- Issued:
- 2023-10-20
- Updated:
- 2023-10-20
RHSA-2023:5982 - Important: Red Hat Satellite Client security and bug fix update
Synopsis
Important: Red Hat Satellite Client security and bug fix update
Type/Severity
Security Advisory Important
Topic
An update for foreman_ygg_worker, puppet-agent, qpid-proton, and yggdrasil is now available for Satellite Client 6 for RHEL 6, Satellite Client 6 for RHEL 7, Satellite Client 6 for RHEL 8, and Satellite Client 6 for RHEL 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Security Fix(es):
-
golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
-
HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
-
openssl: c_rehash script allows command injection (CVE-2022-1292)
-
openssl: the c_rehash script allows command injection (CVE-2022-2068)
-
golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
Katello Agent / Goferd Service CLOSE_WAIT Connections on RHEL8 Clients (BZ#2184996)
-
Not possible to configure the temporary directory to be used on clients by remote execution in pull mode (BZ#2217079)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for x86_64 | 9 | x86_64 |
| Red Hat Enterprise Linux for x86_64 | 8 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions | 9.4 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions | 9.2 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions | 9.0 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions | 8.8 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions | 8.6 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions | 8.4 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions | 8.2 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions | 8.1 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions | 8.0 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions | 7.7 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions | 7.6 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions | 7.4 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions | 7.3 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions | 6 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions | 6 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Extended Update Support | 9.8 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Extended Update Support | 9.6 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Extended Update Support | 9.4 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Extended Update Support | 9.2 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Extended Update Support | 9.0 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Extended Update Support | 8.8 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Extended Update Support | 8.6 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Extended Update Support | 8.4 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Extended Update Support | 8.2 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Extended Update Support | 8.1 | x86_64 |
| Red Hat Enterprise Linux for Scientific Computing | 7 | x86_64 |
| Red Hat Enterprise Linux for Real Time for x86_64 - Extended Life Cycle Support | 6 | x86_64 |
| Red Hat Enterprise Linux for Power, little endian | 9 | ppc64le |
| Red Hat Enterprise Linux for Power, little endian | 8 | ppc64le |
| Red Hat Enterprise Linux for Power, little endian | 7 | ppc64le |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | 9.8 | ppc64le |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | 9.6 | ppc64le |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | 9.4 | ppc64le |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | 9.2 | ppc64le |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | 9.0 | ppc64le |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | 8.8 | ppc64le |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | 8.6 | ppc64le |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | 8.4 | ppc64le |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | 8.2 | ppc64le |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | 8.1 | ppc64le |
| Red Hat Enterprise Linux for IBM z Systems | 9 | s390x |
| Red Hat Enterprise Linux for IBM z Systems | 8 | s390x |
| Red Hat Enterprise Linux for IBM z Systems - Extended Update Support | 9.8 | s390x |
| Red Hat Enterprise Linux for IBM z Systems - Extended Update Support | 9.6 | s390x |
| Red Hat Enterprise Linux for IBM z Systems - Extended Update Support | 9.4 | s390x |
| Red Hat Enterprise Linux for IBM z Systems - Extended Update Support | 9.2 | s390x |
| Red Hat Enterprise Linux for IBM z Systems - Extended Update Support | 9.0 | s390x |
| Red Hat Enterprise Linux for IBM z Systems - Extended Update Support | 8.6 | s390x |
| Red Hat Enterprise Linux for IBM z Systems - Extended Update Support | 8.4 | s390x |
| Red Hat Enterprise Linux for IBM z Systems - Extended Update Support | 8.2 | s390x |
| Red Hat Enterprise Linux for IBM z Systems - Extended Update Support | 8.1 | s390x |
| Red Hat Enterprise Linux for ARM 64 | 9 | aarch64 |
| Red Hat Enterprise Linux for ARM 64 | 8 | aarch64 |
| Red Hat Enterprise Linux for ARM 64 - Extended Update Support | 9.8 | aarch64 |
| Red Hat Enterprise Linux for ARM 64 - Extended Update Support | 9.6 | aarch64 |
| Red Hat Enterprise Linux for ARM 64 - Extended Update Support | 9.4 | aarch64 |
| Red Hat Enterprise Linux for ARM 64 - Extended Update Support | 9.2 | aarch64 |
| Red Hat Enterprise Linux for ARM 64 - Extended Update Support | 9.0 | aarch64 |
| Red Hat Enterprise Linux for ARM 64 - Extended Update Support | 8.8 | aarch64 |
| Red Hat Enterprise Linux for ARM 64 - Extended Update Support | 8.6 | aarch64 |
| Red Hat Enterprise Linux for ARM 64 - Extended Update Support | 8.4 | aarch64 |
| Red Hat Enterprise Linux for ARM 64 - Extended Update Support | 8.2 | aarch64 |
| Red Hat Enterprise Linux for ARM 64 - Extended Update Support | 8.1 | aarch64 |
| Red Hat Enterprise Linux Workstation | 7 | x86_64 |
| Red Hat Enterprise Linux Server | 7 | x86_64 |
| Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions | 9.4 | ppc64le |
| Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions | 9.2 | ppc64le |
| Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions | 9.0 | ppc64le |
| Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions | 8.8 | ppc64le |
| Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions | 8.6 | ppc64le |
| Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions | 8.4 | ppc64le |
| Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions | 8.2 | ppc64le |
| Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions | 8.1 | ppc64le |
| Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions | 8.0 | ppc64le |
| Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions | 7.7 | ppc64le |
| Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions | 7.6 | ppc64le |
| Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions | 7.4 | ppc64le |
| Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions | 7.3 | ppc64le |
| Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions | 7.2 | ppc64le |
| Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions | 6 | ppc64le |
| Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions | 6 | ppc64le |
| Red Hat Enterprise Linux Server - TUS | 8.8 | x86_64 |
| Red Hat Enterprise Linux Server - TUS | 8.6 | x86_64 |
| Red Hat Enterprise Linux Server - TUS | 8.4 | x86_64 |
| Red Hat Enterprise Linux Server - TUS | 8.2 | x86_64 |
| Red Hat Enterprise Linux Server - TUS | 7.7 | x86_64 |
| Red Hat Enterprise Linux Server - TUS | 7.6 | x86_64 |
| Red Hat Enterprise Linux Server - TUS | 7.4 | x86_64 |
| Red Hat Enterprise Linux Server - TUS | 7.3 | x86_64 |
| Red Hat Enterprise Linux Server - TUS | 7.2 | x86_64 |
| Red Hat Enterprise Linux Server - TUS | 7.1 | x86_64 |
| Red Hat Enterprise Linux Server - Retired Extended Life Cycle Support | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 7 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian | 6 | ppc64le |
| Red Hat Enterprise Linux Server - AUS | 9.6 | x86_64 |
| Red Hat Enterprise Linux Server - AUS | 9.4 | x86_64 |
| Red Hat Enterprise Linux Server - AUS | 9.2 | x86_64 |
| Red Hat Enterprise Linux Server - AUS | 8.6 | x86_64 |
| Red Hat Enterprise Linux Server - AUS | 8.4 | x86_64 |
| Red Hat Enterprise Linux Server - AUS | 8.2 | x86_64 |
| Red Hat Enterprise Linux Server - AUS | 7.7 | x86_64 |
| Red Hat Enterprise Linux Server - AUS | 7.6 | x86_64 |
| Red Hat Enterprise Linux Server - AUS | 7.4 | x86_64 |
| Red Hat Enterprise Linux Server - AUS | 7.3 | x86_64 |
| Red Hat Enterprise Linux Server - AUS | 7.2 | x86_64 |
| Red Hat Enterprise Linux Desktop | 7 | x86_64 |
Updated Packages
- yggdrasil-0.2.3-1.el7sat.src.rpm
- qpid-proton-c-debuginfo-0.37.0-2.el9.s390x.rpm
- yggdrasil-0.2.3-1.el9sat.aarch64.rpm
- python3-qpid-proton-0.37.0-2.el8.aarch64.rpm
- foreman_ygg_worker-0.2.2-1.el7sat.ppc64le.rpm
- python3-qpid-proton-debuginfo-0.37.0-2.el8.ppc64le.rpm
- qpid-proton-cpp-debuginfo-0.37.0-2.el8.x86_64.rpm
- qpid-proton-c-0.37.0-2.el8.aarch64.rpm
- qpid-proton-cpp-debuginfo-0.37.0-2.el9.aarch64.rpm
- qpid-proton-debuginfo-0.37.0-2.el8.ppc64le.rpm
- qpid-proton-debuginfo-0.37.0-2.el9.x86_64.rpm
- puppet-agent-7.26.0-3.el6sat.x86_64.rpm
- qpid-proton-c-debuginfo-0.37.0-2.el9.aarch64.rpm
- qpid-proton-debuginfo-0.37.0-2.el9.s390x.rpm
- qpid-proton-debugsource-0.37.0-2.el8.aarch64.rpm
- qpid-proton-debugsource-0.37.0-2.el9.s390x.rpm
- yggdrasil-0.2.3-1.el9sat.src.rpm
- foreman_ygg_worker-0.2.2-1.el7sat.src.rpm
- qpid-proton-cpp-debuginfo-0.37.0-2.el9.s390x.rpm
- yggdrasil-0.2.3-1.el7sat.x86_64.rpm
- yggdrasil-0.2.3-1.el9sat.s390x.rpm
- python3-qpid-proton-debuginfo-0.37.0-2.el8.x86_64.rpm
- qpid-proton-c-0.37.0-2.el8.x86_64.rpm
- qpid-proton-c-0.37.0-2.el9.x86_64.rpm
- qpid-proton-c-debuginfo-0.37.0-2.el9.ppc64le.rpm
- qpid-proton-cpp-debuginfo-0.37.0-2.el8.aarch64.rpm
- rubygem-qpid_proton-debuginfo-0.37.0-2.el9.s390x.rpm
- puppet-agent-7.26.0-3.el8sat.src.rpm
- qpid-proton-c-0.37.0-2.el8.ppc64le.rpm
- foreman_ygg_worker-0.2.2-1.el9sat.src.rpm
- python3-qpid-proton-debuginfo-0.37.0-2.el8.aarch64.rpm
- qpid-proton-c-debuginfo-0.37.0-2.el8.s390x.rpm
- qpid-proton-c-debuginfo-0.37.0-2.el8.x86_64.rpm
- yggdrasil-0.2.3-1.el8sat.s390x.rpm
- yggdrasil-0.2.3-1.el8sat.x86_64.rpm
- qpid-proton-debugsource-0.37.0-2.el8.s390x.rpm
- rubygem-qpid_proton-debuginfo-0.37.0-2.el8.aarch64.rpm
- qpid-proton-cpp-debuginfo-0.37.0-2.el9.x86_64.rpm
- qpid-proton-debugsource-0.37.0-2.el8.ppc64le.rpm
- yggdrasil-0.2.3-1.el9sat.ppc64le.rpm
- python3-qpid-proton-0.37.0-2.el8.x86_64.rpm
- qpid-proton-debugsource-0.37.0-2.el8.x86_64.rpm
- puppet-agent-7.26.0-3.el9sat.src.rpm
- python3-qpid-proton-0.37.0-2.el8.ppc64le.rpm
- qpid-proton-debuginfo-0.37.0-2.el9.ppc64le.rpm
- foreman_ygg_worker-0.2.2-1.el7sat.x86_64.rpm
- python3-qpid-proton-0.37.0-2.el9.s390x.rpm
- python3-qpid-proton-debuginfo-0.37.0-2.el9.aarch64.rpm
- yggdrasil-0.2.3-1.el8sat.ppc64le.rpm
- qpid-proton-c-0.37.0-2.el9.aarch64.rpm
- foreman_ygg_worker-0.2.2-1.el8sat.src.rpm
- qpid-proton-cpp-debuginfo-0.37.0-2.el9.ppc64le.rpm
- yggdrasil-0.2.3-1.el9sat.x86_64.rpm
- rubygem-qpid_proton-debuginfo-0.37.0-2.el9.aarch64.rpm
- python3-qpid-proton-debuginfo-0.37.0-2.el9.s390x.rpm
- rubygem-qpid_proton-debuginfo-0.37.0-2.el9.x86_64.rpm
- python3-qpid-proton-0.37.0-2.el8.s390x.rpm
- puppet-agent-7.26.0-3.el9sat.x86_64.rpm
- qpid-proton-cpp-debuginfo-0.37.0-2.el8.s390x.rpm
- yggdrasil-0.2.3-1.el8sat.aarch64.rpm
- python3-qpid-proton-debuginfo-0.37.0-2.el9.ppc64le.rpm
- foreman_ygg_worker-0.2.2-1.el9sat.x86_64.rpm
- puppet-agent-7.26.0-3.el8sat.x86_64.rpm
- rubygem-qpid_proton-debuginfo-0.37.0-2.el9.ppc64le.rpm
- yggdrasil-0.2.3-1.el7sat.ppc64le.rpm
- qpid-proton-debuginfo-0.37.0-2.el8.x86_64.rpm
- yggdrasil-0.2.3-1.el8sat.src.rpm
- python3-qpid-proton-debuginfo-0.37.0-2.el9.x86_64.rpm
- qpid-proton-c-debuginfo-0.37.0-2.el8.aarch64.rpm
- rubygem-qpid_proton-debuginfo-0.37.0-2.el8.s390x.rpm
- qpid-proton-cpp-debuginfo-0.37.0-2.el8.ppc64le.rpm
- python3-qpid-proton-0.37.0-2.el9.ppc64le.rpm
- foreman_ygg_worker-0.2.2-1.el9sat.ppc64le.rpm
- python3-qpid-proton-debuginfo-0.37.0-2.el8.s390x.rpm
- qpid-proton-debugsource-0.37.0-2.el9.aarch64.rpm
- foreman_ygg_worker-0.2.2-1.el8sat.aarch64.rpm
- foreman_ygg_worker-0.2.2-1.el9sat.s390x.rpm
- qpid-proton-0.37.0-2.el9.src.rpm
- puppet-agent-7.26.0-3.el7sat.x86_64.rpm
- rubygem-qpid_proton-debuginfo-0.37.0-2.el8.ppc64le.rpm
- qpid-proton-c-debuginfo-0.37.0-2.el9.x86_64.rpm
- puppet-agent-7.26.0-3.el6sat.i686.rpm
- puppet-agent-7.26.0-3.el7sat.src.rpm
- qpid-proton-c-0.37.0-2.el8.s390x.rpm
- foreman_ygg_worker-0.2.2-1.el8sat.x86_64.rpm
- qpid-proton-debuginfo-0.37.0-2.el9.aarch64.rpm
- qpid-proton-debugsource-0.37.0-2.el9.ppc64le.rpm
- qpid-proton-debugsource-0.37.0-2.el9.x86_64.rpm
- rubygem-qpid_proton-debuginfo-0.37.0-2.el8.x86_64.rpm
- foreman_ygg_worker-0.2.2-1.el8sat.s390x.rpm
- foreman_ygg_worker-0.2.2-1.el8sat.ppc64le.rpm
- foreman_ygg_worker-0.2.2-1.el9sat.aarch64.rpm
- python3-qpid-proton-0.37.0-2.el9.aarch64.rpm
- python3-qpid-proton-0.37.0-2.el9.x86_64.rpm
- qpid-proton-0.37.0-2.el8.src.rpm
- puppet-agent-7.26.0-3.el6sat.src.rpm
- qpid-proton-c-0.37.0-2.el9.ppc64le.rpm
- qpid-proton-c-0.37.0-2.el9.s390x.rpm
- qpid-proton-debuginfo-0.37.0-2.el8.s390x.rpm
- qpid-proton-debuginfo-0.37.0-2.el8.aarch64.rpm
- qpid-proton-c-debuginfo-0.37.0-2.el8.ppc64le.rpm
Fixes
- This content is not included.BZ - 2081494
- This content is not included.BZ - 2097310
- This content is not included.BZ - 2161274
- This content is not included.BZ - 2184996
- This content is not included.BZ - 2217079
- This content is not included.BZ - 2242803
- This content is not included.BZ - 2243296
CVEs
References
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/documentation/en-us/red_hat_satellite/6.13/html/upgrading_and_updating_red_hat_satellite/index
- This content is not included.This content is not included.https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.