RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Important) (RHSA-2024:1057)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1057 advisory. pygments: ReDoS in pygments (CVE-2022-40896) python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument (CVE-2023-44271) python-aiohttps: numerous issues in HTTP parser with header parsing (CVE-2023-47627) aiohttps: HTTP request modification (CVE-2023-49081) aiohttps: CRLF injection if user controls the HTTP method using aiohttp client (CVE-2023-49082) pycryptodome: side-channel leakage for OAEP decryption in PyCryptodome and pycryptodomex (CVE-2023-52323) ansible automation platform: Insecure websocket used when interacting with EDA server (CVE-2024-1657) jinja2: HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-22195) Django: denial-of-service in intcomma template filter (CVE-2024-24680) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version…Read More