-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Satellite 6.12.3 Async Security Update Advisory ID: RHSA-2023:1630-01 Product: Red Hat Satellite 6 Advisory URL: https://access.redhat.com/errata/RHSA-2023:1630 Issue date: 2023-04-04 CVE Names: CVE-2022-41946 ===================================================================== 1. Summary: Updated Satellite 6.12 packages that fixes important security bugs and several regular bugs are now available for Red Hat Satellite. 2. Relevant releases/architectures: Red Hat Satellite 6.12 for RHEL 8 - noarch 3. Description: Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments. Security fix(es): * Candlepin: PreparedStatement.setText(int, InputStream) will create a temporary file if the InputStream is larger than 2k (CVE-2022-41946) This update fixes the following bugs: 2163538 - Pages Blank 2174984 - Getting 'null value in column \"image_manifest_id\" violates not-null constraint' when syncing openstack container repos 2174987 - (Regression of 2033940) Error: AttributeError: 'NoneType' object has no attribute 'cast' thrown while listing repository versions 2174994 - VMware Image based Provisioning fails with error- : Could not find virtual machine network interface matching 2174997 - Package and Errata actions on content hosts selected using the "select all hosts" option fails. 2174998 - Subscription can't be blank, A Pool and its Subscription cannot belong to different organizations 2175002 - Getting "undefined method `schema_version' for nil:NilClass" while syncing from quay.io 2175005 - New kickstart_kernel_options snippet breaks UEFI (Grub2) PXE provisioning when boot_mode is static 2175008 - RHEL 9 as Guest OS is not available on Satellite 6.11 2174995 - Health check should use hostname -f 2175007 - [regression] data.yml is referring to old sync plain id which does not exist in katello_sync_plans 2176272 - new wait task introduced by rh_cloud 6.0.44 is not recognized by maintain as OK to interrupt 2175010 - Some custom repositories are failing to synchorize with error "This field may not be blank" after upgrading to Red Hat Satellite 6.11 2176922 - [RFE] Need syncable yum-format repository imports 2175003 - Can't perform incremental content exports in syncable format Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2153399 - CVE-2022-41946 postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions 2163538 - Pages Blank 2174984 - Getting 'null value in column \"image_manifest_id\" violates not-null constraint' when syncing openstack container repos 2174987 - (Regression of 2033940) Error: AttributeError: 'NoneType' object has no attribute 'cast' thrown while listing repository versions 2174994 - VMware Image based Provisioning fails with error- : Could not find virtual machine network interface matching 2174995 - Health check should use hostname -f 2174997 - Package and Errata actions on content hosts selected using the "select all hosts" option fails. 2174998 - Subscription can't be blank, A Pool and its Subscription cannot belong to different organizations 2175002 - Getting "undefined method `schema_version' for nil:NilClass" while syncing from quay.io 2175003 - Can't perform incremental content exports in syncable format 2175005 - New kickstart_kernel_options snippet breaks UEFI (Grub2) PXE provisioning when boot_mode is static 2175007 - [regression] data.yml is referring to old sync plain id which does not exist in katello_sync_plans 2175008 - RHEL 9 as Guest OS is not available on Satellite 6.11 2175010 - Some custom repositories are failing to synchorize with error "This field may not be blank" after upgrading to Red Hat Satellite 6.11 2176272 - new wait task introduced by rh_cloud 6.0.44 is not recognized by maintain as OK to interrupt 2176922 - [RFE] Need syncable