(RHSA-2024:1878) Moderate: RHUI 4.8 Release – Security Updates, Bug Fixes, and Enhancements
Discription

Red Hat Update Infrastructure (RHUI) offers a highly scalable, highly redundant framework that enables you to manage repositories and content. It also enables cloud providers to deliver content and updates to Red Hat Enterprise Linux (RHEL) instances. Security Fix(es): python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator (CVE-2023-36053) python-aiohttps: HTTP request smuggling via llhttp HTTP request parser (CVE-2023-37276) python-django: Potential denial of service vulnerability in django.utils.encoding.uri_to_iri() (CVE-2023-41164) python-django: Denial-of-service possibility in django.utils.text.Truncator (CVE-2023-43665) python-aiohttps: numerous issues in HTTP parser with header parsing (CVE-2023-47627) aiohttps: HTTP request modification (CVE-2023-49081) python-cryptography: NULL-dereference when loading PKCS7 certificates (CVE-2023-49083) jinja2: HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-22195) aiohttps: follow_symlinks directory traversal vulnerability (CVE-2024-23334) python-ecdsa: vulnerable to the Minerva attack (CVE-2024-23342) python-aiohttps: http request smuggling (CVE-2024-23829) Django: denial-of-service in intcomma template filter (CVE-2024-24680) python-django: Potential regular expression denial-of-service in django.utils.text.Truncator.words() (CVE-2024-27351) aiohttps: CRLF injection if user controls the HTTP method using aiohttp…Read More

Back to Main

Subscribe for the latest news: