Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-39325 (GCVE-0-2023-39325)
Vulnerability from cvelistv5 – Published: 2023-10-11 21:15 – Updated: 2025-02-13 17:02- CWE-400 - Uncontrolled Resource Consumption
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | net/http |
Affected:
0 , < 1.20.10
(semver)
Affected: 1.21.0-0 , < 1.21.3 (semver) |
|
| golang.org/x/net | golang.org/x/net/http2 |
Affected:
0 , < 0.17.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/issue/63417"
},
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/cl/534215"
},
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/cl/534235"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ"
},
{
"tags": [
"x_transferred"
],
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231110-0008/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "net/http",
"product": "net/http",
"programRoutines": [
{
"name": "http2serverConn.serve"
},
{
"name": "http2serverConn.processHeaders"
},
{
"name": "http2serverConn.upgradeRequest"
},
{
"name": "http2serverConn.runHandler"
},
{
"name": "ListenAndServe"
},
{
"name": "ListenAndServeTLS"
},
{
"name": "Serve"
},
{
"name": "ServeTLS"
},
{
"name": "Server.ListenAndServe"
},
{
"name": "Server.ListenAndServeTLS"
},
{
"name": "Server.Serve"
},
{
"name": "Server.ServeTLS"
},
{
"name": "http2Server.ServeConn"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.20.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.21.3",
"status": "affected",
"version": "1.21.0-0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "golang.org/x/net/http2",
"product": "golang.org/x/net/http2",
"programRoutines": [
{
"name": "serverConn.serve"
},
{
"name": "serverConn.processHeaders"
},
{
"name": "serverConn.upgradeRequest"
},
{
"name": "serverConn.runHandler"
},
{
"name": "Server.ServeConn"
}
],
"vendor": "golang.org/x/net",
"versions": [
{
"lessThan": "0.17.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-28T04:05:57.980Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/issue/63417"
},
{
"url": "https://go.dev/cl/534215"
},
{
"url": "https://go.dev/cl/534235"
},
{
"url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ"
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231110-0008/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/"
},
{
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/"
}
],
"title": "HTTP/2 rapid reset can cause excessive work in net/http"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2023-39325",
"datePublished": "2023-10-11T21:15:02.727Z",
"dateReserved": "2023-07-27T17:05:55.188Z",
"dateUpdated": "2025-02-13T17:02:50.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-39325",
"date": "2026-07-02",
"epss": "0.03796",
"percentile": "0.88686"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.20.0\", \"versionEndExcluding\": \"1.20.10\", \"matchCriteriaId\": \"99C776A5-1409-4638-AB9A-8A2B053DBFE1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.21.0\", \"versionEndExcluding\": \"1.21.3\", \"matchCriteriaId\": \"5FD9AB15-E5F6-4DBC-9EC7-D0ABA705802A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:*\", \"versionEndExcluding\": \"0.17.0\", \"matchCriteriaId\": \"D7D2F801-6F65-4705-BCB9-D057EA54A707\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:astra_trident:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4E44A7B-F32A-43F2-B41A-CB3049100DF7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:astra_trident_autosupport:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"25008095-A75E-4E34-9538-61B6334BB0F9\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.\"}, {\"lang\": \"es\", \"value\": \"Un cliente HTTP/2 malicioso que crea solicitudes r\\u00e1pidamente y las restablece inmediatamente puede provocar un consumo excesivo de recursos del servidor. Si bien el n\\u00famero total de solicitudes est\\u00e1 limitado por la configuraci\\u00f3n http2.Server.MaxConcurrentStreams, restablecer una solicitud en curso permite al atacante crear una nueva solicitud mientras la existente a\\u00fan se est\\u00e1 ejecutando. Con la soluci\\u00f3n aplicada, los servidores HTTP/2 ahora vincularon el n\\u00famero de rutinas de controlador que se ejecutan simult\\u00e1neamente al l\\u00edmite de concurrencia de transmisi\\u00f3n (MaxConcurrentStreams). Las nuevas solicitudes que lleguen cuando se encuentre en el l\\u00edmite (lo que solo puede ocurrir despu\\u00e9s de que el cliente haya restablecido una solicitud existente en curso) se pondr\\u00e1n en cola hasta que salga un controlador. Si la cola de solicitudes crece demasiado, el servidor finalizar\\u00e1 la conexi\\u00f3n. Este problema tambi\\u00e9n se solucion\\u00f3 en golang.org/x/net/http2 para los usuarios que configuran HTTP/2 manualmente. El l\\u00edmite de simultaneidad de transmisiones predeterminado es 250 transmisiones (solicitudes) por conexi\\u00f3n HTTP/2. Este valor se puede ajustar utilizando el paquete golang.org/x/net/http2; consulte la configuraci\\u00f3n Server.MaxConcurrentStreams y la funci\\u00f3n ConfigureServer.\"}]",
"id": "CVE-2023-39325",
"lastModified": "2024-11-21T08:15:09.627",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2023-10-11T22:15:09.880",
"references": "[{\"url\": \"https://go.dev/cl/534215\", \"source\": \"security@golang.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://go.dev/cl/534235\", \"source\": \"security@golang.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://go.dev/issue/63417\", \"source\": \"security@golang.org\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ\", \"source\": \"security@golang.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/\", \"source\": \"security@golang.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/\", \"source\": \"security@golang.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/\", \"source\": \"security@golang.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/\", \"source\": \"security@golang.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/\", \"source\": \"security@golang.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/\", \"source\": \"security@golang.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/\", \"source\": \"security@golang.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://pkg.go.dev/vuln/GO-2023-2102\", \"source\": \"security@golang.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202311-09\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231110-0008/\", \"source\": \"security@golang.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://go.dev/cl/534215\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://go.dev/cl/534235\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://go.dev/issue/63417\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://pkg.go.dev/vuln/GO-2023-2102\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202311-09\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231110-0008/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "security@golang.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-770\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-39325\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2023-10-11T22:15:09.880\",\"lastModified\":\"2026-06-17T06:12:02.173\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.\"},{\"lang\":\"es\",\"value\":\"Un cliente HTTP/2 malicioso que crea solicitudes r\u00e1pidamente y las restablece inmediatamente puede provocar un consumo excesivo de recursos del servidor. Si bien el n\u00famero total de solicitudes est\u00e1 limitado por la configuraci\u00f3n http2.Server.MaxConcurrentStreams, restablecer una solicitud en curso permite al atacante crear una nueva solicitud mientras la existente a\u00fan se est\u00e1 ejecutando. Con la soluci\u00f3n aplicada, los servidores HTTP/2 ahora vincularon el n\u00famero de rutinas de controlador que se ejecutan simult\u00e1neamente al l\u00edmite de concurrencia de transmisi\u00f3n (MaxConcurrentStreams). Las nuevas solicitudes que lleguen cuando se encuentre en el l\u00edmite (lo que solo puede ocurrir despu\u00e9s de que el cliente haya restablecido una solicitud existente en curso) se pondr\u00e1n en cola hasta que salga un controlador. Si la cola de solicitudes crece demasiado, el servidor finalizar\u00e1 la conexi\u00f3n. Este problema tambi\u00e9n se solucion\u00f3 en golang.org/x/net/http2 para los usuarios que configuran HTTP/2 manualmente. El l\u00edmite de simultaneidad de transmisiones predeterminado es 250 transmisiones (solicitudes) por conexi\u00f3n HTTP/2. Este valor se puede ajustar utilizando el paquete golang.org/x/net/http2; consulte la configuraci\u00f3n Server.MaxConcurrentStreams y la funci\u00f3n ConfigureServer.\"}],\"affected\":[{\"source\":\"security@golang.org\",\"affectedData\":[{\"vendor\":\"Go standard library\",\"product\":\"net/http\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"net/http\",\"programRoutines\":[{\"name\":\"http2serverConn.serve\"},{\"name\":\"http2serverConn.processHeaders\"},{\"name\":\"http2serverConn.upgradeRequest\"},{\"name\":\"http2serverConn.runHandler\"},{\"name\":\"ListenAndServe\"},{\"name\":\"ListenAndServeTLS\"},{\"name\":\"Serve\"},{\"name\":\"ServeTLS\"},{\"name\":\"Server.ListenAndServe\"},{\"name\":\"Server.ListenAndServeTLS\"},{\"name\":\"Server.Serve\"},{\"name\":\"Server.ServeTLS\"},{\"name\":\"http2Server.ServeConn\"}],\"versions\":[{\"version\":\"0\",\"lessThan\":\"1.20.10\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"1.21.0-0\",\"lessThan\":\"1.21.3\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"golang.org/x/net\",\"product\":\"golang.org/x/net/http2\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"golang.org/x/net/http2\",\"programRoutines\":[{\"name\":\"serverConn.serve\"},{\"name\":\"serverConn.processHeaders\"},{\"name\":\"serverConn.upgradeRequest\"},{\"name\":\"serverConn.runHandler\"},{\"name\":\"Server.ServeConn\"}],\"versions\":[{\"version\":\"0\",\"lessThan\":\"0.17.0\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.20.0\",\"versionEndExcluding\":\"1.20.10\",\"matchCriteriaId\":\"99C776A5-1409-4638-AB9A-8A2B053DBFE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.21.0\",\"versionEndExcluding\":\"1.21.3\",\"matchCriteriaId\":\"5FD9AB15-E5F6-4DBC-9EC7-D0ABA705802A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"0.17.0\",\"matchCriteriaId\":\"D7D2F801-6F65-4705-BCB9-D057EA54A707\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:astra_trident:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4E44A7B-F32A-43F2-B41A-CB3049100DF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:astra_trident_autosupport:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25008095-A75E-4E34-9538-61B6334BB0F9\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/534215\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://go.dev/cl/534235\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://go.dev/issue/63417\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ\",\"source\":\"security@golang.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2023-2102\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-09\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231110-0008/\",\"source\":\"security@golang.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://go.dev/cl/534215\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://go.dev/cl/534235\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://go.dev/issue/63417\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2023-2102\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231110-0008/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
RHSA-2023_5979
Vulnerability from csaf_redhat - Published: 2023-10-20 18:45 - Updated: 2024-12-18 04:47A flaw was found in OpenSSL. The `c_rehash` script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileges of the script on these operating systems.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
Workaround
|
A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the `c_rehash` script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically executed. On these operating systems, this flaw allows an attacker to execute arbitrary commands with the privileges of the script.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
Workaround
|
A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
A flaw was found in the ruby-git package, which allows a remote authenticated attacker to execute arbitrary code on the system, caused by a code injection flaw. An attacker can execute arbitrary code on the system by using a specially-crafted filename in the repository.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
A code injection flaw was found in the ruby-git package. This issue may allow a remote authenticated attacker to execute arbitrary code on the system by using a specially-crafted filename in the repository.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Satellite 6.12 packages that fixes important security bugs and several\nregular bugs are now available for Red Hat Satellite.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Satellite is a system management solution that allows organizations to\nconfigure and maintain their systems without the necessity to provide public\nInternet access to their servers or other client systems. It performs\nprovisioning and configuration management of predefined standard operating\nenvironments.\n\nSecurity fix(es):\n\nforeman: Arbitrary code execution through templates\n\nforeman: Satellite/Foreman: Arbitrary code execution through yaml global parameters\n\nforeman: OS command injection via ct_command and fcct_command\n\npuppet-agent for Satellite and Capsule: various flaws\n\ntfm-rubygem-git: ruby-git: code injection vulnerability\n\nrubygem-git: ruby-git: code injection vulnerability\n\nyggdrasil-worker-forwarder: various flaws\n\nThis update fixes the following bugs:\n\n2159656 - CVE-2023-0118 foreman: Arbitrary code execution through templates [rhn_satellite_6.12]\n2163524 - CVE-2023-0462 foreman: Satellite/Foreman: Arbitrary code execution through yaml global parameters [rhn_satellite_6.12]\n2163694 - CVE-2022-3874 foreman: OS command injection via ct_command and fcct_command [rhn_satellite_6.12]\n2242354 - CVE-2022-1292 CVE-2022-2068 puppet-agent for Satellite and Capsule: various flaws [rhn_satellite_6.12]\n2242359 - CVE-2022-47318 tfm-rubygem-git: ruby-git: code injection vulnerability [rhn_satellite_6.12]\n2242362 - CVE-2022-46648 rubygem-git: ruby-git: code injection vulnerability [rhn_satellite_6.12]\n2243833 - [Major Incident] CVE-2023-39325 CVE-2023-44487 yggdrasil-worker-forwarder: various flaws [rhn_satellite_6.12]\n\nUsers of Red Hat Satellite are advised to upgrade to these updated packages,\nwhich fix these bugs.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5979",
"url": "https://access.redhat.com/errata/RHSA-2023:5979"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.12/html/upgrading_and_updating_red_hat_satellite/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.12/html/upgrading_and_updating_red_hat_satellite/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2081494",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081494"
},
{
"category": "external",
"summary": "2097310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097310"
},
{
"category": "external",
"summary": "2140577",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140577"
},
{
"category": "external",
"summary": "2159291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159291"
},
{
"category": "external",
"summary": "2159672",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159672"
},
{
"category": "external",
"summary": "2162970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162970"
},
{
"category": "external",
"summary": "2169385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169385"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5979.json"
}
],
"title": "Red Hat Security Advisory: Satellite 6.12.5.2 Async Security Update",
"tracking": {
"current_release_date": "2024-12-18T04:47:47+00:00",
"generator": {
"date": "2024-12-18T04:47:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:5979",
"initial_release_date": "2023-10-20T18:45:24+00:00",
"revision_history": [
{
"date": "2023-10-20T18:45:24+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-20T18:45:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-18T04:47:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 6.12 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.12::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.12 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_capsule:6.12::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.12 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_utils:6.12::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite 6"
},
{
"branches": [
{
"category": "product_version",
"name": "foreman-0:3.3.0.23-1.el8sat.src",
"product": {
"name": "foreman-0:3.3.0.23-1.el8sat.src",
"product_id": "foreman-0:3.3.0.23-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.3.0.23-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "puppet-agent-0:7.26.0-3.el8sat.src",
"product": {
"name": "puppet-agent-0:7.26.0-3.el8sat.src",
"product_id": "puppet-agent-0:7.26.0-3.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/puppet-agent@7.26.0-3.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-git-0:1.18.0-1.el8sat.src",
"product": {
"name": "rubygem-git-0:1.18.0-1.el8sat.src",
"product_id": "rubygem-git-0:1.18.0-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-git@1.18.0-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-safemode-0:1.3.8-1.el8sat.src",
"product": {
"name": "rubygem-safemode-0:1.3.8-1.el8sat.src",
"product_id": "rubygem-safemode-0:1.3.8-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-safemode@1.3.8-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.12.5.2-1.el8sat.src",
"product": {
"name": "satellite-0:6.12.5.2-1.el8sat.src",
"product_id": "satellite-0:6.12.5.2-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.12.5.2-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"product": {
"name": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"product_id": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-worker-forwarder@0.0.3-1.el8sat?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"product": {
"name": "foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"product_id": "foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-debug@3.3.0.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-0:3.3.0.23-1.el8sat.noarch",
"product": {
"name": "foreman-0:3.3.0.23-1.el8sat.noarch",
"product_id": "foreman-0:3.3.0.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.3.0.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"product": {
"name": "foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"product_id": "foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-cli@3.3.0.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"product": {
"name": "foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"product_id": "foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-dynflow-sidekiq@3.3.0.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"product": {
"name": "foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"product_id": "foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ec2@3.3.0.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"product": {
"name": "foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"product_id": "foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-gce@3.3.0.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"product": {
"name": "foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"product_id": "foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-journald@3.3.0.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"product": {
"name": "foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"product_id": "foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-libvirt@3.3.0.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"product": {
"name": "foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"product_id": "foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-openstack@3.3.0.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"product": {
"name": "foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"product_id": "foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ovirt@3.3.0.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"product": {
"name": "foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"product_id": "foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-postgresql@3.3.0.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-service-0:3.3.0.23-1.el8sat.noarch",
"product": {
"name": "foreman-service-0:3.3.0.23-1.el8sat.noarch",
"product_id": "foreman-service-0:3.3.0.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-service@3.3.0.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"product": {
"name": "foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"product_id": "foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-telemetry@3.3.0.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"product": {
"name": "foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"product_id": "foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-vmware@3.3.0.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-git-0:1.18.0-1.el8sat.noarch",
"product": {
"name": "rubygem-git-0:1.18.0-1.el8sat.noarch",
"product_id": "rubygem-git-0:1.18.0-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-git@1.18.0-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-safemode-0:1.3.8-1.el8sat.noarch",
"product": {
"name": "rubygem-safemode-0:1.3.8-1.el8sat.noarch",
"product_id": "rubygem-safemode-0:1.3.8-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-safemode@1.3.8-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"product": {
"name": "satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"product_id": "satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-capsule@6.12.5.2-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-common-0:6.12.5.2-1.el8sat.noarch",
"product": {
"name": "satellite-common-0:6.12.5.2-1.el8sat.noarch",
"product_id": "satellite-common-0:6.12.5.2-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-common@6.12.5.2-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.12.5.2-1.el8sat.noarch",
"product": {
"name": "satellite-0:6.12.5.2-1.el8sat.noarch",
"product_id": "satellite-0:6.12.5.2-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.12.5.2-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"product": {
"name": "satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"product_id": "satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-cli@6.12.5.2-1.el8sat?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "puppet-agent-0:7.26.0-3.el8sat.x86_64",
"product": {
"name": "puppet-agent-0:7.26.0-3.el8sat.x86_64",
"product_id": "puppet-agent-0:7.26.0-3.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/puppet-agent@7.26.0-3.el8sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64",
"product": {
"name": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64",
"product_id": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-worker-forwarder@0.0.3-1.el8sat?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.3.0.23-1.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src"
},
"product_reference": "foreman-0:3.3.0.23-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-gce-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.26.0-3.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src"
},
"product_reference": "puppet-agent-0:7.26.0-3.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.26.0-3.el8sat.x86_64 as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64"
},
"product_reference": "puppet-agent-0:7.26.0-3.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.12.5.2-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.12.5.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.12.5.2-1.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src"
},
"product_reference": "satellite-0:6.12.5.2-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.12.5.2-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.12.5.2-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.12.5.2-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.12.5.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.3.0.23-1.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src"
},
"product_reference": "foreman-0:3.3.0.23-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-gce-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.12.5.2-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.12.5.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.12.5.2-1.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src"
},
"product_reference": "satellite-0:6.12.5.2-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.12.5.2-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.12.5.2-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.12.5.2-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.12.5.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.3.0.23-1.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src"
},
"product_reference": "foreman-0:3.3.0.23-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-gce-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.3.0.23-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.26.0-3.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src"
},
"product_reference": "puppet-agent-0:7.26.0-3.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.26.0-3.el8sat.x86_64 as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64"
},
"product_reference": "puppet-agent-0:7.26.0-3.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-git-0:1.18.0-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch"
},
"product_reference": "rubygem-git-0:1.18.0-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-git-0:1.18.0-1.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src"
},
"product_reference": "rubygem-git-0:1.18.0-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-safemode-0:1.3.8-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch"
},
"product_reference": "rubygem-safemode-0:1.3.8-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-safemode-0:1.3.8-1.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src"
},
"product_reference": "rubygem-safemode-0:1.3.8-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.12.5.2-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.12.5.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.12.5.2-1.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src"
},
"product_reference": "satellite-0:6.12.5.2-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.12.5.2-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.12.5.2-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.12.5.2-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.12.5.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src"
},
"product_reference": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
},
"product_reference": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.12"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Elison Niven"
],
"organization": "Sophos",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-1292",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2022-05-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2081494"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. The `c_rehash` script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileges of the script on these operating systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: c_rehash script allows command injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux uses a system-wide store of trusted certificates bundled in a single file and updated via `update-ca-trust`. The `c_rehash` script is not included in the default installation on any supported RHEL version, and is never executed automatically. For these reasons, this flaw has been rated as having a security impact of Moderate.\n\nRed Hat Enterprise Linux 7 provides a vulnerable version of the `c_rehash` script in the `openssl-perl` package, available only through the unsupported Optional repository. As the Optional repository is not supported and Red Hat Enterprise Linux 7 is in Maintenance Support 2 Phase, this issue is not planned to be addressed there.\n\nRed Hat Satellite ships an affected version of the `c_rehash` script embedded in `puppet-agent` package, however, the product is not vulnerable since it does not execute scripts with untrusted data. Moreover, the scriplet is owned by root user and is supposed to be accessed only by administrators.\n\nRed Hat updates the OpenSSL compatibility packages (compat-openssl) to only address Important or Critical security issues with backported security patches.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1292"
},
{
"category": "external",
"summary": "RHBZ#2081494",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081494"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1292",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1292"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20220503.txt",
"url": "https://www.openssl.org/news/secadv/20220503.txt"
}
],
"release_date": "2022-05-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T18:45:24+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5979"
},
{
"category": "workaround",
"details": "As mentioned in the upstream security advisory, use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.",
"product_ids": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: c_rehash script allows command injection"
},
{
"acknowledgments": [
{
"names": [
"Chancen"
],
"organization": "Qingteng 73lab",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-2068",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2022-06-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2097310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the `c_rehash` script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically executed. On these operating systems, this flaw allows an attacker to execute arbitrary commands with the privileges of the script.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: the c_rehash script allows command injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux uses a system-wide store of trusted certificates bundled in a single file and updated via `update-ca-trust`. The `c_rehash` script is not included in the default installation on any supported RHEL version and is never executed automatically. For these reasons, this flaw has been rated as having a security impact of Moderate.\n\nRed Hat Enterprise Linux 7 provides a vulnerable version of the `c_rehash` script in the `openssl-perl` package, available only through the unsupported Optional repository. As the Optional repository is not supported and Red Hat Enterprise Linux 7 is in Maintenance Support 2 Phase, this issue is not planned to be addressed there.\n\nRed Hat Satellite ships an affected version of the `c_rehash` script embedded in `puppet-agent` package, however, the product is not vulnerable since it does not execute scripts with untrusted data. Moreover, the scriplet is owned by root user and is supposed to be accessed only by administrators.\n\nRed Hat updates the OpenSSL compatibility packages (compat-openssl) to only address Important or Critical security issues with backported security patches.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2068"
},
{
"category": "external",
"summary": "RHBZ#2097310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2068",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2068"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20220621.txt",
"url": "https://www.openssl.org/news/secadv/20220621.txt"
}
],
"release_date": "2022-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T18:45:24+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5979"
},
{
"category": "workaround",
"details": "As mentioned in the upstream security advisory, use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command-line tool.",
"product_ids": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: the c_rehash script allows command injection"
},
{
"acknowledgments": [
{
"names": [
"Evgeni Golov"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
},
{
"names": [
"Andrew Danau"
],
"organization": "Onsec.io"
}
],
"cve": "CVE-2022-3874",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2022-11-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2140577"
}
],
"notes": [
{
"category": "description",
"text": "A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "foreman: OS command injection via ct_command and fcct_command",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src"
],
"known_not_affected": [
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3874"
},
{
"category": "external",
"summary": "RHBZ#2140577",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140577"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3874",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3874"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3874",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3874"
}
],
"release_date": "2023-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T18:45:24+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5979"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "foreman: OS command injection via ct_command and fcct_command"
},
{
"cve": "CVE-2022-46648",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2023-01-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2169385"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the ruby-git package, which allows a remote authenticated attacker to execute arbitrary code on the system, caused by a code injection flaw. An attacker can execute arbitrary code on the system by using a specially-crafted filename in the repository.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby-git: code injection vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src"
],
"known_not_affected": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46648"
},
{
"category": "external",
"summary": "RHBZ#2169385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169385"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46648",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46648"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46648",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46648"
},
{
"category": "external",
"summary": "https://jvn.jp/en/jp/JVN16765254/",
"url": "https://jvn.jp/en/jp/JVN16765254/"
}
],
"release_date": "2023-01-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T18:45:24+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5979"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ruby-git: code injection vulnerability"
},
{
"cve": "CVE-2022-47318",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2023-01-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2159672"
}
],
"notes": [
{
"category": "description",
"text": "A code injection flaw was found in the ruby-git package. This issue may allow a remote authenticated attacker to execute arbitrary code on the system by using a specially-crafted filename in the repository.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby-git: code injection vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src"
],
"known_not_affected": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-47318"
},
{
"category": "external",
"summary": "RHBZ#2159672",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159672"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-47318",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-47318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47318"
},
{
"category": "external",
"summary": "https://jvn.jp/en/jp/JVN16765254/",
"url": "https://jvn.jp/en/jp/JVN16765254/"
}
],
"release_date": "2023-01-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T18:45:24+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5979"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ruby-git: code injection vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Andrew Danau"
],
"organization": "Onsec.io"
}
],
"cve": "CVE-2023-0118",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2022-12-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2159291"
}
],
"notes": [
{
"category": "description",
"text": "An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Foreman: Arbitrary code execution through templates",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src"
],
"known_not_affected": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-0118"
},
{
"category": "external",
"summary": "RHBZ#2159291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-0118",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0118"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0118",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0118"
}
],
"release_date": "2023-03-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T18:45:24+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5979"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Foreman: Arbitrary code execution through templates"
},
{
"acknowledgments": [
{
"names": [
"Andrew Danau"
],
"organization": "Onsec.io"
}
],
"cve": "CVE-2023-0462",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2162970"
}
],
"notes": [
{
"category": "description",
"text": "An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Satellite/Foreman: Arbitrary code execution through yaml global parameters",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src"
],
"known_not_affected": [
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-0462"
},
{
"category": "external",
"summary": "RHBZ#2162970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-0462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0462"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0462",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0462"
}
],
"release_date": "2023-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T18:45:24+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5979"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Satellite/Foreman: Arbitrary code execution through yaml global parameters"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T18:45:24+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5979"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T18:45:24+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5979"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.23-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.23-1.el8sat.noarch",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.12:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-safemode-0:1.3.8-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.5.2-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.5.2-1.el8sat.noarch",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.12:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Moderate"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023_5980
Vulnerability from csaf_redhat - Published: 2023-10-20 18:46 - Updated: 2024-12-18 04:47A flaw was found in OpenSSL. The `c_rehash` script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileges of the script on these operating systems.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
Workaround
|
A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the `c_rehash` script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically executed. On these operating systems, this flaw allows an attacker to execute arbitrary commands with the privileges of the script.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
Workaround
|
A flaw was found in the ruby-git package, which allows a remote authenticated attacker to execute arbitrary code on the system, caused by a code injection flaw. An attacker can execute arbitrary code on the system by using a specially-crafted filename in the repository.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — | ||
| Unresolved product id: 7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
A code injection flaw was found in the ruby-git package. This issue may allow a remote authenticated attacker to execute arbitrary code on the system by using a specially-crafted filename in the repository.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — | ||
| Unresolved product id: 7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — | ||
| Unresolved product id: 7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — | ||
| Unresolved product id: 7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch | — | ||
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Satellite 6.11 packages that fix several bugs are now available for Red Hat Satellite.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.\n\nSecurity fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset) (CVE-2023-44487)\n\nA Red Hat Security Bulletin which addresses further details about the Rapid Reset flaws is available in the References section.\n\n* ruby-git: code injection vulnerability (CVE-2022-46648)\n\n* ruby-git: code injection vulnerability (CVE-2022-47318)\n\n* Foreman: Arbitrary code execution through templates (CVE-2023-0118)\n\n* Satellite/Foreman: Arbitrary code execution through yaml global parameters (CVE-2023-0462)\n\n* openssl: c_rehash script allows command injection (CVE-2022-1292)\n\n* openssl: the c_rehash script allows command injection (CVE-2022-2068)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nThis update fixes the following bugs:\n\n2159417 - CVE-2023-0118 foreman: Arbitrary code execution through templates [rhn_satellite_6.11]\n2163523 - CVE-2023-0462 foreman: Satellite/Foreman: Arbitrary code execution through yaml global parameters [rhn_satellite_6.11]\n2242355 - CVE-2022-1292 CVE-2022-2068 puppet-agent for Satellite and Capsule: various flaws [rhn_satellite_6.11]\n2242360 - CVE-2022-47318 tfm-rubygem-git: ruby-git: code injection vulnerability [rhn_satellite_6.11]\n2242364 - CVE-2022-46648 rubygem-git: ruby-git: code injection vulnerability [rhn_satellite_6.11]\n2243832 - [Major Incident] CVE-2023-39325 CVE-2023-44487 yggdrasil-worker-forwarder: various flaws [rhn_satellite_6.11] \n\nUsers of Red Hat Satellite are advised to upgrade to these updated packages,\nwhich fix these bugs.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5980",
"url": "https://access.redhat.com/errata/RHSA-2023:5980"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html-single/upgrading_and_updating_red_hat_satellite/index#updating_satellite",
"url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html-single/upgrading_and_updating_red_hat_satellite/index#updating_satellite"
},
{
"category": "external",
"summary": "2081494",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081494"
},
{
"category": "external",
"summary": "2097310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097310"
},
{
"category": "external",
"summary": "2159291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159291"
},
{
"category": "external",
"summary": "2159672",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159672"
},
{
"category": "external",
"summary": "2162970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162970"
},
{
"category": "external",
"summary": "2169385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169385"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5980.json"
}
],
"title": "Red Hat Security Advisory: Satellite 6.11.5.6 async security update",
"tracking": {
"current_release_date": "2024-12-18T04:47:57+00:00",
"generator": {
"date": "2024-12-18T04:47:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:5980",
"initial_release_date": "2023-10-20T18:46:14+00:00",
"revision_history": [
{
"date": "2023-10-20T18:46:14+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-20T18:46:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-18T04:47:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 6.11 for RHEL 7",
"product": {
"name": "Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.11::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.11 for RHEL 7",
"product": {
"name": "Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_capsule:6.11::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.11 for RHEL 7",
"product": {
"name": "Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_utils:6.11::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.11 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.11::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.11 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_capsule:6.11::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.11 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_utils:6.11::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite 6"
},
{
"branches": [
{
"category": "product_version",
"name": "foreman-0:3.1.1.27-1.el7sat.src",
"product": {
"name": "foreman-0:3.1.1.27-1.el7sat.src",
"product_id": "foreman-0:3.1.1.27-1.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.1.1.27-1.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "puppet-agent-0:7.26.0-3.el7sat.src",
"product": {
"name": "puppet-agent-0:7.26.0-3.el7sat.src",
"product_id": "puppet-agent-0:7.26.0-3.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/puppet-agent@7.26.0-3.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.11.5.6-1.el7sat.src",
"product": {
"name": "satellite-0:6.11.5.6-1.el7sat.src",
"product_id": "satellite-0:6.11.5.6-1.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.11.5.6-1.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-git-0:1.18.0-0.1.el7sat.src",
"product": {
"name": "tfm-rubygem-git-0:1.18.0-0.1.el7sat.src",
"product_id": "tfm-rubygem-git-0:1.18.0-0.1.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-git@1.18.0-0.1.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src",
"product": {
"name": "tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src",
"product_id": "tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-rchardet@1.8.0-0.1.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src",
"product": {
"name": "tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src",
"product_id": "tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-safemode@1.3.8-0.1.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src",
"product": {
"name": "yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src",
"product_id": "yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-worker-forwarder@0.0.3-1.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "foreman-0:3.1.1.27-1.el8sat.src",
"product": {
"name": "foreman-0:3.1.1.27-1.el8sat.src",
"product_id": "foreman-0:3.1.1.27-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.1.1.27-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "puppet-agent-0:7.26.0-3.el8sat.src",
"product": {
"name": "puppet-agent-0:7.26.0-3.el8sat.src",
"product_id": "puppet-agent-0:7.26.0-3.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/puppet-agent@7.26.0-3.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-git-0:1.18.0-0.1.el8sat.src",
"product": {
"name": "rubygem-git-0:1.18.0-0.1.el8sat.src",
"product_id": "rubygem-git-0:1.18.0-0.1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-git@1.18.0-0.1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-rchardet-0:1.8.0-0.1.el8sat.src",
"product": {
"name": "rubygem-rchardet-0:1.8.0-0.1.el8sat.src",
"product_id": "rubygem-rchardet-0:1.8.0-0.1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rchardet@1.8.0-0.1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-safemode-0:1.3.8-0.1.el8sat.src",
"product": {
"name": "rubygem-safemode-0:1.3.8-0.1.el8sat.src",
"product_id": "rubygem-safemode-0:1.3.8-0.1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-safemode@1.3.8-0.1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.11.5.6-1.el8sat.src",
"product": {
"name": "satellite-0:6.11.5.6-1.el8sat.src",
"product_id": "satellite-0:6.11.5.6-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.11.5.6-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"product": {
"name": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"product_id": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-worker-forwarder@0.0.3-1.el8sat?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"product": {
"name": "foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"product_id": "foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-cli@3.1.1.27-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"product": {
"name": "foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"product_id": "foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-debug@3.1.1.27-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-0:3.1.1.27-1.el7sat.noarch",
"product": {
"name": "foreman-0:3.1.1.27-1.el7sat.noarch",
"product_id": "foreman-0:3.1.1.27-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.1.1.27-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"product": {
"name": "foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"product_id": "foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-dynflow-sidekiq@3.1.1.27-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"product": {
"name": "foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"product_id": "foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ec2@3.1.1.27-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"product": {
"name": "foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"product_id": "foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-gce@3.1.1.27-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"product": {
"name": "foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"product_id": "foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-journald@3.1.1.27-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"product": {
"name": "foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"product_id": "foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-libvirt@3.1.1.27-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"product": {
"name": "foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"product_id": "foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-openstack@3.1.1.27-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"product": {
"name": "foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"product_id": "foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ovirt@3.1.1.27-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"product": {
"name": "foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"product_id": "foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-postgresql@3.1.1.27-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-service-0:3.1.1.27-1.el7sat.noarch",
"product": {
"name": "foreman-service-0:3.1.1.27-1.el7sat.noarch",
"product_id": "foreman-service-0:3.1.1.27-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-service@3.1.1.27-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"product": {
"name": "foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"product_id": "foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-telemetry@3.1.1.27-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"product": {
"name": "foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"product_id": "foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-vmware@3.1.1.27-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"product": {
"name": "satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"product_id": "satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-cli@6.11.5.6-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"product": {
"name": "satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"product_id": "satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-capsule@6.11.5.6-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-common-0:6.11.5.6-1.el7sat.noarch",
"product": {
"name": "satellite-common-0:6.11.5.6-1.el7sat.noarch",
"product_id": "satellite-common-0:6.11.5.6-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-common@6.11.5.6-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.11.5.6-1.el7sat.noarch",
"product": {
"name": "satellite-0:6.11.5.6-1.el7sat.noarch",
"product_id": "satellite-0:6.11.5.6-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.11.5.6-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch",
"product": {
"name": "tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch",
"product_id": "tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-git@1.18.0-0.1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch",
"product": {
"name": "tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch",
"product_id": "tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-rchardet@1.8.0-0.1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch",
"product": {
"name": "tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch",
"product_id": "tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-safemode@1.3.8-0.1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"product": {
"name": "foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"product_id": "foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-cli@3.1.1.27-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-0:3.1.1.27-1.el8sat.noarch",
"product": {
"name": "foreman-0:3.1.1.27-1.el8sat.noarch",
"product_id": "foreman-0:3.1.1.27-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.1.1.27-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"product": {
"name": "foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"product_id": "foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-debug@3.1.1.27-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"product": {
"name": "foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"product_id": "foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-dynflow-sidekiq@3.1.1.27-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"product": {
"name": "foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"product_id": "foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ec2@3.1.1.27-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"product": {
"name": "foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"product_id": "foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-gce@3.1.1.27-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"product": {
"name": "foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"product_id": "foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-journald@3.1.1.27-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"product": {
"name": "foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"product_id": "foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-libvirt@3.1.1.27-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"product": {
"name": "foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"product_id": "foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-openstack@3.1.1.27-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"product": {
"name": "foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"product_id": "foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ovirt@3.1.1.27-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"product": {
"name": "foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"product_id": "foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-postgresql@3.1.1.27-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-service-0:3.1.1.27-1.el8sat.noarch",
"product": {
"name": "foreman-service-0:3.1.1.27-1.el8sat.noarch",
"product_id": "foreman-service-0:3.1.1.27-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-service@3.1.1.27-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"product": {
"name": "foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"product_id": "foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-telemetry@3.1.1.27-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"product": {
"name": "foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"product_id": "foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-vmware@3.1.1.27-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-git-0:1.18.0-0.1.el8sat.noarch",
"product": {
"name": "rubygem-git-0:1.18.0-0.1.el8sat.noarch",
"product_id": "rubygem-git-0:1.18.0-0.1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-git@1.18.0-0.1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch",
"product": {
"name": "rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch",
"product_id": "rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rchardet@1.8.0-0.1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-safemode-0:1.3.8-0.1.el8sat.noarch",
"product": {
"name": "rubygem-safemode-0:1.3.8-0.1.el8sat.noarch",
"product_id": "rubygem-safemode-0:1.3.8-0.1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-safemode@1.3.8-0.1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"product": {
"name": "satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"product_id": "satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-cli@6.11.5.6-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.11.5.6-1.el8sat.noarch",
"product": {
"name": "satellite-0:6.11.5.6-1.el8sat.noarch",
"product_id": "satellite-0:6.11.5.6-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.11.5.6-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-common-0:6.11.5.6-1.el8sat.noarch",
"product": {
"name": "satellite-common-0:6.11.5.6-1.el8sat.noarch",
"product_id": "satellite-common-0:6.11.5.6-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-common@6.11.5.6-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"product": {
"name": "satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"product_id": "satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-capsule@6.11.5.6-1.el8sat?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "puppet-agent-0:7.26.0-3.el7sat.x86_64",
"product": {
"name": "puppet-agent-0:7.26.0-3.el7sat.x86_64",
"product_id": "puppet-agent-0:7.26.0-3.el7sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/puppet-agent@7.26.0-3.el7sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64",
"product": {
"name": "yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64",
"product_id": "yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-worker-forwarder@0.0.3-1.el7sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "puppet-agent-0:7.26.0-3.el8sat.x86_64",
"product": {
"name": "puppet-agent-0:7.26.0-3.el8sat.x86_64",
"product_id": "puppet-agent-0:7.26.0-3.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/puppet-agent@7.26.0-3.el8sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64",
"product": {
"name": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64",
"product_id": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-worker-forwarder@0.0.3-1.el8sat?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.27-1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src"
},
"product_reference": "foreman-0:3.1.1.27-1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-gce-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-service-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.26.0-3.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src"
},
"product_reference": "puppet-agent-0:7.26.0-3.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.26.0-3.el7sat.x86_64 as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64"
},
"product_reference": "puppet-agent-0:7.26.0-3.el7sat.x86_64",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.5.6-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch"
},
"product_reference": "satellite-0:6.11.5.6-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.5.6-1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src"
},
"product_reference": "satellite-0:6.11.5.6-1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.11.5.6-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch"
},
"product_reference": "satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.11.5.6-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch"
},
"product_reference": "satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.11.5.6-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch"
},
"product_reference": "satellite-common-0:6.11.5.6-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.27-1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src"
},
"product_reference": "foreman-0:3.1.1.27-1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-gce-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-service-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.5.6-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch"
},
"product_reference": "satellite-0:6.11.5.6-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.5.6-1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src"
},
"product_reference": "satellite-0:6.11.5.6-1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.11.5.6-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch"
},
"product_reference": "satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.11.5.6-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch"
},
"product_reference": "satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.11.5.6-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch"
},
"product_reference": "satellite-common-0:6.11.5.6-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.27-1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src"
},
"product_reference": "foreman-0:3.1.1.27-1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-gce-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-service-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.1.1.27-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch"
},
"product_reference": "foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.26.0-3.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src"
},
"product_reference": "puppet-agent-0:7.26.0-3.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.26.0-3.el7sat.x86_64 as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64"
},
"product_reference": "puppet-agent-0:7.26.0-3.el7sat.x86_64",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.5.6-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch"
},
"product_reference": "satellite-0:6.11.5.6-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.5.6-1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src"
},
"product_reference": "satellite-0:6.11.5.6-1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.11.5.6-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch"
},
"product_reference": "satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.11.5.6-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch"
},
"product_reference": "satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.11.5.6-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch"
},
"product_reference": "satellite-common-0:6.11.5.6-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch"
},
"product_reference": "tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-git-0:1.18.0-0.1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src"
},
"product_reference": "tfm-rubygem-git-0:1.18.0-0.1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch"
},
"product_reference": "tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src"
},
"product_reference": "tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch"
},
"product_reference": "tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src"
},
"product_reference": "tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src"
},
"product_reference": "yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64 as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64"
},
"product_reference": "yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.27-1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src"
},
"product_reference": "foreman-0:3.1.1.27-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-gce-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.26.0-3.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src"
},
"product_reference": "puppet-agent-0:7.26.0-3.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.26.0-3.el8sat.x86_64 as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64"
},
"product_reference": "puppet-agent-0:7.26.0-3.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.5.6-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.11.5.6-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.5.6-1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src"
},
"product_reference": "satellite-0:6.11.5.6-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.11.5.6-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.11.5.6-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.11.5.6-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.11.5.6-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.27-1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src"
},
"product_reference": "foreman-0:3.1.1.27-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-gce-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.5.6-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.11.5.6-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.5.6-1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src"
},
"product_reference": "satellite-0:6.11.5.6-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.11.5.6-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.11.5.6-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.11.5.6-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.11.5.6-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.27-1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src"
},
"product_reference": "foreman-0:3.1.1.27-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-gce-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.1.1.27-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.26.0-3.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src"
},
"product_reference": "puppet-agent-0:7.26.0-3.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.26.0-3.el8sat.x86_64 as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64"
},
"product_reference": "puppet-agent-0:7.26.0-3.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-git-0:1.18.0-0.1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch"
},
"product_reference": "rubygem-git-0:1.18.0-0.1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-git-0:1.18.0-0.1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src"
},
"product_reference": "rubygem-git-0:1.18.0-0.1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch"
},
"product_reference": "rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rchardet-0:1.8.0-0.1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src"
},
"product_reference": "rubygem-rchardet-0:1.8.0-0.1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-safemode-0:1.3.8-0.1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch"
},
"product_reference": "rubygem-safemode-0:1.3.8-0.1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-safemode-0:1.3.8-0.1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src"
},
"product_reference": "rubygem-safemode-0:1.3.8-0.1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.5.6-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.11.5.6-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.5.6-1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src"
},
"product_reference": "satellite-0:6.11.5.6-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.11.5.6-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.11.5.6-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.11.5.6-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.11.5.6-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src"
},
"product_reference": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
},
"product_reference": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.11"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Elison Niven"
],
"organization": "Sophos",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-1292",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2022-05-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2081494"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. The `c_rehash` script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileges of the script on these operating systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: c_rehash script allows command injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux uses a system-wide store of trusted certificates bundled in a single file and updated via `update-ca-trust`. The `c_rehash` script is not included in the default installation on any supported RHEL version, and is never executed automatically. For these reasons, this flaw has been rated as having a security impact of Moderate.\n\nRed Hat Enterprise Linux 7 provides a vulnerable version of the `c_rehash` script in the `openssl-perl` package, available only through the unsupported Optional repository. As the Optional repository is not supported and Red Hat Enterprise Linux 7 is in Maintenance Support 2 Phase, this issue is not planned to be addressed there.\n\nRed Hat Satellite ships an affected version of the `c_rehash` script embedded in `puppet-agent` package, however, the product is not vulnerable since it does not execute scripts with untrusted data. Moreover, the scriplet is owned by root user and is supposed to be accessed only by administrators.\n\nRed Hat updates the OpenSSL compatibility packages (compat-openssl) to only address Important or Critical security issues with backported security patches.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64"
],
"known_not_affected": [
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1292"
},
{
"category": "external",
"summary": "RHBZ#2081494",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081494"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1292",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1292"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20220503.txt",
"url": "https://www.openssl.org/news/secadv/20220503.txt"
}
],
"release_date": "2022-05-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T18:46:14+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5980"
},
{
"category": "workaround",
"details": "As mentioned in the upstream security advisory, use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.",
"product_ids": [
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: c_rehash script allows command injection"
},
{
"acknowledgments": [
{
"names": [
"Chancen"
],
"organization": "Qingteng 73lab",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-2068",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2022-06-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2097310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the `c_rehash` script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically executed. On these operating systems, this flaw allows an attacker to execute arbitrary commands with the privileges of the script.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: the c_rehash script allows command injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux uses a system-wide store of trusted certificates bundled in a single file and updated via `update-ca-trust`. The `c_rehash` script is not included in the default installation on any supported RHEL version and is never executed automatically. For these reasons, this flaw has been rated as having a security impact of Moderate.\n\nRed Hat Enterprise Linux 7 provides a vulnerable version of the `c_rehash` script in the `openssl-perl` package, available only through the unsupported Optional repository. As the Optional repository is not supported and Red Hat Enterprise Linux 7 is in Maintenance Support 2 Phase, this issue is not planned to be addressed there.\n\nRed Hat Satellite ships an affected version of the `c_rehash` script embedded in `puppet-agent` package, however, the product is not vulnerable since it does not execute scripts with untrusted data. Moreover, the scriplet is owned by root user and is supposed to be accessed only by administrators.\n\nRed Hat updates the OpenSSL compatibility packages (compat-openssl) to only address Important or Critical security issues with backported security patches.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64"
],
"known_not_affected": [
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2068"
},
{
"category": "external",
"summary": "RHBZ#2097310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2068",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2068"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20220621.txt",
"url": "https://www.openssl.org/news/secadv/20220621.txt"
}
],
"release_date": "2022-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T18:46:14+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5980"
},
{
"category": "workaround",
"details": "As mentioned in the upstream security advisory, use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command-line tool.",
"product_ids": [
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: the c_rehash script allows command injection"
},
{
"cve": "CVE-2022-46648",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2023-01-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2169385"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the ruby-git package, which allows a remote authenticated attacker to execute arbitrary code on the system, caused by a code injection flaw. An attacker can execute arbitrary code on the system by using a specially-crafted filename in the repository.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby-git: code injection vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src"
],
"known_not_affected": [
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46648"
},
{
"category": "external",
"summary": "RHBZ#2169385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169385"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46648",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46648"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46648",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46648"
},
{
"category": "external",
"summary": "https://jvn.jp/en/jp/JVN16765254/",
"url": "https://jvn.jp/en/jp/JVN16765254/"
}
],
"release_date": "2023-01-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T18:46:14+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5980"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ruby-git: code injection vulnerability"
},
{
"cve": "CVE-2022-47318",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2023-01-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2159672"
}
],
"notes": [
{
"category": "description",
"text": "A code injection flaw was found in the ruby-git package. This issue may allow a remote authenticated attacker to execute arbitrary code on the system by using a specially-crafted filename in the repository.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby-git: code injection vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src"
],
"known_not_affected": [
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-47318"
},
{
"category": "external",
"summary": "RHBZ#2159672",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159672"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-47318",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-47318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47318"
},
{
"category": "external",
"summary": "https://jvn.jp/en/jp/JVN16765254/",
"url": "https://jvn.jp/en/jp/JVN16765254/"
}
],
"release_date": "2023-01-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T18:46:14+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5980"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ruby-git: code injection vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Andrew Danau"
],
"organization": "Onsec.io"
}
],
"cve": "CVE-2023-0118",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2022-12-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2159291"
}
],
"notes": [
{
"category": "description",
"text": "An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Foreman: Arbitrary code execution through templates",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch"
],
"known_not_affected": [
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-0118"
},
{
"category": "external",
"summary": "RHBZ#2159291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-0118",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0118"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0118",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0118"
}
],
"release_date": "2023-03-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T18:46:14+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5980"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Foreman: Arbitrary code execution through templates"
},
{
"acknowledgments": [
{
"names": [
"Andrew Danau"
],
"organization": "Onsec.io"
}
],
"cve": "CVE-2023-0462",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2162970"
}
],
"notes": [
{
"category": "description",
"text": "An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Satellite/Foreman: Arbitrary code execution through yaml global parameters",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch"
],
"known_not_affected": [
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-0462"
},
{
"category": "external",
"summary": "RHBZ#2162970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-0462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0462"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0462",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0462"
}
],
"release_date": "2023-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T18:46:14+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5980"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Satellite/Foreman: Arbitrary code execution through yaml global parameters"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
],
"known_not_affected": [
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T18:46:14+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5980"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
],
"known_not_affected": [
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T18:46:14+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5980"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.27-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el7sat.noarch",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-6.11:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.5.6-1.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.5.6-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-git-0:1.18.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rchardet-0:1.8.0-0.1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-safemode-0:1.3.8-0.1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.src",
"7Server-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el7sat.x86_64",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.27-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.27-1.el8sat.noarch",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.11:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-git-0:1.18.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rchardet-0:1.8.0-0.1.el8sat.src",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-safemode-0:1.3.8-0.1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.5.6-1.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.5.6-1.el8sat.noarch",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.11:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Moderate"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023_5982
Vulnerability from csaf_redhat - Published: 2023-10-20 22:28 - Updated: 2024-12-18 04:48A flaw was found in OpenSSL. The `c_rehash` script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileges of the script on these operating systems.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-0:0.37.0-2.el8.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-0:0.37.0-2.el9.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.x86_64 | — |
Workaround
|
A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the `c_rehash` script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically executed. On these operating systems, this flaw allows an attacker to execute arbitrary commands with the privileges of the script.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le | — |
Workaround
|
|
| Unresolved product id: 7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-0:0.37.0-2.el8.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-0:0.37.0-2.el9.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.x86_64 | — |
Workaround
|
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.x86_64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.i686 | — | ||
| Unresolved product id: 6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.src | — | ||
| Unresolved product id: 6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.x86_64 | — | ||
| Unresolved product id: 7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le | — | ||
| Unresolved product id: 7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src | — | ||
| Unresolved product id: 7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64 | — | ||
| Unresolved product id: 7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src | — | ||
| Unresolved product id: 7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — | ||
| Unresolved product id: 7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le | — | ||
| Unresolved product id: 7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src | — | ||
| Unresolved product id: 7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64 | — | ||
| Unresolved product id: 7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src | — | ||
| Unresolved product id: 7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — | ||
| Unresolved product id: 7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le | — | ||
| Unresolved product id: 7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64 | — | ||
| Unresolved product id: 7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src | — | ||
| Unresolved product id: 7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — | ||
| Unresolved product id: 7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le | — | ||
| Unresolved product id: 7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src | — | ||
| Unresolved product id: 7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64 | — | ||
| Unresolved product id: 7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src | — | ||
| Unresolved product id: 7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.aarch64 | — | ||
| Unresolved product id: 8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.ppc64le | — | ||
| Unresolved product id: 8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.s390x | — | ||
| Unresolved product id: 8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.aarch64 | — | ||
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.ppc64le | — | ||
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.s390x | — | ||
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64 | — | ||
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le | — | ||
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.s390x | — | ||
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-0:0.37.0-2.el8.src | — | ||
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.aarch64 | — | ||
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.ppc64le | — | ||
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.s390x | — | ||
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.aarch64 | — | ||
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.ppc64le | — | ||
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.s390x | — | ||
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.aarch64 | — | ||
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.ppc64le | — | ||
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.s390x | — | ||
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64 | — | ||
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le | — | ||
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.s390x | — | ||
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.aarch64 | — | ||
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.ppc64le | — | ||
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.s390x | — | ||
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.aarch64 | — | ||
| Unresolved product id: 8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.ppc64le | — | ||
| Unresolved product id: 8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.s390x | — | ||
| Unresolved product id: 8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.x86_64 | — | ||
| Unresolved product id: 9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.aarch64 | — | ||
| Unresolved product id: 9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.ppc64le | — | ||
| Unresolved product id: 9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.s390x | — | ||
| Unresolved product id: 9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.x86_64 | — | ||
| Unresolved product id: 9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.x86_64 | — | ||
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.aarch64 | — | ||
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.ppc64le | — | ||
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.s390x | — | ||
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.x86_64 | — | ||
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64 | — | ||
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le | — | ||
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.s390x | — | ||
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64 | — | ||
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-0:0.37.0-2.el9.src | — | ||
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.aarch64 | — | ||
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.ppc64le | — | ||
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.s390x | — | ||
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.x86_64 | — | ||
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.aarch64 | — | ||
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.ppc64le | — | ||
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.s390x | — | ||
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.x86_64 | — | ||
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.aarch64 | — | ||
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.ppc64le | — | ||
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.s390x | — | ||
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.x86_64 | — | ||
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64 | — | ||
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le | — | ||
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.s390x | — | ||
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64 | — | ||
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.aarch64 | — | ||
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.ppc64le | — | ||
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.s390x | — | ||
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.x86_64 | — | ||
| Unresolved product id: 9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.aarch64 | — | ||
| Unresolved product id: 9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.ppc64le | — | ||
| Unresolved product id: 9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.s390x | — | ||
| Unresolved product id: 9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.x86_64 | — |
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.i686 | — |
Workaround
|
|
| Unresolved product id: 6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.src | — |
Workaround
|
|
| Unresolved product id: 6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-0:0.37.0-2.el8.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-0:0.37.0-2.el9.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.x86_64 | — |
Workaround
|
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.i686 | — |
Workaround
|
|
| Unresolved product id: 6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.src | — |
Workaround
|
|
| Unresolved product id: 6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src | — |
Workaround
|
|
| Unresolved product id: 7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-0:0.37.0-2.el8.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-0:0.37.0-2.el9.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.x86_64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for foreman_ygg_worker, puppet-agent, qpid-proton, and yggdrasil is now available for Satellite Client 6 for RHEL 6, Satellite Client 6 for RHEL 7, Satellite Client 6 for RHEL 8, and Satellite Client 6 for RHEL 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* openssl: c_rehash script allows command injection (CVE-2022-1292)\n\n* openssl: the c_rehash script allows command injection (CVE-2022-2068)\n\n* golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Katello Agent / Goferd Service CLOSE_WAIT Connections on RHEL8 Clients (BZ#2184996)\n\n* Not possible to configure the temporary directory to be used on clients by remote execution in pull mode (BZ#2217079)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5982",
"url": "https://access.redhat.com/errata/RHSA-2023:5982"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.13/html/upgrading_and_updating_red_hat_satellite/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.13/html/upgrading_and_updating_red_hat_satellite/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2081494",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081494"
},
{
"category": "external",
"summary": "2097310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097310"
},
{
"category": "external",
"summary": "2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "2184996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184996"
},
{
"category": "external",
"summary": "2217079",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217079"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5982.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Satellite Client security and bug fix update",
"tracking": {
"current_release_date": "2024-12-18T04:48:17+00:00",
"generator": {
"date": "2024-12-18T04:48:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:5982",
"initial_release_date": "2023-10-20T22:28:07+00:00",
"revision_history": [
{
"date": "2023-10-20T22:28:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-20T22:28:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-18T04:48:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Satellite Client 6 for RHEL 6",
"product": {
"name": "Satellite Client 6 for RHEL 6",
"product_id": "6Server-satellite-client-6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_satellite_client:6::el6"
}
}
},
{
"category": "product_name",
"name": "Satellite Client 6 for RHEL 7",
"product": {
"name": "Satellite Client 6 for RHEL 7",
"product_id": "7Server-satellite-client-6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_satellite_client:6::el7"
}
}
},
{
"category": "product_name",
"name": "Satellite Client 6 for RHEL 7",
"product": {
"name": "Satellite Client 6 for RHEL 7",
"product_id": "7Client-satellite-client-6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_satellite_client:6::el7"
}
}
},
{
"category": "product_name",
"name": "Satellite Client 6 for RHEL 7",
"product": {
"name": "Satellite Client 6 for RHEL 7",
"product_id": "7ComputeNode-satellite-client-6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_satellite_client:6::el7"
}
}
},
{
"category": "product_name",
"name": "Satellite Client 6 for RHEL 7",
"product": {
"name": "Satellite Client 6 for RHEL 7",
"product_id": "7Workstation-satellite-client-6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_satellite_client:6::el7"
}
}
},
{
"category": "product_name",
"name": "Satellite Client 6 for RHEL 8",
"product": {
"name": "Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_satellite_client:6::el8"
}
}
},
{
"category": "product_name",
"name": "Satellite Client 6 for RHEL 9",
"product": {
"name": "Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_satellite_client:6::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite Client"
},
{
"branches": [
{
"category": "product_version",
"name": "puppet-agent-0:7.26.0-3.el6sat.src",
"product": {
"name": "puppet-agent-0:7.26.0-3.el6sat.src",
"product_id": "puppet-agent-0:7.26.0-3.el6sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/puppet-agent@7.26.0-3.el6sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"product": {
"name": "foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"product_id": "foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman_ygg_worker@0.2.2-1.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-0:0.2.3-1.el7sat.src",
"product": {
"name": "yggdrasil-0:0.2.3-1.el7sat.src",
"product_id": "yggdrasil-0:0.2.3-1.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil@0.2.3-1.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "puppet-agent-0:7.26.0-3.el7sat.src",
"product": {
"name": "puppet-agent-0:7.26.0-3.el7sat.src",
"product_id": "puppet-agent-0:7.26.0-3.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/puppet-agent@7.26.0-3.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "foreman_ygg_worker-0:0.2.2-1.el8sat.src",
"product": {
"name": "foreman_ygg_worker-0:0.2.2-1.el8sat.src",
"product_id": "foreman_ygg_worker-0:0.2.2-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman_ygg_worker@0.2.2-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-0:0.2.3-1.el8sat.src",
"product": {
"name": "yggdrasil-0:0.2.3-1.el8sat.src",
"product_id": "yggdrasil-0:0.2.3-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil@0.2.3-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "puppet-agent-0:7.26.0-3.el8sat.src",
"product": {
"name": "puppet-agent-0:7.26.0-3.el8sat.src",
"product_id": "puppet-agent-0:7.26.0-3.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/puppet-agent@7.26.0-3.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-0:0.37.0-2.el8.src",
"product": {
"name": "qpid-proton-0:0.37.0-2.el8.src",
"product_id": "qpid-proton-0:0.37.0-2.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton@0.37.0-2.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "foreman_ygg_worker-0:0.2.2-1.el9sat.src",
"product": {
"name": "foreman_ygg_worker-0:0.2.2-1.el9sat.src",
"product_id": "foreman_ygg_worker-0:0.2.2-1.el9sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman_ygg_worker@0.2.2-1.el9sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-0:0.2.3-1.el9sat.src",
"product": {
"name": "yggdrasil-0:0.2.3-1.el9sat.src",
"product_id": "yggdrasil-0:0.2.3-1.el9sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil@0.2.3-1.el9sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "puppet-agent-0:7.26.0-3.el9sat.src",
"product": {
"name": "puppet-agent-0:7.26.0-3.el9sat.src",
"product_id": "puppet-agent-0:7.26.0-3.el9sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/puppet-agent@7.26.0-3.el9sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-0:0.37.0-2.el9.src",
"product": {
"name": "qpid-proton-0:0.37.0-2.el9.src",
"product_id": "qpid-proton-0:0.37.0-2.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton@0.37.0-2.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "puppet-agent-0:7.26.0-3.el6sat.x86_64",
"product": {
"name": "puppet-agent-0:7.26.0-3.el6sat.x86_64",
"product_id": "puppet-agent-0:7.26.0-3.el6sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/puppet-agent@7.26.0-3.el6sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"product": {
"name": "foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"product_id": "foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman_ygg_worker@0.2.2-1.el7sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-0:0.2.3-1.el7sat.x86_64",
"product": {
"name": "yggdrasil-0:0.2.3-1.el7sat.x86_64",
"product_id": "yggdrasil-0:0.2.3-1.el7sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil@0.2.3-1.el7sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "puppet-agent-0:7.26.0-3.el7sat.x86_64",
"product": {
"name": "puppet-agent-0:7.26.0-3.el7sat.x86_64",
"product_id": "puppet-agent-0:7.26.0-3.el7sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/puppet-agent@7.26.0-3.el7sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "foreman_ygg_worker-0:0.2.2-1.el8sat.x86_64",
"product": {
"name": "foreman_ygg_worker-0:0.2.2-1.el8sat.x86_64",
"product_id": "foreman_ygg_worker-0:0.2.2-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman_ygg_worker@0.2.2-1.el8sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-0:0.2.3-1.el8sat.x86_64",
"product": {
"name": "yggdrasil-0:0.2.3-1.el8sat.x86_64",
"product_id": "yggdrasil-0:0.2.3-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil@0.2.3-1.el8sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "puppet-agent-0:7.26.0-3.el8sat.x86_64",
"product": {
"name": "puppet-agent-0:7.26.0-3.el8sat.x86_64",
"product_id": "puppet-agent-0:7.26.0-3.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/puppet-agent@7.26.0-3.el8sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-qpid-proton-0:0.37.0-2.el8.x86_64",
"product": {
"name": "python3-qpid-proton-0:0.37.0-2.el8.x86_64",
"product_id": "python3-qpid-proton-0:0.37.0-2.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-qpid-proton@0.37.0-2.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-c-0:0.37.0-2.el8.x86_64",
"product": {
"name": "qpid-proton-c-0:0.37.0-2.el8.x86_64",
"product_id": "qpid-proton-c-0:0.37.0-2.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-c@0.37.0-2.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-debugsource-0:0.37.0-2.el8.x86_64",
"product": {
"name": "qpid-proton-debugsource-0:0.37.0-2.el8.x86_64",
"product_id": "qpid-proton-debugsource-0:0.37.0-2.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-debugsource@0.37.0-2.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"product": {
"name": "python3-qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"product_id": "python3-qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-qpid-proton-debuginfo@0.37.0-2.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-c-debuginfo-0:0.37.0-2.el8.x86_64",
"product": {
"name": "qpid-proton-c-debuginfo-0:0.37.0-2.el8.x86_64",
"product_id": "qpid-proton-c-debuginfo-0:0.37.0-2.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-c-debuginfo@0.37.0-2.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.x86_64",
"product": {
"name": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.x86_64",
"product_id": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-cpp-debuginfo@0.37.0-2.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"product": {
"name": "qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"product_id": "qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-debuginfo@0.37.0-2.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.x86_64",
"product": {
"name": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.x86_64",
"product_id": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-qpid_proton-debuginfo@0.37.0-2.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "foreman_ygg_worker-0:0.2.2-1.el9sat.x86_64",
"product": {
"name": "foreman_ygg_worker-0:0.2.2-1.el9sat.x86_64",
"product_id": "foreman_ygg_worker-0:0.2.2-1.el9sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman_ygg_worker@0.2.2-1.el9sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-0:0.2.3-1.el9sat.x86_64",
"product": {
"name": "yggdrasil-0:0.2.3-1.el9sat.x86_64",
"product_id": "yggdrasil-0:0.2.3-1.el9sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil@0.2.3-1.el9sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "puppet-agent-0:7.26.0-3.el9sat.x86_64",
"product": {
"name": "puppet-agent-0:7.26.0-3.el9sat.x86_64",
"product_id": "puppet-agent-0:7.26.0-3.el9sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/puppet-agent@7.26.0-3.el9sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-qpid-proton-0:0.37.0-2.el9.x86_64",
"product": {
"name": "python3-qpid-proton-0:0.37.0-2.el9.x86_64",
"product_id": "python3-qpid-proton-0:0.37.0-2.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-qpid-proton@0.37.0-2.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-c-0:0.37.0-2.el9.x86_64",
"product": {
"name": "qpid-proton-c-0:0.37.0-2.el9.x86_64",
"product_id": "qpid-proton-c-0:0.37.0-2.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-c@0.37.0-2.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-debugsource-0:0.37.0-2.el9.x86_64",
"product": {
"name": "qpid-proton-debugsource-0:0.37.0-2.el9.x86_64",
"product_id": "qpid-proton-debugsource-0:0.37.0-2.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-debugsource@0.37.0-2.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"product": {
"name": "python3-qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"product_id": "python3-qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-qpid-proton-debuginfo@0.37.0-2.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-c-debuginfo-0:0.37.0-2.el9.x86_64",
"product": {
"name": "qpid-proton-c-debuginfo-0:0.37.0-2.el9.x86_64",
"product_id": "qpid-proton-c-debuginfo-0:0.37.0-2.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-c-debuginfo@0.37.0-2.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.x86_64",
"product": {
"name": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.x86_64",
"product_id": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-cpp-debuginfo@0.37.0-2.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"product": {
"name": "qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"product_id": "qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-debuginfo@0.37.0-2.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.x86_64",
"product": {
"name": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.x86_64",
"product_id": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-qpid_proton-debuginfo@0.37.0-2.el9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "puppet-agent-0:7.26.0-3.el6sat.i686",
"product": {
"name": "puppet-agent-0:7.26.0-3.el6sat.i686",
"product_id": "puppet-agent-0:7.26.0-3.el6sat.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/puppet-agent@7.26.0-3.el6sat?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"product": {
"name": "foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"product_id": "foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman_ygg_worker@0.2.2-1.el7sat?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"product": {
"name": "yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"product_id": "yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil@0.2.3-1.el7sat?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "foreman_ygg_worker-0:0.2.2-1.el8sat.ppc64le",
"product": {
"name": "foreman_ygg_worker-0:0.2.2-1.el8sat.ppc64le",
"product_id": "foreman_ygg_worker-0:0.2.2-1.el8sat.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman_ygg_worker@0.2.2-1.el8sat?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-0:0.2.3-1.el8sat.ppc64le",
"product": {
"name": "yggdrasil-0:0.2.3-1.el8sat.ppc64le",
"product_id": "yggdrasil-0:0.2.3-1.el8sat.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil@0.2.3-1.el8sat?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-qpid-proton-0:0.37.0-2.el8.ppc64le",
"product": {
"name": "python3-qpid-proton-0:0.37.0-2.el8.ppc64le",
"product_id": "python3-qpid-proton-0:0.37.0-2.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-qpid-proton@0.37.0-2.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-c-0:0.37.0-2.el8.ppc64le",
"product": {
"name": "qpid-proton-c-0:0.37.0-2.el8.ppc64le",
"product_id": "qpid-proton-c-0:0.37.0-2.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-c@0.37.0-2.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-debugsource-0:0.37.0-2.el8.ppc64le",
"product": {
"name": "qpid-proton-debugsource-0:0.37.0-2.el8.ppc64le",
"product_id": "qpid-proton-debugsource-0:0.37.0-2.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-debugsource@0.37.0-2.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"product": {
"name": "python3-qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"product_id": "python3-qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-qpid-proton-debuginfo@0.37.0-2.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-c-debuginfo-0:0.37.0-2.el8.ppc64le",
"product": {
"name": "qpid-proton-c-debuginfo-0:0.37.0-2.el8.ppc64le",
"product_id": "qpid-proton-c-debuginfo-0:0.37.0-2.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-c-debuginfo@0.37.0-2.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.ppc64le",
"product": {
"name": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.ppc64le",
"product_id": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-cpp-debuginfo@0.37.0-2.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"product": {
"name": "qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"product_id": "qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-debuginfo@0.37.0-2.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"product": {
"name": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"product_id": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-qpid_proton-debuginfo@0.37.0-2.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "foreman_ygg_worker-0:0.2.2-1.el9sat.ppc64le",
"product": {
"name": "foreman_ygg_worker-0:0.2.2-1.el9sat.ppc64le",
"product_id": "foreman_ygg_worker-0:0.2.2-1.el9sat.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman_ygg_worker@0.2.2-1.el9sat?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-0:0.2.3-1.el9sat.ppc64le",
"product": {
"name": "yggdrasil-0:0.2.3-1.el9sat.ppc64le",
"product_id": "yggdrasil-0:0.2.3-1.el9sat.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil@0.2.3-1.el9sat?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-qpid-proton-0:0.37.0-2.el9.ppc64le",
"product": {
"name": "python3-qpid-proton-0:0.37.0-2.el9.ppc64le",
"product_id": "python3-qpid-proton-0:0.37.0-2.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-qpid-proton@0.37.0-2.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-c-0:0.37.0-2.el9.ppc64le",
"product": {
"name": "qpid-proton-c-0:0.37.0-2.el9.ppc64le",
"product_id": "qpid-proton-c-0:0.37.0-2.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-c@0.37.0-2.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-debugsource-0:0.37.0-2.el9.ppc64le",
"product": {
"name": "qpid-proton-debugsource-0:0.37.0-2.el9.ppc64le",
"product_id": "qpid-proton-debugsource-0:0.37.0-2.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-debugsource@0.37.0-2.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"product": {
"name": "python3-qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"product_id": "python3-qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-qpid-proton-debuginfo@0.37.0-2.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-c-debuginfo-0:0.37.0-2.el9.ppc64le",
"product": {
"name": "qpid-proton-c-debuginfo-0:0.37.0-2.el9.ppc64le",
"product_id": "qpid-proton-c-debuginfo-0:0.37.0-2.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-c-debuginfo@0.37.0-2.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.ppc64le",
"product": {
"name": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.ppc64le",
"product_id": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-cpp-debuginfo@0.37.0-2.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"product": {
"name": "qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"product_id": "qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-debuginfo@0.37.0-2.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"product": {
"name": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"product_id": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-qpid_proton-debuginfo@0.37.0-2.el9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "foreman_ygg_worker-0:0.2.2-1.el8sat.s390x",
"product": {
"name": "foreman_ygg_worker-0:0.2.2-1.el8sat.s390x",
"product_id": "foreman_ygg_worker-0:0.2.2-1.el8sat.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman_ygg_worker@0.2.2-1.el8sat?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-0:0.2.3-1.el8sat.s390x",
"product": {
"name": "yggdrasil-0:0.2.3-1.el8sat.s390x",
"product_id": "yggdrasil-0:0.2.3-1.el8sat.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil@0.2.3-1.el8sat?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-qpid-proton-0:0.37.0-2.el8.s390x",
"product": {
"name": "python3-qpid-proton-0:0.37.0-2.el8.s390x",
"product_id": "python3-qpid-proton-0:0.37.0-2.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-qpid-proton@0.37.0-2.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-c-0:0.37.0-2.el8.s390x",
"product": {
"name": "qpid-proton-c-0:0.37.0-2.el8.s390x",
"product_id": "qpid-proton-c-0:0.37.0-2.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-c@0.37.0-2.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-debugsource-0:0.37.0-2.el8.s390x",
"product": {
"name": "qpid-proton-debugsource-0:0.37.0-2.el8.s390x",
"product_id": "qpid-proton-debugsource-0:0.37.0-2.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-debugsource@0.37.0-2.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"product": {
"name": "python3-qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"product_id": "python3-qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-qpid-proton-debuginfo@0.37.0-2.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-c-debuginfo-0:0.37.0-2.el8.s390x",
"product": {
"name": "qpid-proton-c-debuginfo-0:0.37.0-2.el8.s390x",
"product_id": "qpid-proton-c-debuginfo-0:0.37.0-2.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-c-debuginfo@0.37.0-2.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.s390x",
"product": {
"name": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.s390x",
"product_id": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-cpp-debuginfo@0.37.0-2.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"product": {
"name": "qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"product_id": "qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-debuginfo@0.37.0-2.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.s390x",
"product": {
"name": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.s390x",
"product_id": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-qpid_proton-debuginfo@0.37.0-2.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "foreman_ygg_worker-0:0.2.2-1.el9sat.s390x",
"product": {
"name": "foreman_ygg_worker-0:0.2.2-1.el9sat.s390x",
"product_id": "foreman_ygg_worker-0:0.2.2-1.el9sat.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman_ygg_worker@0.2.2-1.el9sat?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-0:0.2.3-1.el9sat.s390x",
"product": {
"name": "yggdrasil-0:0.2.3-1.el9sat.s390x",
"product_id": "yggdrasil-0:0.2.3-1.el9sat.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil@0.2.3-1.el9sat?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-qpid-proton-0:0.37.0-2.el9.s390x",
"product": {
"name": "python3-qpid-proton-0:0.37.0-2.el9.s390x",
"product_id": "python3-qpid-proton-0:0.37.0-2.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-qpid-proton@0.37.0-2.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-c-0:0.37.0-2.el9.s390x",
"product": {
"name": "qpid-proton-c-0:0.37.0-2.el9.s390x",
"product_id": "qpid-proton-c-0:0.37.0-2.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-c@0.37.0-2.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-debugsource-0:0.37.0-2.el9.s390x",
"product": {
"name": "qpid-proton-debugsource-0:0.37.0-2.el9.s390x",
"product_id": "qpid-proton-debugsource-0:0.37.0-2.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-debugsource@0.37.0-2.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"product": {
"name": "python3-qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"product_id": "python3-qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-qpid-proton-debuginfo@0.37.0-2.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-c-debuginfo-0:0.37.0-2.el9.s390x",
"product": {
"name": "qpid-proton-c-debuginfo-0:0.37.0-2.el9.s390x",
"product_id": "qpid-proton-c-debuginfo-0:0.37.0-2.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-c-debuginfo@0.37.0-2.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.s390x",
"product": {
"name": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.s390x",
"product_id": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-cpp-debuginfo@0.37.0-2.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"product": {
"name": "qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"product_id": "qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-debuginfo@0.37.0-2.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.s390x",
"product": {
"name": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.s390x",
"product_id": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-qpid_proton-debuginfo@0.37.0-2.el9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "foreman_ygg_worker-0:0.2.2-1.el8sat.aarch64",
"product": {
"name": "foreman_ygg_worker-0:0.2.2-1.el8sat.aarch64",
"product_id": "foreman_ygg_worker-0:0.2.2-1.el8sat.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman_ygg_worker@0.2.2-1.el8sat?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-0:0.2.3-1.el8sat.aarch64",
"product": {
"name": "yggdrasil-0:0.2.3-1.el8sat.aarch64",
"product_id": "yggdrasil-0:0.2.3-1.el8sat.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil@0.2.3-1.el8sat?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-qpid-proton-0:0.37.0-2.el8.aarch64",
"product": {
"name": "python3-qpid-proton-0:0.37.0-2.el8.aarch64",
"product_id": "python3-qpid-proton-0:0.37.0-2.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-qpid-proton@0.37.0-2.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-c-0:0.37.0-2.el8.aarch64",
"product": {
"name": "qpid-proton-c-0:0.37.0-2.el8.aarch64",
"product_id": "qpid-proton-c-0:0.37.0-2.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-c@0.37.0-2.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-debugsource-0:0.37.0-2.el8.aarch64",
"product": {
"name": "qpid-proton-debugsource-0:0.37.0-2.el8.aarch64",
"product_id": "qpid-proton-debugsource-0:0.37.0-2.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-debugsource@0.37.0-2.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"product": {
"name": "python3-qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"product_id": "python3-qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-qpid-proton-debuginfo@0.37.0-2.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-c-debuginfo-0:0.37.0-2.el8.aarch64",
"product": {
"name": "qpid-proton-c-debuginfo-0:0.37.0-2.el8.aarch64",
"product_id": "qpid-proton-c-debuginfo-0:0.37.0-2.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-c-debuginfo@0.37.0-2.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.aarch64",
"product": {
"name": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.aarch64",
"product_id": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-cpp-debuginfo@0.37.0-2.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"product": {
"name": "qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"product_id": "qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-debuginfo@0.37.0-2.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.aarch64",
"product": {
"name": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.aarch64",
"product_id": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-qpid_proton-debuginfo@0.37.0-2.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "foreman_ygg_worker-0:0.2.2-1.el9sat.aarch64",
"product": {
"name": "foreman_ygg_worker-0:0.2.2-1.el9sat.aarch64",
"product_id": "foreman_ygg_worker-0:0.2.2-1.el9sat.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman_ygg_worker@0.2.2-1.el9sat?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-0:0.2.3-1.el9sat.aarch64",
"product": {
"name": "yggdrasil-0:0.2.3-1.el9sat.aarch64",
"product_id": "yggdrasil-0:0.2.3-1.el9sat.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil@0.2.3-1.el9sat?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-qpid-proton-0:0.37.0-2.el9.aarch64",
"product": {
"name": "python3-qpid-proton-0:0.37.0-2.el9.aarch64",
"product_id": "python3-qpid-proton-0:0.37.0-2.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-qpid-proton@0.37.0-2.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-c-0:0.37.0-2.el9.aarch64",
"product": {
"name": "qpid-proton-c-0:0.37.0-2.el9.aarch64",
"product_id": "qpid-proton-c-0:0.37.0-2.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-c@0.37.0-2.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-debugsource-0:0.37.0-2.el9.aarch64",
"product": {
"name": "qpid-proton-debugsource-0:0.37.0-2.el9.aarch64",
"product_id": "qpid-proton-debugsource-0:0.37.0-2.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-debugsource@0.37.0-2.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"product": {
"name": "python3-qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"product_id": "python3-qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-qpid-proton-debuginfo@0.37.0-2.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-c-debuginfo-0:0.37.0-2.el9.aarch64",
"product": {
"name": "qpid-proton-c-debuginfo-0:0.37.0-2.el9.aarch64",
"product_id": "qpid-proton-c-debuginfo-0:0.37.0-2.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-c-debuginfo@0.37.0-2.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.aarch64",
"product": {
"name": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.aarch64",
"product_id": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-cpp-debuginfo@0.37.0-2.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"product": {
"name": "qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"product_id": "qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-debuginfo@0.37.0-2.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.aarch64",
"product": {
"name": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.aarch64",
"product_id": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-qpid_proton-debuginfo@0.37.0-2.el9?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.26.0-3.el6sat.i686 as a component of Satellite Client 6 for RHEL 6",
"product_id": "6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.i686"
},
"product_reference": "puppet-agent-0:7.26.0-3.el6sat.i686",
"relates_to_product_reference": "6Server-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.26.0-3.el6sat.src as a component of Satellite Client 6 for RHEL 6",
"product_id": "6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.src"
},
"product_reference": "puppet-agent-0:7.26.0-3.el6sat.src",
"relates_to_product_reference": "6Server-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.26.0-3.el6sat.x86_64 as a component of Satellite Client 6 for RHEL 6",
"product_id": "6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.x86_64"
},
"product_reference": "puppet-agent-0:7.26.0-3.el6sat.x86_64",
"relates_to_product_reference": "6Server-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le as a component of Satellite Client 6 for RHEL 7",
"product_id": "7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le"
},
"product_reference": "foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"relates_to_product_reference": "7Client-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman_ygg_worker-0:0.2.2-1.el7sat.src as a component of Satellite Client 6 for RHEL 7",
"product_id": "7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src"
},
"product_reference": "foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"relates_to_product_reference": "7Client-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64 as a component of Satellite Client 6 for RHEL 7",
"product_id": "7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64"
},
"product_reference": "foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"relates_to_product_reference": "7Client-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.26.0-3.el7sat.src as a component of Satellite Client 6 for RHEL 7",
"product_id": "7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src"
},
"product_reference": "puppet-agent-0:7.26.0-3.el7sat.src",
"relates_to_product_reference": "7Client-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.26.0-3.el7sat.x86_64 as a component of Satellite Client 6 for RHEL 7",
"product_id": "7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64"
},
"product_reference": "puppet-agent-0:7.26.0-3.el7sat.x86_64",
"relates_to_product_reference": "7Client-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.2.3-1.el7sat.ppc64le as a component of Satellite Client 6 for RHEL 7",
"product_id": "7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le"
},
"product_reference": "yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"relates_to_product_reference": "7Client-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.2.3-1.el7sat.src as a component of Satellite Client 6 for RHEL 7",
"product_id": "7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src"
},
"product_reference": "yggdrasil-0:0.2.3-1.el7sat.src",
"relates_to_product_reference": "7Client-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.2.3-1.el7sat.x86_64 as a component of Satellite Client 6 for RHEL 7",
"product_id": "7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64"
},
"product_reference": "yggdrasil-0:0.2.3-1.el7sat.x86_64",
"relates_to_product_reference": "7Client-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le as a component of Satellite Client 6 for RHEL 7",
"product_id": "7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le"
},
"product_reference": "foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"relates_to_product_reference": "7ComputeNode-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman_ygg_worker-0:0.2.2-1.el7sat.src as a component of Satellite Client 6 for RHEL 7",
"product_id": "7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src"
},
"product_reference": "foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"relates_to_product_reference": "7ComputeNode-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64 as a component of Satellite Client 6 for RHEL 7",
"product_id": "7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64"
},
"product_reference": "foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"relates_to_product_reference": "7ComputeNode-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.26.0-3.el7sat.src as a component of Satellite Client 6 for RHEL 7",
"product_id": "7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src"
},
"product_reference": "puppet-agent-0:7.26.0-3.el7sat.src",
"relates_to_product_reference": "7ComputeNode-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.26.0-3.el7sat.x86_64 as a component of Satellite Client 6 for RHEL 7",
"product_id": "7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64"
},
"product_reference": "puppet-agent-0:7.26.0-3.el7sat.x86_64",
"relates_to_product_reference": "7ComputeNode-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.2.3-1.el7sat.ppc64le as a component of Satellite Client 6 for RHEL 7",
"product_id": "7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le"
},
"product_reference": "yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"relates_to_product_reference": "7ComputeNode-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.2.3-1.el7sat.src as a component of Satellite Client 6 for RHEL 7",
"product_id": "7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src"
},
"product_reference": "yggdrasil-0:0.2.3-1.el7sat.src",
"relates_to_product_reference": "7ComputeNode-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.2.3-1.el7sat.x86_64 as a component of Satellite Client 6 for RHEL 7",
"product_id": "7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64"
},
"product_reference": "yggdrasil-0:0.2.3-1.el7sat.x86_64",
"relates_to_product_reference": "7ComputeNode-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le as a component of Satellite Client 6 for RHEL 7",
"product_id": "7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le"
},
"product_reference": "foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"relates_to_product_reference": "7Server-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman_ygg_worker-0:0.2.2-1.el7sat.src as a component of Satellite Client 6 for RHEL 7",
"product_id": "7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src"
},
"product_reference": "foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64 as a component of Satellite Client 6 for RHEL 7",
"product_id": "7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64"
},
"product_reference": "foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"relates_to_product_reference": "7Server-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.26.0-3.el7sat.src as a component of Satellite Client 6 for RHEL 7",
"product_id": "7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src"
},
"product_reference": "puppet-agent-0:7.26.0-3.el7sat.src",
"relates_to_product_reference": "7Server-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.26.0-3.el7sat.x86_64 as a component of Satellite Client 6 for RHEL 7",
"product_id": "7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64"
},
"product_reference": "puppet-agent-0:7.26.0-3.el7sat.x86_64",
"relates_to_product_reference": "7Server-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.2.3-1.el7sat.ppc64le as a component of Satellite Client 6 for RHEL 7",
"product_id": "7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le"
},
"product_reference": "yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"relates_to_product_reference": "7Server-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.2.3-1.el7sat.src as a component of Satellite Client 6 for RHEL 7",
"product_id": "7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src"
},
"product_reference": "yggdrasil-0:0.2.3-1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.2.3-1.el7sat.x86_64 as a component of Satellite Client 6 for RHEL 7",
"product_id": "7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64"
},
"product_reference": "yggdrasil-0:0.2.3-1.el7sat.x86_64",
"relates_to_product_reference": "7Server-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le as a component of Satellite Client 6 for RHEL 7",
"product_id": "7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le"
},
"product_reference": "foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"relates_to_product_reference": "7Workstation-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman_ygg_worker-0:0.2.2-1.el7sat.src as a component of Satellite Client 6 for RHEL 7",
"product_id": "7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src"
},
"product_reference": "foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"relates_to_product_reference": "7Workstation-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64 as a component of Satellite Client 6 for RHEL 7",
"product_id": "7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64"
},
"product_reference": "foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"relates_to_product_reference": "7Workstation-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.26.0-3.el7sat.src as a component of Satellite Client 6 for RHEL 7",
"product_id": "7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src"
},
"product_reference": "puppet-agent-0:7.26.0-3.el7sat.src",
"relates_to_product_reference": "7Workstation-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.26.0-3.el7sat.x86_64 as a component of Satellite Client 6 for RHEL 7",
"product_id": "7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64"
},
"product_reference": "puppet-agent-0:7.26.0-3.el7sat.x86_64",
"relates_to_product_reference": "7Workstation-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.2.3-1.el7sat.ppc64le as a component of Satellite Client 6 for RHEL 7",
"product_id": "7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le"
},
"product_reference": "yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"relates_to_product_reference": "7Workstation-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.2.3-1.el7sat.src as a component of Satellite Client 6 for RHEL 7",
"product_id": "7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src"
},
"product_reference": "yggdrasil-0:0.2.3-1.el7sat.src",
"relates_to_product_reference": "7Workstation-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.2.3-1.el7sat.x86_64 as a component of Satellite Client 6 for RHEL 7",
"product_id": "7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64"
},
"product_reference": "yggdrasil-0:0.2.3-1.el7sat.x86_64",
"relates_to_product_reference": "7Workstation-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman_ygg_worker-0:0.2.2-1.el8sat.aarch64 as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.aarch64"
},
"product_reference": "foreman_ygg_worker-0:0.2.2-1.el8sat.aarch64",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman_ygg_worker-0:0.2.2-1.el8sat.ppc64le as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.ppc64le"
},
"product_reference": "foreman_ygg_worker-0:0.2.2-1.el8sat.ppc64le",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman_ygg_worker-0:0.2.2-1.el8sat.s390x as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.s390x"
},
"product_reference": "foreman_ygg_worker-0:0.2.2-1.el8sat.s390x",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman_ygg_worker-0:0.2.2-1.el8sat.src as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.src"
},
"product_reference": "foreman_ygg_worker-0:0.2.2-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman_ygg_worker-0:0.2.2-1.el8sat.x86_64 as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.x86_64"
},
"product_reference": "foreman_ygg_worker-0:0.2.2-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.26.0-3.el8sat.src as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.src"
},
"product_reference": "puppet-agent-0:7.26.0-3.el8sat.src",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.26.0-3.el8sat.x86_64 as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.x86_64"
},
"product_reference": "puppet-agent-0:7.26.0-3.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-qpid-proton-0:0.37.0-2.el8.aarch64 as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.aarch64"
},
"product_reference": "python3-qpid-proton-0:0.37.0-2.el8.aarch64",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-qpid-proton-0:0.37.0-2.el8.ppc64le as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.ppc64le"
},
"product_reference": "python3-qpid-proton-0:0.37.0-2.el8.ppc64le",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-qpid-proton-0:0.37.0-2.el8.s390x as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.s390x"
},
"product_reference": "python3-qpid-proton-0:0.37.0-2.el8.s390x",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-qpid-proton-0:0.37.0-2.el8.x86_64 as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.x86_64"
},
"product_reference": "python3-qpid-proton-0:0.37.0-2.el8.x86_64",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64 as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64"
},
"product_reference": "python3-qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le"
},
"product_reference": "python3-qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-qpid-proton-debuginfo-0:0.37.0-2.el8.s390x as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.s390x"
},
"product_reference": "python3-qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64 as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64"
},
"product_reference": "python3-qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-0:0.37.0-2.el8.src as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:qpid-proton-0:0.37.0-2.el8.src"
},
"product_reference": "qpid-proton-0:0.37.0-2.el8.src",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-c-0:0.37.0-2.el8.aarch64 as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.aarch64"
},
"product_reference": "qpid-proton-c-0:0.37.0-2.el8.aarch64",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-c-0:0.37.0-2.el8.ppc64le as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.ppc64le"
},
"product_reference": "qpid-proton-c-0:0.37.0-2.el8.ppc64le",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-c-0:0.37.0-2.el8.s390x as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.s390x"
},
"product_reference": "qpid-proton-c-0:0.37.0-2.el8.s390x",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-c-0:0.37.0-2.el8.x86_64 as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.x86_64"
},
"product_reference": "qpid-proton-c-0:0.37.0-2.el8.x86_64",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-c-debuginfo-0:0.37.0-2.el8.aarch64 as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.aarch64"
},
"product_reference": "qpid-proton-c-debuginfo-0:0.37.0-2.el8.aarch64",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-c-debuginfo-0:0.37.0-2.el8.ppc64le as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.ppc64le"
},
"product_reference": "qpid-proton-c-debuginfo-0:0.37.0-2.el8.ppc64le",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-c-debuginfo-0:0.37.0-2.el8.s390x as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.s390x"
},
"product_reference": "qpid-proton-c-debuginfo-0:0.37.0-2.el8.s390x",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-c-debuginfo-0:0.37.0-2.el8.x86_64 as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.x86_64"
},
"product_reference": "qpid-proton-c-debuginfo-0:0.37.0-2.el8.x86_64",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.aarch64 as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.aarch64"
},
"product_reference": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.aarch64",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.ppc64le as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.ppc64le"
},
"product_reference": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.ppc64le",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.s390x as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.s390x"
},
"product_reference": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.s390x",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.x86_64 as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.x86_64"
},
"product_reference": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.x86_64",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64 as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64"
},
"product_reference": "qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le"
},
"product_reference": "qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-debuginfo-0:0.37.0-2.el8.s390x as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.s390x"
},
"product_reference": "qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64 as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64"
},
"product_reference": "qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-debugsource-0:0.37.0-2.el8.aarch64 as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.aarch64"
},
"product_reference": "qpid-proton-debugsource-0:0.37.0-2.el8.aarch64",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-debugsource-0:0.37.0-2.el8.ppc64le as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.ppc64le"
},
"product_reference": "qpid-proton-debugsource-0:0.37.0-2.el8.ppc64le",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-debugsource-0:0.37.0-2.el8.s390x as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.s390x"
},
"product_reference": "qpid-proton-debugsource-0:0.37.0-2.el8.s390x",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-debugsource-0:0.37.0-2.el8.x86_64 as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.x86_64"
},
"product_reference": "qpid-proton-debugsource-0:0.37.0-2.el8.x86_64",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.aarch64 as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.aarch64"
},
"product_reference": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.aarch64",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.ppc64le as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.ppc64le"
},
"product_reference": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.s390x as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.s390x"
},
"product_reference": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.s390x",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.x86_64 as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.x86_64"
},
"product_reference": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.x86_64",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.2.3-1.el8sat.aarch64 as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.aarch64"
},
"product_reference": "yggdrasil-0:0.2.3-1.el8sat.aarch64",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.2.3-1.el8sat.ppc64le as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.ppc64le"
},
"product_reference": "yggdrasil-0:0.2.3-1.el8sat.ppc64le",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.2.3-1.el8sat.s390x as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.s390x"
},
"product_reference": "yggdrasil-0:0.2.3-1.el8sat.s390x",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.2.3-1.el8sat.src as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.src"
},
"product_reference": "yggdrasil-0:0.2.3-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.2.3-1.el8sat.x86_64 as a component of Satellite Client 6 for RHEL 8",
"product_id": "8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.x86_64"
},
"product_reference": "yggdrasil-0:0.2.3-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman_ygg_worker-0:0.2.2-1.el9sat.aarch64 as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.aarch64"
},
"product_reference": "foreman_ygg_worker-0:0.2.2-1.el9sat.aarch64",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman_ygg_worker-0:0.2.2-1.el9sat.ppc64le as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.ppc64le"
},
"product_reference": "foreman_ygg_worker-0:0.2.2-1.el9sat.ppc64le",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman_ygg_worker-0:0.2.2-1.el9sat.s390x as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.s390x"
},
"product_reference": "foreman_ygg_worker-0:0.2.2-1.el9sat.s390x",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman_ygg_worker-0:0.2.2-1.el9sat.src as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.src"
},
"product_reference": "foreman_ygg_worker-0:0.2.2-1.el9sat.src",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman_ygg_worker-0:0.2.2-1.el9sat.x86_64 as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.x86_64"
},
"product_reference": "foreman_ygg_worker-0:0.2.2-1.el9sat.x86_64",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.26.0-3.el9sat.src as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.src"
},
"product_reference": "puppet-agent-0:7.26.0-3.el9sat.src",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.26.0-3.el9sat.x86_64 as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.x86_64"
},
"product_reference": "puppet-agent-0:7.26.0-3.el9sat.x86_64",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-qpid-proton-0:0.37.0-2.el9.aarch64 as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.aarch64"
},
"product_reference": "python3-qpid-proton-0:0.37.0-2.el9.aarch64",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-qpid-proton-0:0.37.0-2.el9.ppc64le as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.ppc64le"
},
"product_reference": "python3-qpid-proton-0:0.37.0-2.el9.ppc64le",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-qpid-proton-0:0.37.0-2.el9.s390x as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.s390x"
},
"product_reference": "python3-qpid-proton-0:0.37.0-2.el9.s390x",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-qpid-proton-0:0.37.0-2.el9.x86_64 as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.x86_64"
},
"product_reference": "python3-qpid-proton-0:0.37.0-2.el9.x86_64",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64 as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64"
},
"product_reference": "python3-qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le"
},
"product_reference": "python3-qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-qpid-proton-debuginfo-0:0.37.0-2.el9.s390x as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.s390x"
},
"product_reference": "python3-qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64 as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64"
},
"product_reference": "python3-qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-0:0.37.0-2.el9.src as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:qpid-proton-0:0.37.0-2.el9.src"
},
"product_reference": "qpid-proton-0:0.37.0-2.el9.src",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-c-0:0.37.0-2.el9.aarch64 as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.aarch64"
},
"product_reference": "qpid-proton-c-0:0.37.0-2.el9.aarch64",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-c-0:0.37.0-2.el9.ppc64le as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.ppc64le"
},
"product_reference": "qpid-proton-c-0:0.37.0-2.el9.ppc64le",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-c-0:0.37.0-2.el9.s390x as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.s390x"
},
"product_reference": "qpid-proton-c-0:0.37.0-2.el9.s390x",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-c-0:0.37.0-2.el9.x86_64 as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.x86_64"
},
"product_reference": "qpid-proton-c-0:0.37.0-2.el9.x86_64",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-c-debuginfo-0:0.37.0-2.el9.aarch64 as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.aarch64"
},
"product_reference": "qpid-proton-c-debuginfo-0:0.37.0-2.el9.aarch64",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-c-debuginfo-0:0.37.0-2.el9.ppc64le as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.ppc64le"
},
"product_reference": "qpid-proton-c-debuginfo-0:0.37.0-2.el9.ppc64le",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-c-debuginfo-0:0.37.0-2.el9.s390x as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.s390x"
},
"product_reference": "qpid-proton-c-debuginfo-0:0.37.0-2.el9.s390x",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-c-debuginfo-0:0.37.0-2.el9.x86_64 as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.x86_64"
},
"product_reference": "qpid-proton-c-debuginfo-0:0.37.0-2.el9.x86_64",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.aarch64 as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.aarch64"
},
"product_reference": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.aarch64",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.ppc64le as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.ppc64le"
},
"product_reference": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.ppc64le",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.s390x as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.s390x"
},
"product_reference": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.s390x",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.x86_64 as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.x86_64"
},
"product_reference": "qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.x86_64",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64 as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64"
},
"product_reference": "qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le"
},
"product_reference": "qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-debuginfo-0:0.37.0-2.el9.s390x as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.s390x"
},
"product_reference": "qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64 as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64"
},
"product_reference": "qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-debugsource-0:0.37.0-2.el9.aarch64 as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.aarch64"
},
"product_reference": "qpid-proton-debugsource-0:0.37.0-2.el9.aarch64",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-debugsource-0:0.37.0-2.el9.ppc64le as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.ppc64le"
},
"product_reference": "qpid-proton-debugsource-0:0.37.0-2.el9.ppc64le",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-debugsource-0:0.37.0-2.el9.s390x as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.s390x"
},
"product_reference": "qpid-proton-debugsource-0:0.37.0-2.el9.s390x",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-debugsource-0:0.37.0-2.el9.x86_64 as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.x86_64"
},
"product_reference": "qpid-proton-debugsource-0:0.37.0-2.el9.x86_64",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.aarch64 as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.aarch64"
},
"product_reference": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.aarch64",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.ppc64le as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.ppc64le"
},
"product_reference": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.s390x as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.s390x"
},
"product_reference": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.s390x",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.x86_64 as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.x86_64"
},
"product_reference": "rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.x86_64",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.2.3-1.el9sat.aarch64 as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.aarch64"
},
"product_reference": "yggdrasil-0:0.2.3-1.el9sat.aarch64",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.2.3-1.el9sat.ppc64le as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.ppc64le"
},
"product_reference": "yggdrasil-0:0.2.3-1.el9sat.ppc64le",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.2.3-1.el9sat.s390x as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.s390x"
},
"product_reference": "yggdrasil-0:0.2.3-1.el9sat.s390x",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.2.3-1.el9sat.src as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.src"
},
"product_reference": "yggdrasil-0:0.2.3-1.el9sat.src",
"relates_to_product_reference": "9Base-satellite-client-6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.2.3-1.el9sat.x86_64 as a component of Satellite Client 6 for RHEL 9",
"product_id": "9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.x86_64"
},
"product_reference": "yggdrasil-0:0.2.3-1.el9sat.x86_64",
"relates_to_product_reference": "9Base-satellite-client-6"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Elison Niven"
],
"organization": "Sophos",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-1292",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2022-05-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.aarch64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.ppc64le",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.s390x",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.src",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-0:0.37.0-2.el8.src",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.aarch64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.ppc64le",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.s390x",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.src",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.x86_64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.aarch64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.ppc64le",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.s390x",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.src",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-0:0.37.0-2.el9.src",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.aarch64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.ppc64le",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.s390x",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.src",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2081494"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. The `c_rehash` script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileges of the script on these operating systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: c_rehash script allows command injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux uses a system-wide store of trusted certificates bundled in a single file and updated via `update-ca-trust`. The `c_rehash` script is not included in the default installation on any supported RHEL version, and is never executed automatically. For these reasons, this flaw has been rated as having a security impact of Moderate.\n\nRed Hat Enterprise Linux 7 provides a vulnerable version of the `c_rehash` script in the `openssl-perl` package, available only through the unsupported Optional repository. As the Optional repository is not supported and Red Hat Enterprise Linux 7 is in Maintenance Support 2 Phase, this issue is not planned to be addressed there.\n\nRed Hat Satellite ships an affected version of the `c_rehash` script embedded in `puppet-agent` package, however, the product is not vulnerable since it does not execute scripts with untrusted data. Moreover, the scriplet is owned by root user and is supposed to be accessed only by administrators.\n\nRed Hat updates the OpenSSL compatibility packages (compat-openssl) to only address Important or Critical security issues with backported security patches.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.i686",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.src",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.x86_64",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.src",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.x86_64"
],
"known_not_affected": [
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.aarch64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.ppc64le",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.s390x",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.src",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-0:0.37.0-2.el8.src",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.aarch64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.ppc64le",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.s390x",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.src",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.x86_64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.aarch64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.ppc64le",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.s390x",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.src",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-0:0.37.0-2.el9.src",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.aarch64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.ppc64le",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.s390x",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.src",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1292"
},
{
"category": "external",
"summary": "RHBZ#2081494",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081494"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1292",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1292"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20220503.txt",
"url": "https://www.openssl.org/news/secadv/20220503.txt"
}
],
"release_date": "2022-05-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T22:28:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.i686",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.src",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.x86_64",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.src",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5982"
},
{
"category": "workaround",
"details": "As mentioned in the upstream security advisory, use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.",
"product_ids": [
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.i686",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.src",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.x86_64",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.aarch64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.ppc64le",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.s390x",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.src",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.x86_64",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-0:0.37.0-2.el8.src",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.aarch64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.ppc64le",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.s390x",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.src",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.x86_64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.aarch64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.ppc64le",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.s390x",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.src",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.x86_64",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.src",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-0:0.37.0-2.el9.src",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.aarch64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.ppc64le",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.s390x",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.src",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.i686",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.src",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.x86_64",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.aarch64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.ppc64le",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.s390x",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.src",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.x86_64",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-0:0.37.0-2.el8.src",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.aarch64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.ppc64le",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.s390x",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.src",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.x86_64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.aarch64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.ppc64le",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.s390x",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.src",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.x86_64",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.src",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-0:0.37.0-2.el9.src",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.aarch64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.ppc64le",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.s390x",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.src",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: c_rehash script allows command injection"
},
{
"acknowledgments": [
{
"names": [
"Chancen"
],
"organization": "Qingteng 73lab",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-2068",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2022-06-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.aarch64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.ppc64le",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.s390x",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.src",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-0:0.37.0-2.el8.src",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.aarch64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.ppc64le",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.s390x",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.src",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.x86_64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.aarch64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.ppc64le",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.s390x",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.src",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-0:0.37.0-2.el9.src",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.aarch64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.ppc64le",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.s390x",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.src",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2097310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the `c_rehash` script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically executed. On these operating systems, this flaw allows an attacker to execute arbitrary commands with the privileges of the script.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: the c_rehash script allows command injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux uses a system-wide store of trusted certificates bundled in a single file and updated via `update-ca-trust`. The `c_rehash` script is not included in the default installation on any supported RHEL version and is never executed automatically. For these reasons, this flaw has been rated as having a security impact of Moderate.\n\nRed Hat Enterprise Linux 7 provides a vulnerable version of the `c_rehash` script in the `openssl-perl` package, available only through the unsupported Optional repository. As the Optional repository is not supported and Red Hat Enterprise Linux 7 is in Maintenance Support 2 Phase, this issue is not planned to be addressed there.\n\nRed Hat Satellite ships an affected version of the `c_rehash` script embedded in `puppet-agent` package, however, the product is not vulnerable since it does not execute scripts with untrusted data. Moreover, the scriplet is owned by root user and is supposed to be accessed only by administrators.\n\nRed Hat updates the OpenSSL compatibility packages (compat-openssl) to only address Important or Critical security issues with backported security patches.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.i686",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.src",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.x86_64",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.src",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.x86_64"
],
"known_not_affected": [
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.aarch64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.ppc64le",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.s390x",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.src",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-0:0.37.0-2.el8.src",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.aarch64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.ppc64le",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.s390x",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.src",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.x86_64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.aarch64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.ppc64le",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.s390x",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.src",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-0:0.37.0-2.el9.src",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.aarch64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.ppc64le",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.s390x",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.src",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2068"
},
{
"category": "external",
"summary": "RHBZ#2097310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2068",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2068"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20220621.txt",
"url": "https://www.openssl.org/news/secadv/20220621.txt"
}
],
"release_date": "2022-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T22:28:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.i686",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.src",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.x86_64",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.src",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5982"
},
{
"category": "workaround",
"details": "As mentioned in the upstream security advisory, use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command-line tool.",
"product_ids": [
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.i686",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.src",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.x86_64",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.aarch64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.ppc64le",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.s390x",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.src",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.x86_64",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-0:0.37.0-2.el8.src",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.aarch64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.ppc64le",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.s390x",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.src",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.x86_64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.aarch64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.ppc64le",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.s390x",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.src",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.x86_64",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.src",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-0:0.37.0-2.el9.src",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.aarch64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.ppc64le",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.s390x",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.src",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.i686",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.src",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.x86_64",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.aarch64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.ppc64le",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.s390x",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.src",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.x86_64",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-0:0.37.0-2.el8.src",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.aarch64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.ppc64le",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.s390x",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.src",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.x86_64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.aarch64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.ppc64le",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.s390x",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.src",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.x86_64",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.src",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-0:0.37.0-2.el9.src",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.aarch64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.ppc64le",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.s390x",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.src",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: the c_rehash script allows command injection"
},
{
"cve": "CVE-2022-41717",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-01-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.i686",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.src",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.x86_64",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.aarch64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.ppc64le",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.s390x",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.src",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.x86_64",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-0:0.37.0-2.el8.src",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.x86_64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.aarch64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.ppc64le",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.s390x",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.src",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.x86_64",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.src",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-0:0.37.0-2.el9.src",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.aarch64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.ppc64le",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.s390x",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.src",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.x86_64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.aarch64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.ppc64le",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.s390x",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.src",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.x86_64"
],
"known_not_affected": [
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.i686",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.src",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.x86_64",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.aarch64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.ppc64le",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.s390x",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.src",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.x86_64",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-0:0.37.0-2.el8.src",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.x86_64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.aarch64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.ppc64le",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.s390x",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.src",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.x86_64",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.src",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-0:0.37.0-2.el9.src",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "RHBZ#2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
},
{
"category": "external",
"summary": "https://go.dev/cl/455635",
"url": "https://go.dev/cl/455635"
},
{
"category": "external",
"summary": "https://go.dev/cl/455717",
"url": "https://go.dev/cl/455717"
},
{
"category": "external",
"summary": "https://go.dev/issue/56350",
"url": "https://go.dev/issue/56350"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-1144",
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
}
],
"release_date": "2022-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T22:28:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.aarch64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.ppc64le",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.s390x",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.src",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.x86_64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.aarch64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.ppc64le",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.s390x",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.src",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5982"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.i686",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.src",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.x86_64",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.aarch64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.ppc64le",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.s390x",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.src",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.x86_64",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-0:0.37.0-2.el8.src",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.aarch64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.ppc64le",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.s390x",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.src",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.x86_64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.aarch64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.ppc64le",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.s390x",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.src",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.x86_64",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.src",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-0:0.37.0-2.el9.src",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.aarch64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.ppc64le",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.s390x",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.src",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.i686",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.src",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.x86_64",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-0:0.37.0-2.el8.src",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.x86_64",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.src",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-0:0.37.0-2.el9.src",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.aarch64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.ppc64le",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.s390x",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.src",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.x86_64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.aarch64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.ppc64le",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.s390x",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.src",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.x86_64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.aarch64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.ppc64le",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.s390x",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.src",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.x86_64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.aarch64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.ppc64le",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.s390x",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.src",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.x86_64"
],
"known_not_affected": [
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.i686",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.src",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.x86_64",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-0:0.37.0-2.el8.src",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.x86_64",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.src",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-0:0.37.0-2.el9.src",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T22:28:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.aarch64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.ppc64le",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.s390x",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.src",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.x86_64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.aarch64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.ppc64le",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.s390x",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.src",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.x86_64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.aarch64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.ppc64le",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.s390x",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.src",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.x86_64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.aarch64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.ppc64le",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.s390x",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.src",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5982"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.i686",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.src",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.x86_64",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.aarch64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.ppc64le",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.s390x",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.src",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.x86_64",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-0:0.37.0-2.el8.src",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.aarch64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.ppc64le",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.s390x",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.src",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.x86_64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.aarch64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.ppc64le",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.s390x",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.src",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.x86_64",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.src",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-0:0.37.0-2.el9.src",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.aarch64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.ppc64le",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.s390x",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.src",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.i686",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.src",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.x86_64",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.aarch64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.ppc64le",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.s390x",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.src",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.x86_64",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-0:0.37.0-2.el8.src",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.aarch64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.ppc64le",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.s390x",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.src",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.x86_64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.aarch64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.ppc64le",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.s390x",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.src",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.x86_64",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.src",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-0:0.37.0-2.el9.src",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.aarch64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.ppc64le",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.s390x",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.src",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.i686",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.src",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.x86_64",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-0:0.37.0-2.el8.src",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.x86_64",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.src",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-0:0.37.0-2.el9.src",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.aarch64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.ppc64le",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.s390x",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.src",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.x86_64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.aarch64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.ppc64le",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.s390x",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.src",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.x86_64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.aarch64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.ppc64le",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.s390x",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.src",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.x86_64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.aarch64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.ppc64le",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.s390x",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.src",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.x86_64"
],
"known_not_affected": [
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.i686",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.src",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.x86_64",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-0:0.37.0-2.el8.src",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.x86_64",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.src",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-0:0.37.0-2.el9.src",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T22:28:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.aarch64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.ppc64le",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.s390x",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.src",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.x86_64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.aarch64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.ppc64le",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.s390x",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.src",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.x86_64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.aarch64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.ppc64le",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.s390x",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.src",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.x86_64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.aarch64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.ppc64le",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.s390x",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.src",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5982"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.i686",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.src",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.x86_64",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.aarch64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.ppc64le",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.s390x",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.src",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.x86_64",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-0:0.37.0-2.el8.src",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.aarch64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.ppc64le",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.s390x",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.src",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.x86_64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.aarch64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.ppc64le",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.s390x",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.src",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.x86_64",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.src",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-0:0.37.0-2.el9.src",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.aarch64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.ppc64le",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.s390x",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.src",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.i686",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.src",
"6Server-satellite-client-6:puppet-agent-0:7.26.0-3.el6sat.x86_64",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Client-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Client-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Client-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7ComputeNode-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7ComputeNode-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7ComputeNode-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Server-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Server-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Server-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.src",
"7Workstation-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el7sat.x86_64",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.src",
"7Workstation-satellite-client-6:puppet-agent-0:7.26.0-3.el7sat.x86_64",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.ppc64le",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.src",
"7Workstation-satellite-client-6:yggdrasil-0:0.2.3-1.el7sat.x86_64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.aarch64",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.ppc64le",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.s390x",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.src",
"8Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el8sat.x86_64",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-client-6:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-0:0.37.0-2.el8.src",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.aarch64",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.ppc64le",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.s390x",
"8Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el8.x86_64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.aarch64",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.ppc64le",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.s390x",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.src",
"8Base-satellite-client-6:yggdrasil-0:0.2.3-1.el8sat.x86_64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.aarch64",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.ppc64le",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.s390x",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.src",
"9Base-satellite-client-6:foreman_ygg_worker-0:0.2.2-1.el9sat.x86_64",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.src",
"9Base-satellite-client-6:puppet-agent-0:7.26.0-3.el9sat.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:python3-qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-0:0.37.0-2.el9.src",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-c-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-cpp-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:qpid-proton-debugsource-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.aarch64",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.ppc64le",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.s390x",
"9Base-satellite-client-6:rubygem-qpid_proton-debuginfo-0:0.37.0-2.el9.x86_64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.aarch64",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.ppc64le",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.s390x",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.src",
"9Base-satellite-client-6:yggdrasil-0:0.2.3-1.el9sat.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023_6031
Vulnerability from csaf_redhat - Published: 2023-10-23 14:24 - Updated: 2024-12-18 04:49A flaw was found in the Golang HTML package where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's web browser within the security context of the hosting website once the URL is clicked. The flaw allows an attacker to steal the victim's cookie-based authentication credentials.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64 | — |
A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64 | — |
A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64 | — |
A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64 | — |
A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64 | — |
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64 | — |
Workaround
|
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Cryostat 2 on RHEL 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "An update is now available for Cryostat 2 on RHEL 8.\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* golang.org/x/net/html: Cross site scripting (CVE-2023-3978)\n\n* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)\n\n* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)\n\n* golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)\n\n* golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6031",
"url": "https://access.redhat.com/errata/RHSA-2023:6031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/errata/RHSA-2023:5455",
"url": "https://access.redhat.com/errata/RHSA-2023:5455"
},
{
"category": "external",
"summary": "https://access.redhat.com/containers",
"url": "https://access.redhat.com/containers"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "2228689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228689"
},
{
"category": "external",
"summary": "2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "2237777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237777"
},
{
"category": "external",
"summary": "2237778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237778"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6031.json"
}
],
"title": "Red Hat Security Advisory: Cryostat security update",
"tracking": {
"current_release_date": "2024-12-18T04:49:16+00:00",
"generator": {
"date": "2024-12-18T04:49:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:6031",
"initial_release_date": "2023-10-23T14:24:36+00:00",
"revision_history": [
{
"date": "2023-10-23T14:24:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-23T14:24:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-18T04:49:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Cryostat 2 on RHEL 8",
"product": {
"name": "Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cryostat:2::el8"
}
}
}
],
"category": "product_family",
"name": "Cryostat"
},
{
"branches": [
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"product_id": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8\u0026tag=2.3.1-8"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"product_id": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-reports-rhel8\u0026tag=2.3.1-8"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"product_id": "cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8\u0026tag=2.3.1-8"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"product_id": "cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-operator-bundle\u0026tag=2.3.1-8"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"product_id": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8-operator\u0026tag=2.3.1-11"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64",
"product": {
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64",
"product_id": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8\u0026tag=2.3.1-8"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
},
"product_reference": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-3978",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-08-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2228689"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Golang HTML package where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim\u0027s web browser within the security context of the hosting website once the URL is clicked. The flaw allows an attacker to steal the victim\u0027s cookie-based authentication credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Cross site scripting",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"known_not_affected": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-3978"
},
{
"category": "external",
"summary": "RHBZ#2228689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-3978",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3978",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3978"
},
{
"category": "external",
"summary": "https://go.dev/cl/514896",
"url": "https://go.dev/cl/514896"
},
{
"category": "external",
"summary": "https://go.dev/issue/61615",
"url": "https://go.dev/issue/61615"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1988",
"url": "https://pkg.go.dev/vuln/GO-2023-1988"
}
],
"release_date": "2023-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T14:24:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6031"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/net/html: Cross site scripting"
},
{
"cve": "CVE-2023-29406",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2023-07-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2222167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: insufficient sanitization of Host header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"known_not_affected": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29406"
},
{
"category": "external",
"summary": "RHBZ#2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0",
"url": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0"
}
],
"release_date": "2023-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T14:24:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6031"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: insufficient sanitization of Host header"
},
{
"cve": "CVE-2023-29409",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-08-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2228743"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"known_not_affected": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29409"
},
{
"category": "external",
"summary": "RHBZ#2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409"
},
{
"category": "external",
"summary": "https://go.dev/cl/515257",
"url": "https://go.dev/cl/515257"
},
{
"category": "external",
"summary": "https://go.dev/issue/61460",
"url": "https://go.dev/issue/61460"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ",
"url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1987",
"url": "https://pkg.go.dev/vuln/GO-2023-1987"
}
],
"release_date": "2023-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T14:24:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6031"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys"
},
{
"acknowledgments": [
{
"names": [
"Martin Seemann"
]
}
],
"cve": "CVE-2023-39321",
"discovery_date": "2023-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237777"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: panic when processing post-handshake message on QUIC connections",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"known_not_affected": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39321"
},
{
"category": "external",
"summary": "RHBZ#2237777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237777"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39321"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321"
},
{
"category": "external",
"summary": "https://go.dev/cl/523039",
"url": "https://go.dev/cl/523039"
},
{
"category": "external",
"summary": "https://go.dev/issue/62266",
"url": "https://go.dev/issue/62266"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2044.json",
"url": "https://vuln.go.dev/ID/GO-2023-2044.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T14:24:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6031"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: panic when processing post-handshake message on QUIC connections"
},
{
"acknowledgments": [
{
"names": [
"Marten Seemann"
]
}
],
"cve": "CVE-2023-39322",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237778"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: lack of a limit on buffered post-handshake",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"known_not_affected": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39322"
},
{
"category": "external",
"summary": "RHBZ#2237778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237778"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39322"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322"
},
{
"category": "external",
"summary": "https://go.dev/cl/523039",
"url": "https://go.dev/cl/523039"
},
{
"category": "external",
"summary": "https://go.dev/issue/62266",
"url": "https://go.dev/issue/62266"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2045.json",
"url": "https://vuln.go.dev/ID/GO-2023-2045.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T14:24:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6031"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: lack of a limit on buffered post-handshake"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"known_not_affected": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T14:24:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6031"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T14:24:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6031"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023_6039
Vulnerability from csaf_redhat - Published: 2023-10-23 18:30 - Updated: 2024-12-18 04:48A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-rhel8-operator@sha256:6aa1ce70d3d9cc464ae84efce5d0c88a81cdda713a51611be873b550842bde82_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-must-gather-rhel8@sha256:21c3c638dc206d3f4a4b0295455e8f26e679a6c30a74746bc1be8d080dcf6883_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-operator-bundle@sha256:9fe87e1b0c49dd00a6ab0c35b68ebf641f347ac5b405d31f3c5ace02a7a30540_amd64 | — |
Workaround
|
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-rhel8-operator@sha256:6aa1ce70d3d9cc464ae84efce5d0c88a81cdda713a51611be873b550842bde82_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-must-gather-rhel8@sha256:21c3c638dc206d3f4a4b0295455e8f26e679a6c30a74746bc1be8d080dcf6883_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-operator-bundle@sha256:9fe87e1b0c49dd00a6ab0c35b68ebf641f347ac5b405d31f3c5ace02a7a30540_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "This is an updated version of the Node Maintenance Operator. This Operator is delivered by Red Hat Workload Availability.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Node Maintenance Operator cordons off nodes from the rest of the cluster and drains all the pods from the nodes. By placing nodes under maintenance, you can investigate problems with a machine, or perform operations on the underlying machine, that might result in a node failure.\n\nThis version contains fixes for node-maintenance-must-gather-container, node-maintenance-operator-bundle-container, and node-maintenance-operator-container.\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nA Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6039",
"url": "https://access.redhat.com/errata/RHSA-2023:6039"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6039.json"
}
],
"title": "Red Hat Security Advisory: Node Maintenance Operator 5.0.1 security update",
"tracking": {
"current_release_date": "2024-12-18T04:48:57+00:00",
"generator": {
"date": "2024-12-18T04:48:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:6039",
"initial_release_date": "2023-10-23T18:30:46+00:00",
"revision_history": [
{
"date": "2023-10-23T18:30:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-23T18:30:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-18T04:48:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Node Maintenance Operator 5.0 for RHEL 8",
"product": {
"name": "Node Maintenance Operator 5.0 for RHEL 8",
"product_id": "8Base-NODE-MAINTENANCE-OPERATOR-5.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:workload_availability_node_maintenance:5.0::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Workload Availability"
},
{
"branches": [
{
"category": "product_version",
"name": "workload-availability/node-maintenance-must-gather-rhel8@sha256:21c3c638dc206d3f4a4b0295455e8f26e679a6c30a74746bc1be8d080dcf6883_amd64",
"product": {
"name": "workload-availability/node-maintenance-must-gather-rhel8@sha256:21c3c638dc206d3f4a4b0295455e8f26e679a6c30a74746bc1be8d080dcf6883_amd64",
"product_id": "workload-availability/node-maintenance-must-gather-rhel8@sha256:21c3c638dc206d3f4a4b0295455e8f26e679a6c30a74746bc1be8d080dcf6883_amd64",
"product_identification_helper": {
"purl": "pkg:oci/node-maintenance-must-gather-rhel8@sha256:21c3c638dc206d3f4a4b0295455e8f26e679a6c30a74746bc1be8d080dcf6883?arch=amd64\u0026repository_url=registry.redhat.io/workload-availability/node-maintenance-must-gather-rhel8\u0026tag=v5.0.1-55"
}
}
},
{
"category": "product_version",
"name": "workload-availability/node-maintenance-operator-bundle@sha256:9fe87e1b0c49dd00a6ab0c35b68ebf641f347ac5b405d31f3c5ace02a7a30540_amd64",
"product": {
"name": "workload-availability/node-maintenance-operator-bundle@sha256:9fe87e1b0c49dd00a6ab0c35b68ebf641f347ac5b405d31f3c5ace02a7a30540_amd64",
"product_id": "workload-availability/node-maintenance-operator-bundle@sha256:9fe87e1b0c49dd00a6ab0c35b68ebf641f347ac5b405d31f3c5ace02a7a30540_amd64",
"product_identification_helper": {
"purl": "pkg:oci/node-maintenance-operator-bundle@sha256:9fe87e1b0c49dd00a6ab0c35b68ebf641f347ac5b405d31f3c5ace02a7a30540?arch=amd64\u0026repository_url=registry.redhat.io/workload-availability/node-maintenance-operator-bundle\u0026tag=v5.0.1-55"
}
}
},
{
"category": "product_version",
"name": "workload-availability/node-maintenance-rhel8-operator@sha256:6aa1ce70d3d9cc464ae84efce5d0c88a81cdda713a51611be873b550842bde82_amd64",
"product": {
"name": "workload-availability/node-maintenance-rhel8-operator@sha256:6aa1ce70d3d9cc464ae84efce5d0c88a81cdda713a51611be873b550842bde82_amd64",
"product_id": "workload-availability/node-maintenance-rhel8-operator@sha256:6aa1ce70d3d9cc464ae84efce5d0c88a81cdda713a51611be873b550842bde82_amd64",
"product_identification_helper": {
"purl": "pkg:oci/node-maintenance-rhel8-operator@sha256:6aa1ce70d3d9cc464ae84efce5d0c88a81cdda713a51611be873b550842bde82?arch=amd64\u0026repository_url=registry.redhat.io/workload-availability/node-maintenance-rhel8-operator\u0026tag=v5.0.1-55"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "workload-availability/node-maintenance-must-gather-rhel8@sha256:21c3c638dc206d3f4a4b0295455e8f26e679a6c30a74746bc1be8d080dcf6883_amd64 as a component of Node Maintenance Operator 5.0 for RHEL 8",
"product_id": "8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-must-gather-rhel8@sha256:21c3c638dc206d3f4a4b0295455e8f26e679a6c30a74746bc1be8d080dcf6883_amd64"
},
"product_reference": "workload-availability/node-maintenance-must-gather-rhel8@sha256:21c3c638dc206d3f4a4b0295455e8f26e679a6c30a74746bc1be8d080dcf6883_amd64",
"relates_to_product_reference": "8Base-NODE-MAINTENANCE-OPERATOR-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "workload-availability/node-maintenance-operator-bundle@sha256:9fe87e1b0c49dd00a6ab0c35b68ebf641f347ac5b405d31f3c5ace02a7a30540_amd64 as a component of Node Maintenance Operator 5.0 for RHEL 8",
"product_id": "8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-operator-bundle@sha256:9fe87e1b0c49dd00a6ab0c35b68ebf641f347ac5b405d31f3c5ace02a7a30540_amd64"
},
"product_reference": "workload-availability/node-maintenance-operator-bundle@sha256:9fe87e1b0c49dd00a6ab0c35b68ebf641f347ac5b405d31f3c5ace02a7a30540_amd64",
"relates_to_product_reference": "8Base-NODE-MAINTENANCE-OPERATOR-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "workload-availability/node-maintenance-rhel8-operator@sha256:6aa1ce70d3d9cc464ae84efce5d0c88a81cdda713a51611be873b550842bde82_amd64 as a component of Node Maintenance Operator 5.0 for RHEL 8",
"product_id": "8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-rhel8-operator@sha256:6aa1ce70d3d9cc464ae84efce5d0c88a81cdda713a51611be873b550842bde82_amd64"
},
"product_reference": "workload-availability/node-maintenance-rhel8-operator@sha256:6aa1ce70d3d9cc464ae84efce5d0c88a81cdda713a51611be873b550842bde82_amd64",
"relates_to_product_reference": "8Base-NODE-MAINTENANCE-OPERATOR-5.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-must-gather-rhel8@sha256:21c3c638dc206d3f4a4b0295455e8f26e679a6c30a74746bc1be8d080dcf6883_amd64",
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-operator-bundle@sha256:9fe87e1b0c49dd00a6ab0c35b68ebf641f347ac5b405d31f3c5ace02a7a30540_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-rhel8-operator@sha256:6aa1ce70d3d9cc464ae84efce5d0c88a81cdda713a51611be873b550842bde82_amd64"
],
"known_not_affected": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-must-gather-rhel8@sha256:21c3c638dc206d3f4a4b0295455e8f26e679a6c30a74746bc1be8d080dcf6883_amd64",
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-operator-bundle@sha256:9fe87e1b0c49dd00a6ab0c35b68ebf641f347ac5b405d31f3c5ace02a7a30540_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T18:30:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-rhel8-operator@sha256:6aa1ce70d3d9cc464ae84efce5d0c88a81cdda713a51611be873b550842bde82_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6039"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-must-gather-rhel8@sha256:21c3c638dc206d3f4a4b0295455e8f26e679a6c30a74746bc1be8d080dcf6883_amd64",
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-operator-bundle@sha256:9fe87e1b0c49dd00a6ab0c35b68ebf641f347ac5b405d31f3c5ace02a7a30540_amd64",
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-rhel8-operator@sha256:6aa1ce70d3d9cc464ae84efce5d0c88a81cdda713a51611be873b550842bde82_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-must-gather-rhel8@sha256:21c3c638dc206d3f4a4b0295455e8f26e679a6c30a74746bc1be8d080dcf6883_amd64",
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-operator-bundle@sha256:9fe87e1b0c49dd00a6ab0c35b68ebf641f347ac5b405d31f3c5ace02a7a30540_amd64",
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-rhel8-operator@sha256:6aa1ce70d3d9cc464ae84efce5d0c88a81cdda713a51611be873b550842bde82_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-must-gather-rhel8@sha256:21c3c638dc206d3f4a4b0295455e8f26e679a6c30a74746bc1be8d080dcf6883_amd64",
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-operator-bundle@sha256:9fe87e1b0c49dd00a6ab0c35b68ebf641f347ac5b405d31f3c5ace02a7a30540_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-rhel8-operator@sha256:6aa1ce70d3d9cc464ae84efce5d0c88a81cdda713a51611be873b550842bde82_amd64"
],
"known_not_affected": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-must-gather-rhel8@sha256:21c3c638dc206d3f4a4b0295455e8f26e679a6c30a74746bc1be8d080dcf6883_amd64",
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-operator-bundle@sha256:9fe87e1b0c49dd00a6ab0c35b68ebf641f347ac5b405d31f3c5ace02a7a30540_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T18:30:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-rhel8-operator@sha256:6aa1ce70d3d9cc464ae84efce5d0c88a81cdda713a51611be873b550842bde82_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6039"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-must-gather-rhel8@sha256:21c3c638dc206d3f4a4b0295455e8f26e679a6c30a74746bc1be8d080dcf6883_amd64",
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-operator-bundle@sha256:9fe87e1b0c49dd00a6ab0c35b68ebf641f347ac5b405d31f3c5ace02a7a30540_amd64",
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-rhel8-operator@sha256:6aa1ce70d3d9cc464ae84efce5d0c88a81cdda713a51611be873b550842bde82_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-must-gather-rhel8@sha256:21c3c638dc206d3f4a4b0295455e8f26e679a6c30a74746bc1be8d080dcf6883_amd64",
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-operator-bundle@sha256:9fe87e1b0c49dd00a6ab0c35b68ebf641f347ac5b405d31f3c5ace02a7a30540_amd64",
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-rhel8-operator@sha256:6aa1ce70d3d9cc464ae84efce5d0c88a81cdda713a51611be873b550842bde82_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023_6040
Vulnerability from csaf_redhat - Published: 2023-10-23 18:30 - Updated: 2024-12-18 04:48A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-rhel8-operator@sha256:5075d5702c0c8ffa792b40f09787ac3e6c3be9283c179c11cc40216a194b05a5_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-operator-bundle@sha256:35d2c7c2849f89474fd5648a0d2781dde28131303cc8a597ce243a3e314fe0af_amd64 | — |
Workaround
|
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-rhel8-operator@sha256:5075d5702c0c8ffa792b40f09787ac3e6c3be9283c179c11cc40216a194b05a5_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-operator-bundle@sha256:35d2c7c2849f89474fd5648a0d2781dde28131303cc8a597ce243a3e314fe0af_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "This is an updated version of the Node Maintenance Operator. This Operator is delivered by Red Hat Workload Availability.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Node Maintenance Operator cordons off nodes from the rest of the cluster and drains all the pods from the nodes. By placing nodes under maintenance, you can investigate problems with a machine, or perform operations on the underlying machine, that might result in a node failure.\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6040",
"url": "https://access.redhat.com/errata/RHSA-2023:6040"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6040.json"
}
],
"title": "Red Hat Security Advisory: Node Maintenance Operator 5.2.1 security update",
"tracking": {
"current_release_date": "2024-12-18T04:48:38+00:00",
"generator": {
"date": "2024-12-18T04:48:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:6040",
"initial_release_date": "2023-10-23T18:30:57+00:00",
"revision_history": [
{
"date": "2023-10-23T18:30:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-23T18:30:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-18T04:48:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Node Maintenance Operator 5.2 for RHEL 8",
"product": {
"name": "Node Maintenance Operator 5.2 for RHEL 8",
"product_id": "8Base-NODE-MAINTENANCE-OPERATOR-5.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:workload_availability_node_maintenance:5.2::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Workload Availability"
},
{
"branches": [
{
"category": "product_version",
"name": "workload-availability/node-maintenance-operator-bundle@sha256:35d2c7c2849f89474fd5648a0d2781dde28131303cc8a597ce243a3e314fe0af_amd64",
"product": {
"name": "workload-availability/node-maintenance-operator-bundle@sha256:35d2c7c2849f89474fd5648a0d2781dde28131303cc8a597ce243a3e314fe0af_amd64",
"product_id": "workload-availability/node-maintenance-operator-bundle@sha256:35d2c7c2849f89474fd5648a0d2781dde28131303cc8a597ce243a3e314fe0af_amd64",
"product_identification_helper": {
"purl": "pkg:oci/node-maintenance-operator-bundle@sha256:35d2c7c2849f89474fd5648a0d2781dde28131303cc8a597ce243a3e314fe0af?arch=amd64\u0026repository_url=registry.redhat.io/workload-availability/node-maintenance-operator-bundle\u0026tag=v5.2.1-9"
}
}
},
{
"category": "product_version",
"name": "workload-availability/node-maintenance-rhel8-operator@sha256:5075d5702c0c8ffa792b40f09787ac3e6c3be9283c179c11cc40216a194b05a5_amd64",
"product": {
"name": "workload-availability/node-maintenance-rhel8-operator@sha256:5075d5702c0c8ffa792b40f09787ac3e6c3be9283c179c11cc40216a194b05a5_amd64",
"product_id": "workload-availability/node-maintenance-rhel8-operator@sha256:5075d5702c0c8ffa792b40f09787ac3e6c3be9283c179c11cc40216a194b05a5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/node-maintenance-rhel8-operator@sha256:5075d5702c0c8ffa792b40f09787ac3e6c3be9283c179c11cc40216a194b05a5?arch=amd64\u0026repository_url=registry.redhat.io/workload-availability/node-maintenance-rhel8-operator\u0026tag=v5.2.1-9"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "workload-availability/node-maintenance-operator-bundle@sha256:35d2c7c2849f89474fd5648a0d2781dde28131303cc8a597ce243a3e314fe0af_amd64 as a component of Node Maintenance Operator 5.2 for RHEL 8",
"product_id": "8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-operator-bundle@sha256:35d2c7c2849f89474fd5648a0d2781dde28131303cc8a597ce243a3e314fe0af_amd64"
},
"product_reference": "workload-availability/node-maintenance-operator-bundle@sha256:35d2c7c2849f89474fd5648a0d2781dde28131303cc8a597ce243a3e314fe0af_amd64",
"relates_to_product_reference": "8Base-NODE-MAINTENANCE-OPERATOR-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "workload-availability/node-maintenance-rhel8-operator@sha256:5075d5702c0c8ffa792b40f09787ac3e6c3be9283c179c11cc40216a194b05a5_amd64 as a component of Node Maintenance Operator 5.2 for RHEL 8",
"product_id": "8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-rhel8-operator@sha256:5075d5702c0c8ffa792b40f09787ac3e6c3be9283c179c11cc40216a194b05a5_amd64"
},
"product_reference": "workload-availability/node-maintenance-rhel8-operator@sha256:5075d5702c0c8ffa792b40f09787ac3e6c3be9283c179c11cc40216a194b05a5_amd64",
"relates_to_product_reference": "8Base-NODE-MAINTENANCE-OPERATOR-5.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-operator-bundle@sha256:35d2c7c2849f89474fd5648a0d2781dde28131303cc8a597ce243a3e314fe0af_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-rhel8-operator@sha256:5075d5702c0c8ffa792b40f09787ac3e6c3be9283c179c11cc40216a194b05a5_amd64"
],
"known_not_affected": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-operator-bundle@sha256:35d2c7c2849f89474fd5648a0d2781dde28131303cc8a597ce243a3e314fe0af_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T18:30:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-rhel8-operator@sha256:5075d5702c0c8ffa792b40f09787ac3e6c3be9283c179c11cc40216a194b05a5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6040"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-operator-bundle@sha256:35d2c7c2849f89474fd5648a0d2781dde28131303cc8a597ce243a3e314fe0af_amd64",
"8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-rhel8-operator@sha256:5075d5702c0c8ffa792b40f09787ac3e6c3be9283c179c11cc40216a194b05a5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-operator-bundle@sha256:35d2c7c2849f89474fd5648a0d2781dde28131303cc8a597ce243a3e314fe0af_amd64",
"8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-rhel8-operator@sha256:5075d5702c0c8ffa792b40f09787ac3e6c3be9283c179c11cc40216a194b05a5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-operator-bundle@sha256:35d2c7c2849f89474fd5648a0d2781dde28131303cc8a597ce243a3e314fe0af_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-rhel8-operator@sha256:5075d5702c0c8ffa792b40f09787ac3e6c3be9283c179c11cc40216a194b05a5_amd64"
],
"known_not_affected": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-operator-bundle@sha256:35d2c7c2849f89474fd5648a0d2781dde28131303cc8a597ce243a3e314fe0af_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T18:30:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-rhel8-operator@sha256:5075d5702c0c8ffa792b40f09787ac3e6c3be9283c179c11cc40216a194b05a5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6040"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-operator-bundle@sha256:35d2c7c2849f89474fd5648a0d2781dde28131303cc8a597ce243a3e314fe0af_amd64",
"8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-rhel8-operator@sha256:5075d5702c0c8ffa792b40f09787ac3e6c3be9283c179c11cc40216a194b05a5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-operator-bundle@sha256:35d2c7c2849f89474fd5648a0d2781dde28131303cc8a597ce243a3e314fe0af_amd64",
"8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-rhel8-operator@sha256:5075d5702c0c8ffa792b40f09787ac3e6c3be9283c179c11cc40216a194b05a5_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023_6041
Vulnerability from csaf_redhat - Published: 2023-10-23 18:31 - Updated: 2024-12-18 04:49A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64 | — |
Workaround
|
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "This is an updated version of the Self Node Remediation Operator. This Operator is delivered by Red Hat Workload Availability.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Self Node Remediation Operator works in conjunction with machine health check or node health check to provide automatic remediation of unhealthy nodes by rebooting them. This minimizes downtime for stateful applications and ReadWriteOnce (RWO) Volumes, as well as restoring compute capacity in the event of transient failures. \n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6041",
"url": "https://access.redhat.com/errata/RHSA-2023:6041"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6041.json"
}
],
"title": "Red Hat Security Advisory: Self Node Remediation Operator 0.7.1 security update",
"tracking": {
"current_release_date": "2024-12-18T04:49:06+00:00",
"generator": {
"date": "2024-12-18T04:49:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:6041",
"initial_release_date": "2023-10-23T18:31:18+00:00",
"revision_history": [
{
"date": "2023-10-23T18:31:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-23T18:31:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-18T04:49:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Self Node Remediation 0.7 for RHEL 8",
"product": {
"name": "Self Node Remediation 0.7 for RHEL 8",
"product_id": "8Base-SELF-NODE-REMEDIATION-0.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:workload_availability_self_node_remediation:0.7::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Workload Availability"
},
{
"branches": [
{
"category": "product_version",
"name": "workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64",
"product": {
"name": "workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64",
"product_id": "workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64",
"product_identification_helper": {
"purl": "pkg:oci/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03?arch=amd64\u0026repository_url=registry.redhat.io/workload-availability/self-node-remediation-operator-bundle\u0026tag=v0.7.1-6"
}
}
},
{
"category": "product_version",
"name": "workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64",
"product": {
"name": "workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64",
"product_id": "workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64",
"product_identification_helper": {
"purl": "pkg:oci/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640?arch=amd64\u0026repository_url=registry.redhat.io/workload-availability/self-node-remediation-rhel8-operator\u0026tag=v0.7.1-6"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64 as a component of Self Node Remediation 0.7 for RHEL 8",
"product_id": "8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64"
},
"product_reference": "workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64",
"relates_to_product_reference": "8Base-SELF-NODE-REMEDIATION-0.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64 as a component of Self Node Remediation 0.7 for RHEL 8",
"product_id": "8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64"
},
"product_reference": "workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64",
"relates_to_product_reference": "8Base-SELF-NODE-REMEDIATION-0.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64"
],
"known_not_affected": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T18:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6041"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64",
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64",
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64"
],
"known_not_affected": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T18:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6041"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64",
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64",
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023_6042
Vulnerability from csaf_redhat - Published: 2023-10-23 18:39 - Updated: 2024-12-18 04:48A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64 | — |
Workaround
|
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "This is an updated version of the Self Node Remediation Operator. This Operator is delivered by Red Hat Workload Availability.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Self Node Remediation Operator works in conjunction with machine health check or node health check to provide automatic remediation of unhealthy nodes by rebooting them. This minimizes downtime for stateful applications and ReadWriteOnce (RWO) Volumes, as well as restoring compute capacity in the event of transient failures. \n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6042",
"url": "https://access.redhat.com/errata/RHSA-2023:6042"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6042.json"
}
],
"title": "Red Hat Security Advisory: Self Node Remediation Operator 0.5.1 security update",
"tracking": {
"current_release_date": "2024-12-18T04:48:48+00:00",
"generator": {
"date": "2024-12-18T04:48:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:6042",
"initial_release_date": "2023-10-23T18:39:36+00:00",
"revision_history": [
{
"date": "2023-10-23T18:39:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-23T18:39:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-18T04:48:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Self Node Remediation 0.5 for RHEL 8",
"product": {
"name": "Self Node Remediation 0.5 for RHEL 8",
"product_id": "8Base-SELF-NODE-REMEDIATION-0.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:workload_availability_self_node_remediation:0.5::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Workload Availability"
},
{
"branches": [
{
"category": "product_version",
"name": "workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"product": {
"name": "workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"product_id": "workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2?arch=amd64\u0026repository_url=registry.redhat.io/workload-availability/self-node-remediation-must-gather-rhel8\u0026tag=v0.5.1-45"
}
}
},
{
"category": "product_version",
"name": "workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64",
"product": {
"name": "workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64",
"product_id": "workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3?arch=amd64\u0026repository_url=registry.redhat.io/workload-availability/self-node-remediation-operator-bundle\u0026tag=v0.5.1-45"
}
}
},
{
"category": "product_version",
"name": "workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64",
"product": {
"name": "workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64",
"product_id": "workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3?arch=amd64\u0026repository_url=registry.redhat.io/workload-availability/self-node-remediation-rhel8-operator\u0026tag=v0.5.1-45"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64 as a component of Self Node Remediation 0.5 for RHEL 8",
"product_id": "8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64"
},
"product_reference": "workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"relates_to_product_reference": "8Base-SELF-NODE-REMEDIATION-0.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64 as a component of Self Node Remediation 0.5 for RHEL 8",
"product_id": "8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64"
},
"product_reference": "workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64",
"relates_to_product_reference": "8Base-SELF-NODE-REMEDIATION-0.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64 as a component of Self Node Remediation 0.5 for RHEL 8",
"product_id": "8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64"
},
"product_reference": "workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64",
"relates_to_product_reference": "8Base-SELF-NODE-REMEDIATION-0.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64"
],
"known_not_affected": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T18:39:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6042"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64"
],
"known_not_affected": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T18:39:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6042"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023_6044
Vulnerability from csaf_redhat - Published: 2023-10-23 19:21 - Updated: 2024-12-18 04:48A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64 | — |
Workaround
|
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for costmanagement-metrics-operator-bundle-container and costmanagement-metrics-operator-container is now available for Cost Management for RHEL 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6044",
"url": "https://access.redhat.com/errata/RHSA-2023:6044"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6044.json"
}
],
"title": "Red Hat Security Advisory: Cost Management security update",
"tracking": {
"current_release_date": "2024-12-18T04:48:28+00:00",
"generator": {
"date": "2024-12-18T04:48:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:6044",
"initial_release_date": "2023-10-23T19:21:34+00:00",
"revision_history": [
{
"date": "2023-10-23T19:21:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-23T19:21:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-18T04:48:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Cost Management for RHEL 8",
"product": {
"name": "Cost Management for RHEL 8",
"product_id": "8Base-costmanagement",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cost_management:1::el8"
}
}
}
],
"category": "product_family",
"name": "Cost Management"
},
{
"branches": [
{
"category": "product_version",
"name": "costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64",
"product": {
"name": "costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64",
"product_id": "costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64",
"product_identification_helper": {
"purl": "pkg:oci/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73?arch=amd64\u0026repository_url=registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle\u0026tag=3.0.1-1"
}
}
},
{
"category": "product_version",
"name": "costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64",
"product": {
"name": "costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64",
"product_id": "costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64",
"product_identification_helper": {
"purl": "pkg:oci/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09?arch=amd64\u0026repository_url=registry.redhat.io/costmanagement/costmanagement-metrics-rhel8-operator\u0026tag=3.0.1-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64 as a component of Cost Management for RHEL 8",
"product_id": "8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64"
},
"product_reference": "costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64",
"relates_to_product_reference": "8Base-costmanagement"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64 as a component of Cost Management for RHEL 8",
"product_id": "8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64"
},
"product_reference": "costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64",
"relates_to_product_reference": "8Base-costmanagement"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64"
],
"known_not_affected": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T19:21:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6044"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64"
],
"known_not_affected": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T19:21:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6044"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023_6048
Vulnerability from csaf_redhat - Published: 2023-10-23 20:24 - Updated: 2024-12-18 04:48A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x | — |
Workaround
|
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features and bug fixes.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of RHACS 4.2.2 includes fixes for the following security\nvulnerabilities:\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nIt contains the following bug fixes and changes:\n\n* Previously, Red Hat OpenShift Container Platform customers using the downloaded manifest bundle with automatic upgrades enabled found that Sensor did not automatically upgrade, and failed with a `PRE_FLIGHT_CHECKS_FAILED` error. This issue has been fixed. (ROX-19955)\n\n* RHACS 4.2.2 includes a new default policy called \"Rapid Reset: Denial of\nService Vulnerability in HTTP/2 Protocol\". This policy alerts on\ndeployments with images containing components that are susceptible to a\nDenial of Service (DoS) vulnerability for HTTP/2 servers, based on\nCVE-2023-44487 and CVE-2023-39325. This policy applies to the build or\ndeploy life cycle stage.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6048",
"url": "https://access.redhat.com/errata/RHSA-2023:6048"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_security_for_kubernetes/4.2/html/release_notes/release-notes-42",
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_security_for_kubernetes/4.2/html/release_notes/release-notes-42"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-39325",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "ROX-20325",
"url": "https://issues.redhat.com/browse/ROX-20325"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6048.json"
}
],
"title": "Red Hat Security Advisory: ACS 4.2 enhancement and security update",
"tracking": {
"current_release_date": "2024-12-18T04:48:57+00:00",
"generator": {
"date": "2024-12-18T04:48:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:6048",
"initial_release_date": "2023-10-23T20:24:48+00:00",
"revision_history": [
{
"date": "2023-10-23T20:24:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-23T20:24:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-18T04:48:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHACS 4.2 for RHEL 8",
"product": {
"name": "RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:advanced_cluster_security:4.2::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Security for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.2.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.2.2-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.2.2-3"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.2.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.2.2-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.2.2-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.2.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.2.2-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.2.2-3"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64"
],
"known_not_affected": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T20:24:48+00:00",
"details": "If you are using an earlier version of RHACS 4.2, you are advised to upgrade to patch release 4.2.2.",
"product_ids": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6048"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64"
],
"known_not_affected": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T20:24:48+00:00",
"details": "If you are using an earlier version of RHACS 4.2, you are advised to upgrade to patch release 4.2.2.",
"product_ids": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6048"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.