yum-format repository imports 6. Package List: Red Hat Satellite 6.12 for RHEL 8: Source: candlepin-4.1.20-1.el8sat.src.rpm foreman-3.3.0.21-2.el8sat.src.rpm python-django-3.2.16-1.el8pc.src.rpm python-pulp-container-2.10.12-1.el8pc.src.rpm python-pulpcore-3.18.16-1.el8pc.src.rpm rubygem-fog-vsphere-3.6.0-1.el8sat.src.rpm rubygem-foreman_maintain-1.1.12-1.el8sat.src.rpm rubygem-hammer_cli_katello-1.6.0.2-1.el8sat.src.rpm rubygem-katello-4.5.0.32-1.el8sat.src.rpm rubygem-optimist-3.0.1-1.el8sat.src.rpm rubygem-rbvmomi2-3.6.0-2.el8sat.src.rpm satellite-6.12.3-1.el8sat.src.rpm noarch: candlepin-4.1.20-1.el8sat.noarch.rpm candlepin-selinux-4.1.20-1.el8sat.noarch.rpm foreman-3.3.0.21-2.el8sat.noarch.rpm foreman-cli-3.3.0.21-2.el8sat.noarch.rpm foreman-debug-3.3.0.21-2.el8sat.noarch.rpm foreman-dynflow-sidekiq-3.3.0.21-2.el8sat.noarch.rpm foreman-ec2-3.3.0.21-2.el8sat.noarch.rpm foreman-gce-3.3.0.21-2.el8sat.noarch.rpm foreman-journald-3.3.0.21-2.el8sat.noarch.rpm foreman-libvirt-3.3.0.21-2.el8sat.noarch.rpm foreman-openstack-3.3.0.21-2.el8sat.noarch.rpm foreman-ovirt-3.3.0.21-2.el8sat.noarch.rpm foreman-postgresql-3.3.0.21-2.el8sat.noarch.rpm foreman-service-3.3.0.21-2.el8sat.noarch.rpm foreman-telemetry-3.3.0.21-2.el8sat.noarch.rpm foreman-vmware-3.3.0.21-2.el8sat.noarch.rpm python39-django-3.2.16-1.el8pc.noarch.rpm python39-pulp-container-2.10.12-1.el8pc.noarch.rpm python39-pulpcore-3.18.16-1.el8pc.noarch.rpm rubygem-fog-vsphere-3.6.0-1.el8sat.noarch.rpm rubygem-foreman_maintain-1.1.12-1.el8sat.noarch.rpm rubygem-hammer_cli_katello-1.6.0.2-1.el8sat.noarch.rpm rubygem-katello-4.5.0.32-1.el8sat.noarch.rpm rubygem-optimist-3.0.1-1.el8sat.noarch.rpm rubygem-rbvmomi2-3.6.0-2.el8sat.noarch.rpm satellite-6.12.3-1.el8sat.noarch.rpm satellite-cli-6.12.3-1.el8sat.noarch.rpm satellite-common-6.12.3-1.el8sat.noarch.rpm Red Hat Satellite 6.12 for RHEL 8: Source: foreman-3.3.0.21-2.el8sat.src.rpm python-django-3.2.16-1.el8pc.src.rpm python-pulp-container-2.10.12-1.el8pc.src.rpm python-pulpcore-3.18.16-1.el8pc.src.rpm rubygem-foreman_maintain-1.1.12-1.el8sat.src.rpm satellite-6.12.3-1.el8sat.src.rpm noarch: foreman-debug-3.3.0.21-2.el8sat.noarch.rpm python39-django-3.2.16-1.el8pc.noarch.rpm python39-pulp-container-2.10.12-1.el8pc.noarch.rpm python39-pulpcore-3.18.16-1.el8pc.noarch.rpm rubygem-foreman_maintain-1.1.12-1.el8sat.noarch.rpm satellite-capsule-6.12.3-1.el8sat.noarch.rpm satellite-common-6.12.3-1.el8sat.noarch.rpm Red Hat Satellite 6.12 for RHEL 8: Source: rubygem-foreman_maintain-1.1.12-1.el8sat.src.rpm noarch: rubygem-foreman_maintain-1.1.12-1.el8sat.noarch.rpm Red Hat Satellite 6.12 for RHEL 8: Source: foreman-3.3.0.21-2.el8sat.src.rpm rubygem-hammer_cli_katello-1.6.0.2-1.el8sat.src.rpm satellite-6.12.3-1.el8sat.src.rpm noarch: foreman-cli-3.3.0.21-2.el8sat.noarch.rpm rubygem-hammer_cli_katello-1.6.0.2-1.el8sat.noarch.rpm satellite-cli-6.12.3-1.el8sat.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-41946 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZCyTXNzjgjWX9erEAQh57hAAknElDhu4y424D1I96zILtTXiJrw+50LC xD4Vj3M7gY44/6QgBg8H4YzfKZjdWGAX1byaDC6Wzb6RqtSnU7LCGI3PwA4+N3SY a0AidcKXV0LccwTDQcykzNC47KABGDShLFmXx5jGKn7LNWxrZRpSPk9G/jJ2tD4T /TaZQT20pxFXKs4vZvqXkjBDk0NXMT60fv128iXsloriajum1g3IcmJoB5R4tHFF bKp+sTWBVlOBwjN1qvXZ/A8JkvzKiyeMeVRM/sAoiFHNdaKFiUAsafebXTJJ55YC 7zHqsAIO1MznhhHuW7xqE4cJb58HBYDA/Q7xD5NONFYJn+nMWe6wNgB7GOL2vNOR 18wT35+BOjUnY0N1Ew9EllAeNOP2rHn9Rknvr9N3Z3WVzUU6Jsn4JyicdVi96xj7 1G/Mwu2/I4fZE0SkLF3YUI1eB0akNa9lASZ/i29XbyL3HuYhDLkdQ2qrRrCWOHf3 MxkYFoBaQlKLnWI21B1AkqIcxiqfQQ9CRECTTl86R3IZRnnV49IXrowSIAZJQy0r hY6n+5BcvGLpqDkyYelp4zaoCwnlSJRsXOJMBW5shF/9QfB1eWT7dU3bxnl+MPUO tZ0iUmZjbzBsjvgiQ22377jDuhdMk95lRgaRF8kdy13cavaykF5MA2hitfIiucL7 pG8zVEKEY3A= =vuaR -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce