.com/browse/SAT-28269 https://issues.redhat.com/browse/SAT-28275 https://issues.redhat.com/browse/SAT-28336 https://issues.redhat.com/browse/SAT-28361 https://issues.redhat.com/browse/SAT-28362 https://issues.redhat.com/browse/SAT-28367 https://issues.redhat.com/browse/SAT-28394 https://issues.redhat.com/browse/SAT-28435 https://issues.redhat.com/browse/SAT-28467 https://issues.redhat.com/browse/SAT-28667 https://issues.redhat.com/browse/SAT-7770 https://issues.redhat.com/browse/SAT-8076