Red Hat Satellite is a systems management tool for Linux-based
infrastructure. It allows for provisioning, remote management, and
monitoring of multiple Linux deployments with a single centralized tool.
Security Fix(es):
* netty-codec: Bzip2Decoder doesn’t allow setting size restrictions for decompressed data (CVE-2021-37136)
* netty-codec: SnappyFrameDecoder doesn’t restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)
* python3-django: Possible XSS via template tag (CVE-2022-22818)
* tfm-rubygem-nokogiri: ReDoS in HTML encoding detection (CVE-2022-24836)
* tfm-rubygem-sinatra: Path traversal possible outside of public_dir when serving static files (CVE-2022-29970)
* tfm-rubygem-git: Package vulnerable to Command Injection via git argument injection (CVE-2022-25648)
* rubygem-rails-html-sanitizer: Possible XSS with certain configurations (CVE-2022-32209)
* python3-django: Potential SQL injection via Trunc and Extract arguments (CVE-2022-34265)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
The items above are not a complete list of changes. This update also fixes
several bugs and adds various enhancements. Documentation for these changes
is available from the Release Notes document.Read More